Get the latest news straight to your inbox.
Register for the Telecoms.com newsletter here.
January 16, 2024
While it’s true computer viruses in some form or another have been around almost as long as the mass market PC sector has, in a world where so much more than a desktop computer is connected to the internet – from watches to doorbells and even fridges – and one in which an increasing amount of our services and data live on the cloud, cyber security is more important than it’s ever been.
Hacker groups have evolved to the point where cyber crime is basically an industry now, with offices and ticketing systems and all the functional workflows you’d expect from any other business. And going by the numerous analyst reports into the number of attacks, the numbers always seem to be going up.
Defending a server farm from attacks involves different things to securing a laptop, and those operating 5G networks also have their own distinct threats and security measures in place to try and stop breaches and protect their own and customers data. And industry trends such as virtualisation, Open RAN and cloud native applications are adding new elements into the puzzle.
To examine the specific threats, security strategies, and future attack types effecting 5G networks, we gathered a panel of experts to describe the landscape.
First of all, let’s identify the main properties and tenants of 5G security, in so far as they differ from other types of cybersecurity as well as previous generations of mobile connectivity.
Fabio Giust, Security Product Manager at Athonet says: “The 5G mobile telecom system specified by 3GPP standards dramatically improves security compared to the previous 4G system and other non-3GPP technologies like WiFi. Furthermore, a private 5G network is intrinsically more secure than a public network because of its deployment, coverage, user access and equipment characteristics, just to name the most significant aspects.
“For example, a private 5G network is meant to serve a clear use case, with well-defined requirements that usually deal with easy-to-control characteristics, such as a limited number of (known) subscribers, geographical area, or type of mobile terminal. Being able to control, and sometimes clearly select such usage parameters is a key differentiator for private networks as it allows the network designer to optimise security with tailor-made measures. These include closed access groups, dedicated networking, use of the same configuration on the devices or restricted access to management equipment.”
Mikko Karikytö, Chief Product Security Officer (CPSO) and Head of Product Security at Ericsson points out a list of ways in which 5G has improved security characteristics compared to 4G or 3G: “5G is the latest and most secure generation of the already strongly secured mobile communications technology. 5G benefits of the characteristics familiar from the previous generations like; strong encryption, strong SIM-based authentication and authorization, robust overall network design and security by default in standards and specification. In addition 5G has certain security and privacy improvements like:
Improved subscriber authentication; preventing spoofed phone calls, false billing or eavesdropping
Enhanced subscriber privacy; Preventing eavesdropping by IMSI catchers making tracking of subscriber significantly more difficult
Defense-in-depth in architecture; Zero-trust-like architecture protects the network by preventing malicious user getting into the network internals
Integrity protection of user-plane; The origin and authenticity of data can be cryptographically guaranteed further adding on the trustworthiness of data consumed over the mobile network
Interconnect security; An additional security layer inside and between the core networks making it hard to fake a network and trick other networks to trust you.”
Lifecycle Software CEO, Kelvin Chaffer highlights network slicing as a key differentiator when it comes to 5G security: “A differentiator of 5G is the Network Slicing capability. It involves dividing a single physical network into virtual networks tailored to specific applications. Security measures are necessary to maintain the integrity and isolation of these slices, and to protect the network. Authentication and Authorisation mechanisms play a critical role in 5G security. Given the extensive array of connected devices and the diverse spectrum of applications within 5G networks, establishing and enforcing strong authentication and authorisation protocols becomes essential for overall network security.
“End-to-end encryption assumes heightened significance within the 5G landscape. As data traverses the 5G network, encryption measures are able to safeguard user data from potential security breaches. That’s applicable to devices and to the core infrastructure. Multi-access Edge Computing (MEC) is a decentralised infrastructure that brings computational capabilities closer to end-users, reducing latency. Security measures are needed to protect these distributed edge computing nodes.”
A spokesperson for Orange adds: 5G architecture has inherited from the IT world, it is based on protocols like HTTP2 & REST, infrastructure virtualization, Kubernetes-based containers, network function distribution, and uses CICD techniques that where originally deployed in IT. 5G will also be a strong enabler for future B2B and B2B2C services, through E2E architecture concepts like slicing, edge computing, etc. leveraging a whole new network API ecosystem. Not to be forgotten, 5G must remain compatible with old generation functions (3G, 4G). Hence 5G security must take into account the vulnerabilities coming from all those requirements.
