How to Secure Your Security at the Speed of 5G
While some enterprises appear to be getting an early jump on the security implications of 5G, many are struggling with the implications to the business and the changing security model. This is based on a survey AT&T Cybersecurity conducted with 451 Research of 704 cybersecurity professionals in North America, India, Australia and UK. Participating organizations spanned 13 industry verticals and each had more than 500 employees.
If you want to Gain In-depth Knowledge on Security, please go through this link Cyber Security Course
Here are excerpts from those surveyed in the AT&T Cybersecurity Insights on their progress in making security changes required by 5G:
Timeframe to implement security changes
5G is more than an increase in speed – it’s not a “faster 4G". It provides new features such as network slicing, which allows for isolated domains for traffic. 5G service providers can assign slices to users with customizable quality of service and bandwidth.
Sporting innovative built-in security measures, 5G can allow for stronger over-the-air encryption, subscriber identity protection and reduced risk of eavesdropping.
At AT&T, we believe that 5G will encourage a shared security model akin to the public cloud. The beauty of this is it shifts some security functions to the 5G service provider, freeing up enterprises from some concerns. The anticipated shared security model of 5G does require security pros to think differently, which will take time. However, in the end the shifting of some security functions to the 5G service provider may provide great benefits for enterprises.
With the large number of devices associated with 5G, authentication and identity need to be considered in the scope of security, similar to the public cloud. The 5G service provider can help confirm device identity as well, because the network will know a device’s physical location. In a way, the 5G service provider uses the network itself as a security tool.
Introducing 5G networking impacts many technical areas, but also provides an opportunity and motivation to modernize security approaches. Software Defined Network (SDN) and virtualization technologies should be considered by enterprises preparing for 5G due to its sheer scale. In parallel, security should be virtualized and automated.
From the survey we learned the top security concerns cited were due to the increased attack surface. Have a look at what companies had to say:
Top 3 security concerns
How Secure Will 5G Networks Be?
Beyond all the vendor hype and hoopla, genuine security concerns abound. 5G technology is immature and there are questions about some of 5G’s technology underpinnings. For example, a group of researchers discovered security flaws in 5G networks (4G as well) which could be used by attackers to intercept phone calls and track the locations of smartphone users. The paper titled “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information” details how these new vulnerabilities can defeat the security designed in to 5G to make it more difficult to spy on mobile users. In a different study, “A Formal Analysis of 5G Authentication,” researchers from ETH Zurich, the University of Lorraine and the University of Dundee caution that 5G is immature, insufficiently tested and it enables the “movement and access of vastly higher quantities of data, and thus broadens attack surfaces”.
Take your career to new heights of success with a Cyber Security Online Training
Additionally, 5G has not, cannot be tested at scale. There is the likelihood that 5G will exacerbate some of the same security issues and attack vectors that we have today. The size and sophistication of distributed denial-of-service (DDoS) attacks have risen at an ever-accelerating pace,” according to a report by cybersecurity company A10 Networks. “As new 5G networks become operational, we expect the size of attacks will dwarf these records.”
Will 5G Networks be Secure?
Expressing concern over the security of 5G and future telecommunications systems, a group of senior U.S. senators introduced a recent bill that would require President Trump to maximize the security of domestic network infrastructure and that of foreign allies. The Secure 5G and Beyond Act was formally proposed by Senators John Cornyn, Richard Burr, and Mark Warner, with co-sponsors Susan Collins, Tom Cotton, Marco Rubio, and Michael Bennet. The bill seeks to:
- Require the President to create an inter-agency strategy to secure 5th generation and future generation technology and infrastructure in the United States and with our strategic allies.
- Designates NTIA as the Executive Agent to coordinate implementation of the strategy in coordination with the Chairman of the FCC, the Secretary of Homeland Security, the Director of National Intelligence, the Attorney General, and the Secretary of Defense.
- Ensure that the strategy does not include a recommendation to nationalize 5th generation deployment or future generations of mobile telecommunications infrastructure in the United States.
Clearly 5G is inevitable but its path may not be as clear cut, or as rapid, as once envisioned. Should Huawei being banned from US and other European and Asian networks, carriers will be forced to seek other vendor options. That will take time and slow 5G rollout and adoption. And without 5G speeds, already stretched mobile networks make break under the strain and stress of billions of IoT devices. But without careful evaluation of the Huawei issue along with 5G’s immaturity and lack of scalable testing, we may all be living in a faster – yet more vulnerable – future.
Conclusion
5G has the potential to bring significantly more devices onto the network, expanding the attack surfaces and increasing the possibility of new threats. Security organizations relying on manual security approaches likely will have a hard time keeping up. Security that is dynamic and automated will be able to quickly and effectively address the new security threats of 5G networks, and virtualization can help provide flexibility to respond to unknown future threats.