Attributed to Lakshmi Kandadai, Director of Product Marketing for 5G Security, Palo Alto Networks
Excitement is building around the globe for the potential of 5G, and now is the time to lay a strong foundation for security. To avoid problems down the road for mobile operators and others looking to this technology to revolutionize their ecosystems, we need to consider three key challenges for securing 5G: the Internet of Things (IoT), 5G cloud adoption, and the development of standards and best practices. Many stakeholders – including industry, government and standards development organizations – have a role to play in addressing security risks while bringing the vision of 5G into reality.
5G promises transformative mobility by offering enhanced mobile broadband experience and enabling industrial digitalization through customer value creation. It’s particularly important to set high standards for connectivity, security and targeted service-level agreements (SLAs) for 5G use cases that involve key enterprise verticals. In these early stages of the 5G evolution, it’s natural that many stakeholders are focusing on delivering higher data speeds, latency improvements, and the overall functional redesign of mobile networks to enable greater agility, efficiency and openness. However, it’s critical that security not be left out of this early stage of 5G development. While the 5G digital environment opens the door for diverse players beyond traditional cellular networks, such as managed security service providers (MSSPs), cloud providers, enterprises and technology partners, security often falls short.
With all the technology shifts happening around 5G, how prepared are we to deal with the impact of cyber threats?
Challenge 1: Security in the Internet of Connected Things
Based on the numerous “proof of concept” (POC) tests we have conducted around the world, we discovered that IoT botnet activity makes up a very large proportion of the malware in mobile networks today. Malicious actors have often utilized Command & Control (C2) communication channels over the Domain Name Service (DNS) and, in some cases, have even used DNS to exfiltrate data. The Palo Alto Networks Unit 42 threat research team found more than half of all IoT devices are vulnerable to medium- or high-severity attacks, meaning that service providers and enterprises are sitting on a “ticking IoT time bomb.”
The severity and frequency of attacks associated with IoT security in operator networks and enterprises continues to evolve at an alarming rate. Large-scale attacks can come from anywhere, even from within the operator’s own network, through a botnet comprising tens of thousands of large-scale, weaponized IoT devices. As threats are becoming more sophisticated, service providers need to up their detection and prevention game to the same level of sophistication.
Challenge 2: Security Gaps in 5G Cloud Adoption
Telecom networks have undergone a large technological shift, which has radically changed the approach needed to secure them. Many operators prefer a multi-cloud strategy as the better operational model. While software-driven models help drive agility, they come at the price of serious security flaws. These software-driven models make networks more vulnerable to attacks introduced by the software platform, underlying OS and the software stack, including host vulnerabilities, Linux threats and hypervisor/container vulnerabilities. They can also be vulnerable to lateral threat movement between Virtual Network Functions (VNF) and applications. The risks are no longer confined to the data center assets – the whole landscape is becoming more distributed, and hackers are also targeting devices outside traditional perimeters.
Challenge 3: Standards and Best Practices for 5G Security are Immature
Many people and organizations clearly understand that security is a fundamental part of successfully launching and using 5G. Establishing the right security approach across 5G networks is critical. GSMA, an industry association representing the interests of mobile operators worldwide, including more than 750 operators and almost 400 companies in the broader mobile ecosystem, has released a series of reference documents detailing best practices in mobile security. GSMA has recently expanded its guidance to securing the data plane, as described below.
The Right Approach: Securing 5G Requires a Collective Effort of Both Industry and Government
Given the array of challenges outlined above, what is the right approach to securing 5G? It is multifaceted.
Given the importance of 5G to their economies, governments around the globe have a deep interest in its security. Governments and industry share the goals of mitigating cybersecurity threats to mobile network infrastructures, preventing cyberattacks and reducing the impact of related cybercrime. As in all areas of cybersecurity, achieving these goals is a collective effort. Technical measures that mitigate security risks to mobile network infrastructures, applications, services, and the operators’ customers and end users – including both consumers and enterprises – exist and should be incorporated into government planning.
In addition, governments and industry should identify statutory, regulatory or policy obstacles that could also hinder effective mobile network infrastructure security. They should collectively develop plans that will ensure our critical lifeline activities enabled by 5G deployments are appropriately secure. In a welcome move, the United States government released its National Strategy to Secure 5G in March 2020, including a line of effort focused on developing security principles for the hardware, software and services used to facilitate 5G activities. In January 2020, the European Commission endorsed the joint “5G Toolbox” of mitigating measures for use by EU Member States to address security risks related to the rollout of 5G.
A strong security posture portends successful digital transformation. Service providers need to have constant real-time visibility and granular control across traffic passing through their networks in real time. Only then can they detect and stop malicious activities, IoT-based botnets and threats in 5G and build an effective and efficient scalable defense against IoT-based botnets.