So we’ve established there a number of key ways 5G as a technology different from others areas that need to be vigilant against attacks. Now let’s examine what types of attack can be targeted at a 5G network, whether private or public, and where they come from.
“The most concerning types of attacks on 5G, from a network perspective, are those aiming to take over vital network functions and access information,” says Chaffer. “The management of several slices coexists with legacy architecture, 4G networks, and intricate integrations. Any vulnerability is susceptible to being explored by cybercriminals.
“An example is the Man-in-the-Middle (MitM) attack. It involves an unauthorized entity intercepting communication between devices. This intrusion allows the attacker to gain unauthorised access to sensitive information exchanged between the devices, posing a significant threat to data confidentiality and integrity. Another example is Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. They are efforts to overload network resources, causing disruptions to services. This disruptive activity can lead to system downtime, affecting both private and public 5G networks and potentially causing financial losses or service outages.”
The Orange spokesperson points out there are different motivations for different types of attacks: “Today, IT infrastructures and networks are the targets of different type of attackers (organized crime, ideologic organisation or even state-financed cyber organizations), that have either financial, ideologic or political motivations. Those attacks could take classical forms (DDOS, intrusion with lateralization and rights escalation, social engineering to steal personal secrets/passwords) by exploiting new forms of vulnerabilities for 5G networks, including those coming from traditional IT technologies.”
Karikytö lays out some scenarios in which 5G networks are most at risk. “Any network or system in general are today targets of numerous kinds of cyber-attacks. 5G network is not different in that regard. While 5G network, if built according to best practices and of network products that have been designed with security and privacy by default, can protect end-user traffic and service availability from most common threats, there are scenarios that may put end-users at risk. Such could be:
Poor security or privacy practices on applications used by the end-user, e.g. data-breaches on services containing users’ personal information.
Poor personal security practices on end-users end, e.g. password re-use, lack of backups, delay in installing updates”
Karikytö continues: “While it is mostly criminals that target the end-user, we can see threat actors from categories like; criminal, state-sponsored and hacktivists or individuals, including insiders. APT actors targeting the rather robust and secure telecom networks like 5G would more likely resort to finding a weakness in communication service providers IS/IT environments, e.g. by phishing credentials of an employee, laterally moving to position with network admin access and exploiting weaknesses in operational network management to get a foothold in the network itself.”
Those are some of distinct security threats 5G faces, but what are the main strategies used to defend against them within networks? Chaffer argues the key is to bake security in from the start:
“The first thing is to plan for it from the start and place security from the ground up, instead of thinking about it as a final layer. Security measures should be embedded into the very fabric of the network architecture, from OSS to BSS. Real time Analytics and orchestration are essential to monitor, flag and block anomalies and patterns. In this area, AI and machine learning can be helpful to act and predict behaviours. Another point to note is that fraud and cybercrime tend to move fast. Telecom security can’t be static, it needs to respond to that dynamism. Regular independent audits and updates are necessary.”
Giust adds: “As the telecom industry accelerates towards network softwarisation and cloud-native trends, it is important to work with a vendor whose products not only meet the security requirements defined by the 3GPP, but also comply with modern and up-to-date industry standards such as the NIST Secure Software Development Framework 800-218 (SSDF). NIST SSDF is continuously updated to address the risks associated with software vulnerabilities, operating systems and web servers, which makes it the best fit for the software transformation of the telecom industry.”
Our Orange spokesperson provides a list of key defence areas: “Among the main strategies/solutions/deployments used to defend against security threats in 5G networks, we can mention the following key domains:
Reinforce training and sensibilization of all employees on the new cybersecurity risks to adopt the right behaviors
Reinforcement of all security processes along the value chain from suppliers to customers : make sure your supply chain is correctly secured, including open source software
Integration of a “Security By Design” approach from the start of all projects, as well as DevSecOps up-to-date practices in CICD activities
Implementation of end-to-end encryption in the various network parts (the Radio part with the terminal, the backhaul network, and within the core network)
Deployment of hardening and vulnerability management tools, and reinforcement of security monitoring in all layers and network elements
Deployment of Identity and Access Management (IAM) solution that is essential for the security of network operations, maintenance, deployment and lifecycle management.
