By-Ronen Shpire,Director CSP Solutions Marketing at Fortinet
5G has been a particularly hot topic lately, sparking significant debates and being considered as polarizing to some extent. However, countries all over the world are rolling out their 5G networks, considering this evolution in mobile connectivity as a strong game-changer for end users, the mobility ecosystem, and many industries.
5G differs from 4G and previous mobile generations in two significant and interdependent aspects.
First, 5G breaks away from the gradual evolution from one mobile generation to the other by redefining its technology foundations, to support and drive the ongoing digital transformation businesses, consumers, and even whole societies are undertaking. It means that most of the legacy nature of the mobile network, such as the use of specific protocols and interfaces, is replaced by common IT protocols, APIs, and cloud technologies.
Second, 5G brings customized mobile connectivity and added value services both for industrial organizations and mobile network operators (MNOs). Thanks to 5G capabilities, such as increased bandwidth and low latency, organizations can develop new products, services, and most importantly, best practices, such as significant safety and efficiency in production floors, greater automation in industry 4.0, better proactive maintenance and so much more. This wasn’t possible in the days of wired networks or Wi-Fi networks.
When it comes to MNOs, 5G represents a significant growth opportunity. Traditionally, their revenues were heavily dependent on SIM/package sales, as a basic service for a mobile provider. With the 5G capabilities and ecosystem, MNOs can now better address the business segment and deliver added-value services beyond cellular connectivity to their customers, creating new revenue streams and improving margins.
5G “uniqueness” in the mobile generation evolution has had major impacts on many areas, including cybersecurity. With the use of common IT protocols and interfaces in the infrastructure, such as HTTP and API calls, combined with its open and distributed nature, as well as the expanded attack surface, 5G is an attractive target for hackers.
The 5G technology impact on security is multi-faceted. While the use of cloud technologies and architectures throughout the 5G infrastructure (RAN, core, and edge) enables enhanced agility, scalability, efficiency, and customization, securing that environment is also a key element to consider. Security must be integrated into the virtual infrastructure as well as the orchestration layer and embedded into the end-to-end network to ensure both security and business continuity.
Hyperscalability, ultra-low latency, support for machine communications, predictability, agility, and high precision are some of the capabilities that will drive 5G adoption and use cases in vertical industries and for consumers. It is mandatory that the cybersecurity approach and solutions will support, and not hinder, these capabilities.
Security visibility, automation, threat intelligence, and control are critical to protect the 5G infrastructure and the 5G-enabled use case ecosystem (OT/IIoT/IoT devices, 5G public and private networks, MEC and public cloud environments, applications and APIs).
5G is the most natively secured mobile generation. But the security foundations laid out in the 5G standards can only be a starting point for a security blueprint that secures end-to-end 5G-enabled innovation and use cases.
In 2020, Fortinet conducted a survey around security in enabling 5G adoption in business verticals, and the results are very clear:
Almost 90% of respondents stated that the MNO’s security capabilities are either critical or very important for success in vertical industry use cases. More than 80% consider native 5G security features as important, but only a baseline for the security needed to serve the 5G market.
Another interesting data point arising from the survey is that 54% of respondents believe operators should offer a shared responsibility model. However, nearly all those who support this approach believe that a shared responsibility model should be offered as an option alongside the alternative of comprehensive, full-stack, end-to-end security. True to the traditional telco business model, fully 86% of respondents believe operators should offer full-stack security.
In previous mobile generations, security was all about protecting the network itself, creating a walled-garden environment for the core of the network by securing all external exposure points, such as the internet/PDN, roaming, RAN to core access, external partners, etc. This is also valid to 5G, with the appropriate integration and compatibility to 5G technologies and architectures. But the unique nature of 5G and its role and criticality in the business segment means that security’s role is changing and expanding, and should encompass the following main roles:
The benefits of 5G far outweigh its potential risks—but only when security is an integrated part of the process and solution. Although 5G has some built-in security, organizations will still need to integrate a larger cybersecurity strategy to confidently move to 5G applications. They need a solution that will provide comprehensive protection at 5G speeds without compromising end-to-end visibility, automation, and enforcement throughout the ecosystem’s attack surface. And to do that most efficiently and securely, the solution must also be part of a coherent, integrated, and self-healing security platform. This will enable organizations all over the world to confidently distribute 5G services from the core of their network out to its furthest reaches, while allowing them to continue developing and deploying critical digital innovation.