PARTNER CONTENT: Operators are hard at work planning for future 5G use cases, but failure to make appropriate security preparations could compromise the performance of next generation networks, an expert from Juniper Networks warned.
“New technologies, new architecture come with new attack surfaces. Without proper counter measures in place, 5G networks would be more vulnerable to exploitation than 3G and 4G,” Irene Zhang, senior product marketing manager for Juniper’s service provider security solutions, told Mobile World Live.
Zhang said security was “not top of mind until recently,” as the industry focused on RAN and core innovation. However, attention is finally turning toward security strategies as the risks of not protecting the network become more apparent.
“Imagine what would happen if 5G security is not adequately addressed and hackers can remotely gain access to and control the connected vehicles on the road,” she said.
Zhang added: “Everyone has responsibility for 5G security. It takes a village. Standard bodies need to provide guidance. Operators need to invest and implement. Vendors need to provide solutions for operators that align with the standard bodies’ guidance.”
Without such broad participation and careful preparation, she warned service providers could face an inability to effectively mitigate growing and emerging threats.
Scale and performance
Among the key factors providers need to take into account in their security assessments are scale and performance.
Zhang explained current 4G security systems performance won’t be able to keep up with the demands of 5G networks, which will require higher throughput and more session scale to support a surge in data traffic and number of connections. In order to deliver the necessary performance, many of today’s 4G security systems such as SEG (security gateway), Gi/SGi firewall and Gp/S8 roaming firewall will require both hardware and software upgrades to add necessary performance.
Another area that must be addressed is distributed denial-of service (DDoS) attacks. Due to their often-limited security capabilities, IoT devices are a favourite target for hackers to leverage as botnets.
Zhang noted traditional DDoS defences – like the “detect and redirect” method using scrubbing centres – will be unsustainable in the face of increasingly sophisticated attacks since it will easily become capacity overloaded, too costly to maintain and too slow to react before damage occurs.
New attack surfaces
Additionally, hardware-based security alone won’t be sufficient in a world of cloud architecture and virtualised network functions.
Physical Network Functions (PNFs) and Virtual Network Functions(VNFs) for security will likely co-exist for a long time. Zhang stressed the importance of a holistic approach with system-wide visibility to manage both physical and digital network security elements from a single point. Without such a system, she warned threat responses will likely be slower.
“It doesn’t work well if the physical security has one console, and the virtual security has another console.”
She also pointed out a shift to multi-access edge computing (MEC) and network slicing will open new attack vectors, which will need to be protected.
Providers will likely run MEC applications on the same physical platform as some VNFs in order to gain efficiencies.
However, the use of third-party applications could create a new opening for attackers, sparking concerns that a malicious app could exhaust network resources needed by other slices and functions if it is not properly isolated.
Without critical upgrades, outdated systems could hinder both security efforts and overall network performance. But Zhang outlined several steps providers can take to ensure their security setups are 5G ready.
As a first step, she encouraged them to upgrade their existing hardware, including firewalls. On the virtual side of the house, Zhang said providers should also aim to implement baseline-level security across all network slices rather than just some, to prevent attackers from targeting slices with lower levels of security.
Additionally, adequate separation should be maintained between slices for an added layer of protection, so attackers cannot easily move between slices.
If done right, providers can turn security into a point of differentiation and even a revenue opportunity.
Providers which can adequately address the concerns of different 5G verticals, such as energy, utilities, healthcare and manufacturing, have the potential to open new revenue streams by offering security as a service, Zhang said. The rapidly growing enterprise IoT segment is particularly ripe for such value-added services, she added.
“While consumer IoT is interesting and gets a lot of attention, the real money will be mostly spent by enterprise implementing IoT projects.”