Promising super-fast download speeds, ultra-low latency, and increased connectivity, the imminent rollout of 5G network technology is set to deliver a host of benefits to consumers, businesses, and mobile operators alike. In addition to these advantages, however, the introduction of 5G will bring with it a series of security threats, each of which must be addressed.
Connections and connectivity
One of the key elements of 5G is its enablement of the massive machine type communications (mMTC) model that will underpin the Internet of Things (IoT). With an oft-quoted prediction from Gartner suggesting that more than 20 billion devices will be connected by 2020 – from connected cars to smart meters, and sensors to health monitors – the sheer scale of the IoT represents a vast potential attack surface, and a major threat to networks. The consequences of a cyber-attack on an autonomous vehicle, for example, are unthinkable. Robust security is therefore essential, at both a network- and device-level, to prevent bad actors from exploiting vulnerabilities for their own end.
5G will also see an increase in the use of cloud and virtualisation technologies such as software-defined networking (SDN) and network function virtualisation (NFV). C-RAN (centralised radio access network), for example, a new cloud-based network architecture for the 5G infrastructure, will deliver greater connectivity, capacity, and cost-effectiveness.
In addition, NFV will enable network slicing, in which a physical network is separated into multiple virtual networks, each of which can be used to support different RANs or customised to meet the needs of different applications, services, devices, customers or operators. This new environment demands a robust security infrastructure, of course, but it’s important that any such provision doesn’t compromise the flexibility inherent in its open and programmable nature.
Flexibility and privacy
Flexibility will be at the heart of 5G’s offerings. Improved connectivity, for example, will mean that, as 5G becomes more pervasive, there will be an increase in the current shift from working on employer-provided assets such as laptops to working on personal devices. With this shift will come greater consideration around how enterprise IT teams can provide secure and monitored access to resources such as networks and endpoint devices over which they have no control.
Privacy too, continues to be a key concern, and has been highlighted recently by a combination of an ongoing series of high-profile data breaches, and the introduction of legislation such as the EU GDPR. The advancements of 5G mean that more sensitive data will traverse networks than ever before, from health and location details, to business and financial information. With so much valuable data at stake, the concept of identity management and the associated security provisions are therefore set to become a growing challenge as 5G rolls out.
New security needs
Building end-to-end security into the network is fundamental to addressing all of these issues.
In network slicing, for example, each ‘service category’ will have its own specific network demands. Each will require a secure virtual slice of the network designed to enable that service to be delivered with the necessary ultra-low latency or high bandwidth, and without affecting or being affected by any other service.
We’re not there yet, however. At the moment, a built-in security gateway will typically sit in a data centre at the mobile core, where base station traffic is processed. But, with the growing adoption of the IoT and mobile edge computing (MEC), both enabled by 5G technologies, the processing of this traffic will shift to the edge, closer to the radio. As a result, the security gateway will have to move to the edge too. Indeed, this will be essential in securing 5G networks and the IoT but, despite much talk within the industry, very little action has been taken to date.
In addition, the increase in cloud and “as a service” models will require authentication and trust to be agreed between users, networks and services, so that only authorised users can access data, particularly in cases where a network and a service are being delivered separately. Indeed, as 5G is especially service-oriented, it’s important that security aligns with different service needs, rather than those of the network.
5G is set to change everything, and that includes how operators deal with potential security threats. With infinitely more data and applications held in the cloud, and with a huge volume of connected IoT devices offering a wealth of potential entry points for cyber-criminals, operators must take steps nowt to ensure that their networks are secure for when the roll out finally happens.