5G promises a future of technology-enabling innovation and a host of benefits. The technology underlying 5G marks a break with 4G in many ways, especially when demanding a fundamental reconceptualization of the communication networks. The previous mobile technology generations were built on a physical architecture while 5G, a completely virtual network, enables the convergence of networks and makes wireless communication a fundamental truth.
5G promises to support transformative applications, becoming a driver of a new world of intelligent factories, autonomous cars, and smart cities. We expect lightning-fast speed, increased capacity, and reduced latency. 5G is expected to be 100 times faster. Downloading a two-hour movie, for example, may take merely four seconds with 5G. Given its potential, some studies show that 5G can be expected to pump 12 trillion dollars into the global economy.
Just as 5G becomes the enabler of a totally connected world, it also raises concerns about enabling a larger surface area for cyberattacks. This is primarily because 5G networks connect more devices than previous technologies at a “fatter” bandwidth and with lower network latency. This means more endpoints to attack and an enabling network capacity that may make “brute force” attacks practically possible.
However, as with any new technology, an introduction of 5G requires revisiting cyber-security strategies. Building greater resilience by identifying and countering the risks specific to 5G can enable this technology to become a powerful force to generate revenues and drive profits.
The security challenge
Security is one of the major stumbling blocks to the adoption of 5G. Until now, navigating the security chasm was difficult because many standards that could govern its implementation and management hadn’t been fleshed out. Reliable estimates of the kind of new threats that could emerge were missing. While this could influence multiple aspects, its impact on security could be disastrous as it risks providing more elbow room for malicious elements to break down the defenses.
Clearly, keeping 5G networks secure and keeping them safe from malicious intent and activity for businesses and society alike will be essential for ensuring the safety of the end-users. With these concerns in mind, recent announcements of 5G specifications being updated and aligned with zero-trust tenets is good news.
Why zero-trust works in favour of 5G
A vital point to secure any network is to understand where vulnerabilities could arise. Usually, risks transition from one network to another at the point of interconnection. As such, it becomes essential that all the companies involved on each side of these transitions need to adopt a coordinated approach to ensure effective end-to-end security.
By aligning 5G specifications with zero-trust tenets, the telecom industry assumes a strong position to create a zero-trust architecture that everyone can “subscribe” to. The zero-trust security model becomes effective in the 5G scenario as it never makes any assumptions towards trustworthiness.
A zero-trust architecture facilitates secure network access to resources (data, devices, and services) and ensures that it is restricted to only the authorized and approved subjects ((users, devices, and services). This approach assumes an identity-centric approach based on the execution of policy-based authorization decisions in runtime in conjunction with traditional in-depth security principles. The right zero-trust architecture mitigates the risk of external attackers elbowing their way into the network or moving laterally in case of a security breach. The key areas where this zero-trust architecture needs implementing could be to:
- Secure digital identities are the key factor that determine whether an access request should be accepted or not. A zero-trust architecture establishes protocols after assessing the environment, which includes virtualized deployments, multi-tenant environments, and the hardware ecosystem, to deliver secure identity lifecycle management.
- Secure communication transport of user and signaling data across 3GPP interfaces. A zero-trust architecture ensures that all data is secured with cryptographic algorithms thereby delivering integrity protection and confidentiality
- Manage the relationship between the host of logical and physical entities across the telecom network and create a capable policy framework that captures the access rules and requirements to determine eligibility requests. These policies enable the enforcement of micro-perimeters with fine-grained access control based on roles, credentials, and environmental attributes
- Establish the right security posture of network assets and ensure compliance with security policies. Monitor and evaluate subjects, resources compliance, trustworthiness, and state to design access controls.
The journey towards zero-trust must be carefully calibrated and augmented with methodical decisions on when and how to implement the new security processes and deploy the new security technologies. Adopting the zero-trust principle improves the management of security risks to deliver a secure network and services.
However, the capability to implement a zero-trust architecture also depends heavily on the technologies, prioritizations, and policies considered. Successfully implementing zero trust can be a cornerstone of a holistic defense strategy to manage the risk of the infrastructure that has migrated to zero-trust and the infrastructure that hasn’t, both.
While this transition towards zero-trust is a major change in the telecom industry, 5G’s built-in compatibility with the zero-trust architecture will make it easier to define security practices and strategies applicable in different scenarios. As of now, the new functionalities and requirement specifications align with many zero-trust elements. This should help drive up the confidence of successful 5G implementations without worries over security concerns clouding the benefits. That is great news for the telecom sector and the world at large.