By Chris Pearson, President, 5G Americas
When I was a kid growing up in the outside of the Seattle area, we lived in a standard suburban middle-income community with lots of green lawns, kids riding around the neighborhood on bikes, and not a care in the world. My parents’ basic rule was to be home before the streetlights came on. All the neighbors seemed to know each other, so we would usually leave the front doors unlocked. But as we grew up and time had passed, we began to understand that the world had become a more perilous place, so like much of the United States and rest of world, we started to lock the outer doors to our homes.
Similarly, in the early days of the Internet, things were simple. Yes, there were hackers even way back before the days of interconnected networks, but most network security was focused on the notion of protecting the perimeter of the data center. Everything behind the firewall was thought to be safe if enough protection could be loaded up around the outside, much like a fortress.
But just the like real world, the cyber world got a little messier. The rise of cloud computing has introduced new complexities, as organizations turn over the storage of their data to large hyperscale companies. At the same time, the rise of mobile wireless and edge computing have blurred the perimeter of the old house, as people and devices access their data from on campus, to off-campus, in transit, and even in far-flung remote places where wireless cellular can reach.
In the modern world, there is less of a line between “inside” versus “outside” any longer. Customers, stakeholders, business partners, and a variety of other entities require access to not just the front door of the home – but to the many different rooms inside it, as well.
But even as the surface threats have grown, the security tools and processes have rapidly evolved to stay ahead of them. In “Security for 5G,” 5G Americas explains how today’s modern 5G networks have been built for the cloud and the edge. We take you through the major shifts in thinking around wireless cellular network security, showing you how 5G standards have baked in safety into the DNA of 5G network architecture. We then put forward several recommendations to help organizations, as they deploy their own 5G networks, including:
- Build 5G networks with a zero-trust architecture that is complemented with perimeter security to provide protection from internal and external threats.
- Follow industry best practices for secure cloud deployments, including secure cloud native functions, orchestration, automation, APIs, and infrastructure. These best practices are applicable to private, public, and hybrid deployment models.
- Implement a 3GPP Release 16 5G standalone network whenever possible to benefit from security enhancements that support a zero-trust architecture and follow Communications Security, Reliability, and Interoperability Council (CSRIC) VII recommendations.
- Consider supply chain security as a component of 5G security. Use trusted suppliers that follow industry best practices for secure development processes.
In short, we help you understand how 5G networks have now installed locks on every door for every room inside and outside the building.
In this new world, one of the most important things to understand that cloud computing has touched every facet of the network. Cloudification of the 5G radio access network (RAN) and 5G core (5GC) uses the best cloud security practices to protect not just the network, but also applications, and the data that reside therein.
5G network security must take into consideration the three different types of cloud computing deployments: on-premises, multi-stack public cloud, and hybrid cloud networks. The robustness of 5G security allows for successful operation within the complexities of each of these types of environments, which determine where sensitive data may be stored (offsite, onsite, or a mixture of both), as well as how applications and data flows are to be managed – and where.
Additionally, 5G layered security controls are also baked into solutions where there are distributed computing deployments (like edge networks), where there may be dynamic workloads, as well as encrypted interfaces. Securing cloud-native functions can become more challenging as physical servers and virtual machines in 4G LTE networks are replaced with containers and microservices, which include run-time, traffic, orchestration, automation, and access controls, roaming scenarios, host OS and hardware expand the threat surface to the network.
As you can see, with all the complexity that cloud and mobile environments bring, the management of a multitude of entities, identities, and permissions must be airtight. Therefore, standards have been set forth for “zero trust” networks. Zero-Trust is a security model that, as it sounds, is built on the principle that no user or network function can be trusted – whether internal or external to the network. The National Institute of Standards and Technology (NIST) provides seven tenets of zero-trust, which include principles regarding: data and compute resources, secure communication regardless of location, per session resource access, resource access determined by dynamic policy, monitoring, and measuring of security posture for assets, dynamic resource authentication, and collection of the state of assets.
In addition to NIST, 5G security is enhanced through work done by wireless organizations like 3GPP, 5G Americas and GSMA. 3GPP Release 16 provides several security enhancements, including enhanced support for vertical and LAN services, advanced vehicle-to-everything (V2X), enhancements to a common API framework and network slicing, support for non-public networks, URLLC enhancements, and full rate user plane integrity protection.
5G Americas provides ongoing education, training and discussion of network security issues through our white papers like “Security for 5G”, “Security Considerations for the 5G Era,” and “The Evolution of Security in 5G”. GSMA has provided additional 5G security recommendations and work in relation to inter-PLMN (Public Land Mobile Network) security improvements, network equipment security assurance scheme, and coordinated vulnerability disclosure.
In 2021, a few additional areas of 5G network security have grown in importance. Security for 5G networks deeply integrated into industry vertical segments have gained higher visibility due to the increasing number of private and public 5G networks serving large enterprises. Vertical industry improvements in 5G security are included in 3GPP’s work, including those for V2X, smart manufacturing, critical infrastructure, energy and water, and healthcare.
At the same time, this year has seen the rise of importance in protecting global supply chains, which are not only vulnerable to economic impacts or logistical issues (such as a container ship blocking the Suez Canal for weeks), but also to potential cyber intrusions, such as the Colonial Pipeline ransomware attack. Fortunately, much work is being done to ensure the supply chain is protected via tightened 5G security, which focuses on supply chain-specific issues like considering trusted suppliers, open-source software security, secure software development lifecycle, DevSecOps, and software bill of materials.
Protecting vertical industries and their supply chains are critical to ensuring a safe global economy.
Aside from these issues, Open RAN also presents a fertile area of work. As wireless cellular radio access networks are opened to new market participants, security becomes a priority for many open RAN industry initiatives and solutions that recognize the complexity that virtualization, automation, intelligence, and the attack surface of an open, disaggregated RAN. Groups such as the O-RAN Alliance, OpenRAN MoU Group – TIP, Linux Foundation O-RAN Software Community, and numerous other groups are working on delivering robust open RAN security standards and solutions for the industry.
As you can see, the ever-changing arms race between cyber attackers and organizations continues unabated. But as each new technology is added to the mix of wireless networks, stout guardians are already at work to ensure the safety and health of the networks. While it is sad that we may never return to those halcyon days of unlocked doors in the suburbs of Seattle, I am proud to be part of an industry that is helping to safeguard the integrity of the world’s technology and economic system.
There is much work to be done – and I am confident in the people and organizations making it happen.
-Chris