5G Security: Developing a Common Approach to 5G Security, at the forefront of 5G Innovation.

5G represents a fundamental shift in communication network architectures. It promises to accelerate future revenue generation through innovative services facilitated via 5G-enabled devices, including smartphones, tablets, laptops and Internet-of-Things (IoT). 5G deployments are envisioned as a complex amalgamation of next-generation technological enhancements to telecommunication networks, which will help 5G become the catalyst for next-generation IoT services.

Examples of such innovations include: 1) advanced modulation schemes for wireless access, 2) network slicing capabilities, 3) automated network application lifecycle management, 4) software-defined networking and network function virtualization, and 5) support for cloud-optimized distributed network applications.

When we talking about 5G security concerns, where do the biggest concerns lies? Is it more on the security of data itself that flowing through the connected devices, the Internet of Things that enables? Or is it more to the applications that ride over the network or is it both?

I think it’s both , 5G is about IoT connecting things, the use cases and applications that run on top of 5G network are very much concerned. The amount of data that flows over 5G network, very high percentage of data that currently trains AI with machine learning already comes from mobile phones. With IoT, sensors and actuators, uploading data and acting on the data, that is a concern as well. In 5G Standards itself, there are many mechanisms including Network Slicing, so that the air link at least is much more secure than 3G or 4G. On top of that, you still need security in your application & use cases. It is critical that we work together from collaboration, cooperation and culture, and share the best security practices on different components in the 5G infrastructure.

From an infrastructure perspective, when you think about 5G or any kind of mobile network, there are layers. In security we called defense in depth that means there are layers to it. It’s not just one slice cake so as to speak. It’s not about just the threat itself, but how is the risk amplified or changed in different ways because of that one threat may have multiple factors into the network. There is no single way to disrupt the traffic of service. So thinking about risk of in terms of those layers, we think about the RAN, the Transport Network in between, the routers and the switches that moving the packets along, and the Core itself. In past days, those were kind of separate things, way back to 3G literally separate physical units. But as we get closer to Service Base Architecture towards Cloud based environment, everything is virtualized. Those lines between those segment structures blur a lot.

With Network Slicing coming into play, we can also spin up virtualize security functions on demand, to tackle DDOS attacks or other types service disruptions, or further inspect different kinds of traffic more discretely to ensure that bad traffic is not getting through. We also have to mind through that the vertical aspect of a network, we have vertical components too that go up and down the virtualization stack, so if we put those 2 things together, we have horizontal (CORE, RAN , TRANSPORT) pass through the network and we have vertical ups and down as well. Thinking about risk now, each of these points were things that intersects, becomes kind of risk inflection point. It’s an exponential risk calculation, not just a linear risk calculation. I think that’s why a trusted network needed in having all points that meet up that traffic flow, having those trusted and resilient is more important than ever as we put services towards critical infrastructure.

So, how are 5G vendor companies and broader industries working together to make sure that there is a trusted ecosystem and vendors trust each other to be information sharing or that the equipment interfacing is secured?

The industry always work very closely together including from chip devices manufacturers, telecom vendors, infrastructure manufacturers and also telecom carriers. It’s very good to see governments are getting involved. The best platform for all companies to collaborate together is the 3GPP Global Standards body. You can roam around the world because of these Standards process. 3GPP have collaborated security features into 5G, that didn’t exist before. Also, the open RAN initiative which is defining some implementation profile on how to implement the 3GPP standards to a particular parts of the network to allow even more interoperability and diversity in supply. In addition to the 5G network and devices that follow the 5G protocols, there are also a lot of IoT devices hanging off the edge of 5G network and remains to be seen whether those devices will themselves have 5G chips in them, and be part of the managed 5G network?, or the devices maybe behind some kind of router or access points? But In any case, 5G will drive a lot more adoption of IoT.  Furthermore, the Standards are still not complete yet. The Standards go through multiple releases. Different features get added in overtime and of course operator choose which features to actually deploy in the network. It is incredibly important that the governments should maintain the leadership and standards.

Looking at foresight, if that one thing that keeps you up at night, the security risk that people are not talking yet, what is it that something that may come in the future?

Identifying areas where we can mitigate certain risks in advance where we can identify this is where I trackback for something that might come in, whether something  in a Radio Unit, or a small cell tower in dense metro area, looking at it through different lenses, which we have much a larger classification of small cells in urban areas. It is not just one big tower, there is a physical protection for that. Thousand small cells in a city have different physical components in terms of accessibility or disruptively. It’s not just the threat itself, but the risk. In risk analysis there are 55 different scenarios. We looking all of ICT sectors, not just telecom. In terms of critical infrastructure, how can you take this as a take away in just learn how to better mitigate this kind of risk. Because it might be different threat factor of tomorrow or next day, different type of DDOS attack as it is keep changing. Think always about risk mitigation, not just threat avoidance, as risk mitigation will help us stay ahead. Apart from that, the need of Cross training is essential. For example, the whole world of telecom community making certain assumption of deployments where network control plane is separate from everything else. On the other hand, the enterprise community has a great knowledge and skill set. How do we make sure that transfer of knowledge goes into the data center? And similarly in the data center and cloud, there are great skill set, how can we make sure apply those to operational technology we need for running this networks. Cross training really provides a challenge for all these communities to adopting these technologies. This will further strengthen both telecom and IT network. Besides that, there is so much of conversation right now around malicious backdoors, maybe are need to do risk mitigation for all kind of backdoors exploited by state actors.

How do we do risk mitigation for the IoT?

For IoT, devices that connected to Internet, but not being managed by the network operator, whoever set-up the devices needs to know what they doing, whatever they have proper tools to set-up properly. The IoT is going to grow more rapidly and spread more ubiquitous throughout the world because of 5G. And simply because of bandwidth, and the ability to connect larger number of devices on wireless, so that it can be easy to deploy IoT.

In this case, IoT is at the edge and it is out of control from the network providers, and almost impossible to see everything is happening on the edge and be able to mitigate it quickly?

The threat surface has increased tremendously, but as we decentralized, and distribute and virtualize the network, we move it out through the edge, the scope from an analytics perspective and trying to find what a bad actor is, what’s a bad flow, even that potentially can shrink, so the ability of you to deal with it amplifies from a Network Slicing, spin up with different software load to do other kind of analytics or black holing bad traffic is a widely available option.

In the case of Mirai botnet, the 2016-founded malware program has been continuously successful in grabbing the attention of the IoT world, and more lately, the enterprise IoT sector which altogether makes it a huge concern for IT firms. So, with such kind of recurring Mirai malware attacks in IoT infrastructure, even in 2019, where does the state of security in IoT stand now?

Why Mirai has mostly been targeting the IoT industry, let alone a shift towards enterprise IoT? And what an IoT service provider can possibly do to keep this online viral plague away from its IoT ecosystem?

Well, to answer the first question, the growing adoption and rise of IoT technology make it an obvious target of such notorious online malware like Mirai. The answer to the second question is not so straight forward, but simple to understand theoretically: Keep your IoT network, and every device on it, tightly encrypted with modern IoT-specific encryption techniques.

I think regular cyber security awareness towards the SMBs will be helpful. It is an important decision to be made by SMBs in terms of quality, security and reliability. Making good choices of what they buying in terms of software and the price & quality are associated with it.

To be continued…..