5G and Security: Are You Ready For What’s Coming?
Every tech revolution comes with risks, and 5G is no exception. From IoT applications to the 4G – 5G transition, the scale of 5G usage is opening up an enormous surface area to potential attackers. The promise of high bandwidth + low latency in the coming years is extraordinary, but organizations that are slow to react to these threats are taking a gamble. Fortunately, there are a number of security measures that can substantially reduce these risks. Read on to learn how to keep pace with the security demands of 5G today.
14 billion weak links
Every promised benefit of 5G brings with it a corresponding risk. The number of connected IoT devices is growing at upwards of 18% per year, on course to pass 14 billion this year. Each new edge-computing device creates new vulnerabilities for bad actors to exploit. The decentralized nature of IoT products makes security measures difficult to implement at scale, while 5G’s greater bandwidth has the potential to fuel new DDoS attacks with the power to overwhelm organizations. And the expansive nature of 5G itself poses new risks. As the number of users increases into the millions and billions and networks expand to accommodate more devices, network visibility plummets. It becomes harder to track and prevent threats, especially against sophisticated attackers. Device vulnerabilities, air interface vulnerabilities, RAN, backhaul, 5G packet core & OAM, and SGI/N6 & external roaming vulnerabilities all need to be re-examined.
Network Slicing is not enough
There are many services in today’s industries that require various performance measures such as high throughput, low latency, high reliability, etc., which can be achieved by network slicing, which integrates multiple services with customized local networks. In theory, network slicing should raise security – like the bulkheads on a ship, which contain a potential breach to one flood zone. This is the same logic behind IT network segmentation, which is an established best practice. However, just like network segmentation, network slicing alone does not guarantee that threats are contained. Without additional measures, they’re likely to pass seamlessly into the wider system. Network slicing also faces security challenges connected with resource sharing among the slice tenants and slice security coordination, which are fairly straightforward to solve, but do require attention.
Businesses deploying 5G-connected equipment need an up-to-date set of security solutions capable of monitoring and protecting against the new generation of cyber threats. The specifics will vary according to each user, but the backbone of the new strategy may look something like the following:
Security Edge Protection:
Security edge protection is the foundation of 5G security, upon which all other strategic considerations rest. The following methods can help secure 5G edge installations:
- Encrypted tunnels, firewalls and access control to secure edge computing resources
- Automated patching to avoid outdated software and to reduce attack surface
- AI/ML technology to detect the breach and send alerts accordingly or act accordingly
- Continuous maintenance and monitoring for the discovery of known and unknown vulnerabilities
- Securing the edge computing devices beyond the network layer
Zero trust architecture: never trust, always verify
Zero Trust Architecture (ZTA) eliminates implicit trust by continuously validating a set of actions at every step. Based on perimeter-less security principles, ZTA requires each asset to implement its own security controls. It includes security features such as:
- Continuous logging, continuous monitoring, alerts and metrics
- Threat detection and response
- Policies & permissions
- Infrastructure security & secure software deployment lifecycle (supply chain security)
- Data confidentiality from service providers of both hardware and software
- Container isolation
- Multiple authentication and TLS security
Containers bring the potential benefits of efficiency, agility, and resiliency. Gartner expects that up to 15% of enterprise applications will run in a container environment by 2024, up from less than 5% in 2020. Containers are orchestrated from central control planes which are configurable, used for scaling up and down workloads, collecting logs and metrics, and monitoring security. Containers bring a few unique security risks, but they are solvable.
When containers run in privileged mode or as root, they provide attackers with direct access to the kernel, from which they can escalate their privileges and gain access to sensitive information. It is therefore essential to add role-based access control and limit permissions on deployed containers. It’s easy to run a container in non-root, simply by providing instructions in the docker file. Two more ways to enhance container security are by rejecting pods or containers in privileged mode, or by keeping privileged containers but limiting access to the namespaces.
Automated operations and AI
The complexity of 5G infrastructure requires security applied at multiple levels. Handling complex security such as threat, risk, different devices, scaling etc, is so difficult manually as to be impractical. Additionally, manual operations introduce an element of uncertainty which may in some cases be exploited. There is absolutely a place for human ingenuity. But increasingly the operations level needs to be automated.
What about AI/ML technologies – are they helpful, or just hype? Currently, a bit of both. They already have a role in security, primarily in detecting irregularities. The next step in AI/ML-based security will involve deep learning, through which the system builds its own capabilities through experience – theoretically going so far as to predict threats before they’re deployed. Claims about revolutionary AI protection need to be considered very sceptically, but at the same time the potential for AI to fundamentally alter network security is real. This is a space to watch.
Building on firm ground
The Capgemini Research Institute recently probed organizations’ preparedness to cyber-attacks and revealed a concerning level of disconnect: 51% of industrial organizations expect cyberattacks on smart factories to increase over the next 12 months, and yet nearly that same number (47%) report that cybersecurity is not a C-level concern. We see the lack of a comprehensive, system-wide approach to security as a serious long-term threat.
It is tempting to describe security breaches as instantaneous, but in fact, an honest examination often reveals vulnerabilities that had been left out in the open for months or years, with no adequate security protection. Security you can rely on starts early, with solid fundamentals across people, process, and technology. It’s not easy, but it’s doable.
We can see the risks that come with 5G. Let’s put a security plan in place now.
Contributed blog courtesy of Capgemini and authored by Chhavi Chaturvedi, DevSecOps Engineer, Capgemini Engineering at Capgemini. Read more contributed blogs from Capgemini here.