Positive Technologies launches its 5G Security Program
to help operators to reinforce their security strategies and build appropriate practices to maintain the resilience of their 5G SA/NSA networks and services.
The UK is one of the most developed markets in Europe in terms of 5G deployments, as people and critical national infrastructure become more dependent on these next generation networks - from transportation, such as automated vehicles, to health care and remote surgery, they will bring with them substantial national security, cybersecurity and privacy risks.
Across the globe, governments are introducing tighter restrictions and new laws for mobile network operators (MNOs) to comply with to secure their networks and mitigate risk to subscribers. Last year, the UK government introduced the Telecoms Security Bill which imposes harsher fines for operators who fail to protect their networks and subscribers. The European Union also released the EU Toolkit, which was supported by a document from ENISA, the European Union's cyber security advisers.
At the start of this year, Ofcom held a 5G spectrum auction to help improve mobile services and give more people access to 5G networks. The competitive landscape has become fiercer and MNOs are not only competing with one another, but utility providers, banks, manufacturers and others who are accelerating their own deployments of private 5G. Fast tracked deployment of 5G coupled with regulatory requirements, means that the security of networks should not be an afterthought.
Not only this, new and hidden threats are emerging as hackers become more sophisticated in their techniques which evade traditional security tools. This is concerning, given the cyber security industry is plagued with a skills shortage, which means the front-line defense becomes vulnerable. As telecoms systems become more complex, security teams are investing in automating their security systems to balance the odds and plug in the gaps. With a growing appetite on the black market for the skills of hackers, constant monitoring of networks is required. These attacks range from lone wolf individuals to large scale nation backed attackers.
Through the 5G Security Program, Positive Technologies will evaluate and conduct in-depth analysis of a client's network infrastructure to highlight recommendations from security experts to set out a clear action plan for tailored 5G security strategies.
5G expands the threat surface, so end-to-end security will be crucial for MNOs as they maintain previous generation networks and face the challenges emerging in 5G. Positive Technologies' 5G Security Program tests all telecom infrastructure domains:
- 5G SA/NSA Core Security Assessment - In-depth audit against SS7/Diameter/GTP/HTTP/2 and PFCP threats: roaming and inbound traffic analysis
- 5G Telco Cloud Assessment - Deep assessment of cloud applications and technologies used (virtualization, containers, MEC, SDN, NFV, MANO)
- Integrations Security Health Check - Deep screening of telecom interconnections and partnership APIs
- Anti-Fraud Security Assessment - Extensive checks of how resilient your network is against various fraud scenarios.
- Compliance check - Check of compliance with GSMA guidelines
- Operations Resilience Check - OSS/BSS and in-house business application assessment
- Application Security Assessment - Network perimeter audit and security analysis against HTTP, API, and JSON breaches in web applications, including black/gray/white box scanning.
- 5G New Radio Security Assessment - RAN/O-RAN security assessment
Find out more about the 5G Security Program here
Jimmy Jones, telecoms cyber security expert at Positive Technologies who has over two decades of industry experience comments, "Our comprehensive 5G Security Program shapes security based on individual network infrastructure needs, aligning new business processes with security requirements before doing a full scale 5G rollout. The reality is, 5G opens up more threats, network siloes and sheer complexity of new configuration burdens, not to mention constant changes which means more vulnerabilities will appear. Mobile operators need to be ahead of the curve and understand the threats which lurk on their systems to protect. As mobile operators begin to turn their attention to 5G networks, it's important that they do not neglect previous generation networks which have their own vulnerabilities stemming from SS7, Diameter and GTP protocols. Having security part of the design and planning stage means MNOs can save money and avoid overstretching budgets."