As enterprises are adopting 5G private and public networks and services to enable digital innovations, they are introducing more edges and expanding the attack surface, posing new cybersecurity risks. Many organizations don't realize how unprepared they may be for the network and security changes coming down the pipeline. A lack of a comprehensive, coherent digital transformation strategy with an integrated security solution presents long-term challenges. Let's explore the risks of 5G and how to create a comprehensive security solution.
On the horizon are new smartphones that can use 5G bandwidth at performance levels of 24GHz and higher, which will fundamentally alter network performance requirements at the edge for both devices and applications. It'll also require the appropriate security infrastructures to monitor and manage this new level of performance.
The new 5G will likely support everything from manufacturing and energy grids to autonomous vehicles and consumer brands. Demands on networks will grow, especially at the edge, and increased complexity will concurrently lead to evolving security needs.
But simply adding security on top of the network can create bottlenecks. Businesses that don't proactively prepare for these new demands will encounter latency issues and diminished user experiences and will no longer be able to compete or retain customers. To protect against threats more effectively, the integration of security and networking is essential. The key is to find a way to securely increase network capabilities without negatively impacting the user experience.
With the shift to virtual infrastructures and cloud-based architectures that rely on open technologies, there's a strong need for security capabilities that far exceed those of standard stateful firewalls. The attack surface of this emerging infrastructure extends far beyond physical assets, backhaul and fronthaul, signaling, roaming, charging and Internet interfaces. Service providers also need to secure the virtual infrastructure and cloud platforms.
And with new strategies such as network slicing, service providers must be able to accommodate the complete end-to-end isolation of slices. That's in addition to the agile and dynamic allocation of end-to-end resources to multiple tenants running different services with varied requirements.
An additional technology arising from the transformation that 5G brings is edge clouds designed to deliver high-bandwidth and low-latency applications. These edge clouds will need to support multiple tenants and specialized IoT applications that don't run in the central cloud. With regard to security, though, their policies and enforcement will need to be consistent with those in the core. This means centralized orchestration married to autonomous edge security to ensure both consistency and time to respond.
Building enterprise-level 5G private networks is another emerging trend, which spans industries such as logistics, manufacturing, oil and gas. Since most businesses aren't capable of setting up their own 5G network in-house, mobile network operators (MNOs) need a strategy and service offerings for securing private 5G mobile networks.
Many organizations assume having a private network keeps them safe, but this is not often the case. Going wireless can increase the attack surface due to factors such as increased Industrial Internet of Things (IIoT) exposure, physical mobility of devices on the network, and interplay between the enterprise, MNOs, IoT manufacturers, operational technology (OT) vendors and suppliers.
Ultimately, whether the network is public or private, end-to-end security requires a platform approach that can provide security across all edges.
Establishing a security framework
What's essential to understand about the 5G threat landscape is that it includes more than the volumetric DDoS attacks and signaling protocol-specific hacks of days gone by. It also includes advanced persistent threats, lateral propagation, web application layer vulnerabilities, API security and more. Consequently, service providers need to ensure that the diverse set of security requirements imposed by this new architecture – along with the related use cases and services supported by their core networks – can be adequately addressed by their security solutions.
Crucially, these solutions must be part of a single security framework rather than a separate, isolated set of tools that can cause additional overhead as well as issues related to configuration and orchestration. Being fully integrated and automated ensures consistent and effective security to protect infrastructure assets and revenue-generating services.
An effective, holistic approach to 5G security
Today, 5G represents about $5 billion in operator-billed revenue opportunity and that's projected to grow to an astounding $357 billion by 2025. Meeting the performance and security needs of 5G will be crucial to any company wishing to remain viable.
Many organizations don't currently have this capability. Previous strategies of chasing best-of-breed devices mean that many organizations have a legacy security setup made of a hypercomplex patchwork of increasingly difficult-to-manage infrastructures. Certainly, last-minute deployments in the wake of the pandemic didn't help matters. Adding 5G on top of such architectures is likely to compound the issue and lead to a whole host of problems and vulnerabilities.
A pastiche of new tools and old infrastructures is no longer viable. Now is the time for organizations to deploy coherent and comprehensive 5G network security strategies. But they must act quickly, as the needs of a 5G world will only grow from here. A broad, automated and integrated security framework is needed. Such a strategy converges networking and security like secure SD-WAN and SASE, securing all the edges from the WAN Edge to the RAN to the packet core to the cloud.
— Nirav Shah, Vice President of Products and Solutions, Fortinet
About the author
Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Shah serves as the products and solutions lead for Fortinet's Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.
Photo by Christina @ wocintechchat.com on Unsplash