3 C
New York
Tuesday, January 31, 2023

Buy now

The risks of 5G security

Telecommunication network above city, wireless mobile internet technology for smart grid or 5G LTE data connection, concept about IoT, global business, fintech, blockchain
Image: NicoElNino/Adobe Stock

Thanks to the advent of Open Radio Access Networks, or Open RAN, which add a massive software ecosystem to the radios, towers and base stations that convert wireless signals into data, 5G is a giant data stepping stone to the network of networks we call the Internet. The latest generation of wireless promises to deliver, to plunder a Hollywood box office title, “Everything Everywhere All At Once.”

Jump to:

What is 5G Security?

5G security, operating outside the walled garden of dedicated equipment, servers, and protocols that characterize 4G LTE, involves a software ecosystem as part of RAN “virtualization” and involves containers, microservices, and other cloud-forward services as a new core network.

As former FCC chairman Tom Wheeler wrote in a recently released Brookings report When it comes to the security of 5G systems, the 5G standard brings two synergistic cybersecurity challenges:

  • The 5G standard “virtualization” means that network functions that used to be performed by proprietary or single vendor hardware are now performed by software, and software is hackable – ergo, network infrastructure built on software code is vulnerable.
  • Network operators are supplementing or replacing traditional infrastructure providers and closed proprietary systems with a wide range of providers with O RAN protocols. Wheeler wrote that this diversity of vendors could necessarily become an invitation to a new diversity of unaddressed attack vectors

The open, flexible and programmable nature of 5G networks, he noted, make for a highly amenable framework.

The dangers of 5G security

Networks are only as strong as their weakest link

Among other things, 5G forms networks that are often weakly interconnected, as each network and device may have different security protocols and technologies within it. Partly because of this, the demand for 5G security products is fueling a growing ecosystem of security vendors for things like next-generation firewalls and DDoS attack defenses and security gateways.

Grand View Investigation predicts the global 5G security market will reach $27.59 billion by 2030 — a CAGR of $39.6 billion from 2022 to 2030 — driven in part by improvements in software-defined technologies such as network slicing.

SEE: Best Network Monitoring Software and Tools (TechRepublic)

Talk to each other

With 5G-enabled automated communications, machines and devices in homes, factories and on the move will communicate massive amounts of data without human intervention, posing greater risk.

Kayne McGladrey, field CISO at HyperProof and member of IEEE, explained the dangers of such an approach.

“Inexpensive, fast and generally unmonitored network devices provide threat actors with a reliable and robust infrastructure for launching attacks or running a command and control infrastructure that will take longer to detect and disable,” he said. .

McGladrey also pointed out that when organizations deploy 5G as a replacement for Wi-Fi, they may not properly configure or manage optional but recommended security controls.

“While telecommunications providers have sufficient budget and staff to ensure the security of their networks, private 5G networks may not be and thus become an ideal target for a threat actor,” he said.

Virtualization: let the wrong one in

5G virtualized network architecture opens every door and window in the home to hackers as it creates an external supply chain for software, hardware and services – in fact required. It invites software development using open source code and many software-as-a-service frameworks that live in easy-to-crack edge cloud systems.

In May 2022 report with regard to Open RAN security, the EU noted that strengthening the role of national authorities, audits of operators and required information are all high-impact measures that can help ensure the application of basic security requirements.

McGladrey canceled the special NIST publication 5G cybersecurity provides a good basis for security requirements for 5G network architecture.

“While this document is in draft form, it provides reasonable risk analysis, including the risk mitigations,” he said. “A theme throughout the document is the observability and visibility of security across the environment, enabling security teams to quickly identify security events.”

Trust no one

Particularly important for 5G is the need to authorize who can access systems, including virtualized networks, network management activities and monitoring, and efforts to strengthen software integrity.

Into a new one study, the CTIA takes on the task of delineating zero trust for policymakers. The industry association argued that zero trust should replace the “single perimeter defense” or “castle-and-moat” model that was typical of previous generations of wireless.

The group outlined key terms:

  • Zero trust is a network security approach designed to minimize uncertainty by requiring continuous authentication of users, applications and all associated devices as they access different parts of a network and associated network functions.
  • Zero trust architecture refers to the way an organization applies zero trust principles to its own networks. Because each network has different capabilities and designs, ZTAs must be customized to fit the constraints and risk profile of a particular network.
  • Zero trust network access refers to the consequence, result or implementation of a zero trust architecture, specifically the products or services that use access control rules to define the data, applications, services and other areas of access.

For their part, the CTIA advocates a laissez faire approach, rejecting any single, fixed method and avoiding private sector mandates.

SEE: Zero trust: data-centric culture to accelerate innovation and secure digital business (TechRepublic)

Hardware vulnerabilities

McGladrey sees a potential risk related to networking hardware, as counterfeit or inherited components may contain functionality that could allow an attacker to compromise data confidentiality, integrity, or availability.

“This risk can materialize if a vendor has intentionally included malicious software in its components, or an indirect attack, where a threat actor compromises a component manufacturer’s build process to insert malicious code without the vendor’s approval,” he said. .

Conclusion

There will be great rewards for the US or any country that can cultivate security and technological innovation. The government, policy makers and anyone with oversight may want to tread with a light – or perhaps nimble – foot. As Walker said, efforts should be focused on “encouraging investment while keeping pace with technology, markets and the activities of aggressors.”

Learn more about 5G with these interesting items: five key 5G trends to watch in 2023 and how 5G technology will transform data centers.

Source link

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

0FansLike
3,682FollowersFollow
0SubscribersSubscribe

Latest Articles