5G Security

Mobile device and network security have an interesting bonding with the evolution of technology over the past two decades. Hackers have consistently found various methods to impersonate as legal subscribers of mobile services to indulge in criminal activities like cell phone cloning. These perpetrators are still pushing a plethora of marketing messages for vicious purposes. The boot software vulnerabilities in the devices are still getting exploited to get access to PII (Personally identifiable information). The mobile networks are also the victims here, as we witness many service providers constantly facing DDoS (Distributed denial of service) and APT (Advance persistent threats).

5G has a tremendous promise of providing robust connectivity to disparate set of devices with mind-boggling bandwidth and extremely low latency requirements. However, these tremendous capabilities also make the 5G security architecture and threat landscape even more complex and dynamic. This has provided a great platform for hackers to be highly innovative in their intent to cause large scale damage to individuals and corporates. APTs can do persistent and multi-staged attacks that are hard to detect and mitigate as they could be disguised by several layers in the network.

5G will be the future of many mission and business critical systems involving IoT (Internet of things), OT (Operational Technology) and Edge computing infrastructure. Considering this, it’s not a far-fetched imagination that we could see some big bucks sponsored attacks that have the potential to break the economy backbone of nations. These attacks would be highly synchronized with multiple tools and processes and operated via many command and controls (C&C).

The run of the mills kind of attacks will also continue like DDoS, stealing of credentials, man in the middle attack, etc. But due to the complexity and dynamism of 5G network, many of these common attacks may go unnoticed and in fact, in some cases they may hide under the carpet for a very long time. Consumers may never get to know as to what got stolen and how it is getting exploited. AI (Artificial Intelligence) may be able to help by providing many supplement models, however, coping with false negatives of these models is a big challenge here and in fact, these very models themselves could become attack surfaces for the adversaries.

Having said these, it’s also worth noting that many security research-based companies are looking at 5G security at a comprehensive level and are on the verge of releasing robust solutions by collaborative efforts. A case in point is the security feature developed by IBM and Intel that extends Blockchain capabilities and helps increase trust in high-stakes markets such as wireless spectrum auctions (read here -https://www.ibm.com/blogs/research/2020/03/new-ibm-and-intel-blockchain-security-feature-targets-5g-auctions/ ).

It is imperative that the following couple of core security capabilities are baked into the overall solution offering. One deals with what’s in the hands of end users and other deals with the ecosystem that enables 5G capabilities.

• MDM (Mobile Device Management) which deals with device security and patch management, plays a major role in protecting attacks from unauthorized and malicious attacks. Governance of privacy and government regulatory policies with zero trust postures also become a major requirement here.
• 5G network infrastructure leverages SDN (Software Defined Network) to enable network slicing feature. This feature is very dynamic in nature and need continuous assessment of attack topologies at all levels. Network data analytics models should play a major role here that collects FLOW data, inspects and correlates packets from all important levels. 

With these security capabilities in place, we get a lot of confidence in protecting data, network elements and numerous devices while giving tremendous boost to user/customer adaptation. Even though standards, tools and frameworks are still evolving, I see that many organizations are increasingly looking at getting a foot in the door, in their journey of providing 5G security to their customers. Many more organizations are on the verge of establishing application-layer visibility and consistent security across the network.

Look forward to exciting times!