Improvement of Security Operation Centre (SOC) capabilities with 5G security monitoring tools, with the appropriate rules for detecting events/alerts related to 5G”
Donny Chong, Director, Nexusguard says its crucial to cover the wider ‘area of attack’ present in something like 5G’s decentralized and software-driven network infrastructure: “As the latest generation of mobile connectivity, 5G networks promise improved security with more advanced security features built in. At the same time, new advanced capabilities can open the door to potential exploitation or vulnerabilities. Rather than older hardware-based core networks, 5G employs a decentralized software-driven, network infrastructure. This means greater flexibility and scalability but also a larger attack surface and potential vulnerabilities around software-defined networking (SDN) and network function virtualization (NFV)
"Attacks against 5G networks will be varied. New threats will emerge, and older ones like distributed denial of service (DDoS) attacks have new implications. 5G networks are designed to support many IoT devices (through a new use case known as reduced capability, or RedCap), which means more entry points for attacks and a higher risk of DDoS attacks affecting critical services. 5G security will evolve in tandem with the threats it faces. For the new use cases in particular, including private networks and network slicing, dedicated security and mitigation over the top of this will be crucial.”
Karikytö says AI is playing an increasingly important role in 5G security. “With the 5G networks enabling cloud-native micro-service-based network design with dynamically scaling capacity and features updates and upgrades it will be crucial to have frictionless automated security orchestration and management in place as it is becoming humanly impossible to manage the constantly altering network environment and its security posture with traditional management ways of working. In near future AI-powered means to detect anomalies and respond accordingly will likely be growing in importance.
“In addition to automated and technical management of the security posture, it is important to make security and privacy front and centre for all personnel’s training curriculum to build a competence base that is prepared and skilled to deal with the ever-changing threat landscape. Successful organizations will have cybersecurity as one of their core cornerstones in their strategy weaved into all business and value flows.”
"Evolving regulatory standards provide guidelines, shaping the 5G security landscape,” said Chaffer. “As 6G networks emerge, security measures evolve for seamless integration, ensuring robust protection. One of the advancements is quantum-safe encryption as a response to the rise of quantum computing threats. Enhanced AI and machine learning continuously fortify security, improving threat detection and response capabilities. Collaborative efforts in threat intelligence sharing strengthen collective defence against emerging cyber threats.
“Technological factors impacting future threats and defences include the proliferation of IoT devices, necessitating adaptive security measures. Artificial intelligence serves as both a threat and a defence, requiring ongoing research. Edge computing demands crucial security considerations as more processing occurs at the network edge. Advances in biometrics offer improved user authentication and authorization, provided privacy and ethical concerns are addressed. Ongoing enhancements in 5G network slicing demand adaptive security protocols, emphasizing the need for continuous research and adaptability in the dynamic 5G landscape.
Karikytö points to AI and Open RAN as key areas that are going to change how the industry approaches security: “The most obvious upcoming developments will likely be realized by smart application of AI-based technologies to detection and remediation of malicious activity. The utilization of AI on the attack side will naturally drive use of AI in cyber-defence as well.
In addition there is still plenty to do in managing the complexity of telecom networks that in most cases are built on multiple generations of legacy technology.
“While 5G Standalone with completely cloud-native stacks becomes more commonplace, the security operations will need to evolve accordingly. Open RAN will add its share to the complexity of the network topology and require CSPs to deploy the well-known best practices in network security management and adapt them the new way of splitting radio access networks.”
Our Orange spokesperson adds: “Some new technologies like cloudification of RAN or integration of AILM (Artificial Intelligence Machine Learning) in network operations will certainly bring new vectors of attacks to handle, however at the same time some technological factors are likely to positively influence the development of 5G security.
The contribution and use of AIML technologies and tools can improve the detection of threats and attacks and automate the response (scale up of defense mechanisms, set up quarantine zones for example)
Deploying a security orchestrator will enable to manage and orchestrate the automated deployment of security measures in mobile network infrastructures.
The replacement of encryption algorithms and suites affected by the advent of quantum computing (increasing of the key length of encryption algorithms) will improve overall integrity and confidentiality.
Last but not least, transformation of people skills to embrace new technologies and practices will be key to implement the right level of security.”
Our panel point out that 5G is the most secure of the ‘G’s to date, and you wouldn’t really expect that to be any other way of course. However with wider technology trends like quantum computing and AI seeming likely to pose both opportunities and threats to the telecoms sector, as well as internal changes like the emergence of Open RAN, the business of keeping networks safe is a moving target.
Read more about:Discussion
You May Also Like