التكنولوجيا وأخبارها بوابة الإمارات لتكنولوجيا المعلومات والإتصالات
Attributed toLakshmi Kandadai, Director of Product Marketing for 5G Security, Palo Alto Networks
Excitement is building around the globe for the potential of 5G, and now is the time to lay a
strong foundation for security. To avoid problems down the road for mobile operators and
others looking to this technology to revolutionize their ecosystems, we need to consider
three key challenges for securing 5G: the Internet of Things (IoT), 5G cloud adoption, and
the development of standards and best practices. Many stakeholders – including industry,
government and standards development organizations – have a role to play in addressing
security risks while bringing the vision of 5G into reality.
We laid out our vision of the future of the 5G digital economyearly this year, outlining key
security focus areas critical for 5G transformation. 5G promises transformative mobility by
offering enhanced mobile broadband experience and enabling industrial digitalization
through customer value creation. It’s particularly important to set high standards for
connectivity, security and targeted service-level agreements (SLAs) for 5G use cases that
involve key enterprise verticals. In these early stages of the 5G evolution, it’s natural that
many stakeholders are focusing on delivering higher data speeds, latency improvements,
and the overall functional redesign of mobile networks to enable greater agility, efficiency
and openness. However, it’s critical that security not be left out of this early stage of 5G
development. While the 5G digital environment opens the door for diverse players beyond
traditional cellular networks, such as managed security service providers (MSSPs), cloud
providers, enterprises and technology partners, security often falls short.
With all the technology shifts happening around 5G, how prepared are we to deal with the
impact of cyber threats?
Challenge 1: Security in the Internet of Connected Things
Based on the numerous “proof of concept” (POC) tests we have conducted around the
world, we discovered that IoT botnet activity makes up a very large proportion of the malware in mobile networks today. Malicious actors have often utilized Command &
Control (C2) communication channels over the Domain Name Service (DNS) and, in some cases, have even used DNS to exfiltrate data. The Palo Alto Networks Unit 42 threat
research team found more than half of all IoT devices are vulnerable to medium- or high-severity attacks, meaning that service providers and enterprises are sitting on a “ticking
IoT time bomb.”
The severity and frequency of attacks associated with IoT security in operator networks
and enterprises continues to evolve at an alarming rate. Large-scale attacks can come from anywhere, even from within the operator’s own network, through a botnet comprising tens
of thousands of large-scale, weaponized IoT devices. As threats are becoming more sophisticated, service providers need to up their detection and prevention game to the same level of sophistication.
The modern IoT environment consists of nonstandard computing devices, such as
microcontrollers and sensors, often running stripped-down versions of open source or
proprietary operating systems and applications, utilizing diverse cellular connectivity
models to connect wirelessly to the internet. Poorly configured and vulnerable IoT devices
present a target-rich environment for hackers to build massive botnets. It is no surprise
that malicious network attacks through rogue IoT devices are on the rise. Cyberattacks on
IoT devices impact the overall device performance, device usability and services offered by
those devices.
A recent Unit 42 threat reporthighlighted some of the types of cybercrime campaigns being
faced by multiple critical industries, including government and medical organizations, leading the urgent response efforts to address the COVID-19 pandemic. The implications of
these findings are clear: Botnets are worrisome, since their denial of service attacks do not only impact their intended targets – they could impact overall network services, greatly
expanding the number of people affected.
Challenge 2: Security Gaps in 5G Cloud Adoption
Telecom networks have undergone a large technological shift, which has radically changed
the approach needed to secure them. The physical network perimeter is rapidly disappearing. Operators are embracing a distributed telco cloud environment spanning
multi-vendor, multi-site cloud infrastructures, with end-to-end automation for network operations and services, to meet the performance and scalability requirements of diverse
5G-enabled service offerings. Many operators prefer a multi-cloud strategy as the better operational model. While software-driven models help drive agility, they come at the price of serious security flaws. These software-driven models make networks more vulnerable to
attacks introduced by the software platform, underlying OS and the software stack, including host vulnerabilities, Linux threats and hypervisor/container vulnerabilities. They can also be vulnerable to lateral threat movement between Virtual Network Functions
(VNF) and applications. The risks are no longer confined to the data center assets – the whole landscape is becoming more distributed, and hackers are also targeting devices outside traditional perimeters.
Challenge 3: Standards and Best Practices for 5G Security are Immature
Many people and organizations clearly understand that security is a fundamental part of
successfully launching and using 5G. Establishing the right security approach across 5G networks is critical. Here, standards development and industry organizations can play a key role in gathering and promoting standards and best practices to operators and associated
vendors around the globe. There have been an array of standards and best practices released on other aspects of 5G – such as spectrum allocation and use – but not as many on the leading-edge security practices for 5G. The pace is picking up, however. GSMA, an
industry association representing the interests of mobile operators worldwide, including more than 750 operators and almost 400 companies in the broader mobile ecosystem, has released a series of reference documentsdetailing best practices in mobile security. GSMA
has recently expanded its guidance to securing the data plane, as described below.
The Right Approach: Securing 5G Requires a Collective Effort of Both Industry and Government
Given the array of challenges outlined above, what is the right approach to securing 5G? It
is multifaceted.
Given the importance of 5G to their economies, governments around the globe have a deep
interest in its security. Governments and industry share the goals of mitigating cybersecurity threats to mobile network infrastructures, preventing cyberattacks and reducing the impact of related cybercrime. As in all areas of cybersecurity, achieving these goals is a collective effort. Technical measures that mitigate security risks to mobile network infrastructures, applications, services, and the operators’ customers and end users – including both consumers and enterprises – exist and should be incorporated into government planning.
In addition, governments and industry should identify statutory, regulatory or policy obstacles that could also hinder effective mobile network infrastructure security. They should collectively develop plans that will ensure our critical lifeline activities enabled by 5G deployments are appropriately secure. In a welcome move, the United States government released its National Strategy to Secure 5Gin March 2020, including a line of effort focused on developing security principles for the hardware, software and services used to facilitate 5G activities. In January 2020, the European Commission endorsed the joint “5G Toolbox”of mitigating measures for use by EU Member States to address security risks related to the rollout of 5G.
At the same time, work is picking up in standards development and industry associations. Recently, GSMA collaborated with a group of service providers and vendors to develop a new security reference document, FS.37, which highlights best practices for securing 5G networks. This document outlines recommendations for service providers for detecting and preventing attacks on the GPRS Tunneling Protocol User (GTP-U) plane against mobile networks, services and applications. It provides recommendations for service providers on how to address the threat posed by malware and vulnerabilities, including specific examples, contains guidelines on how to logically deploy security capabilities, including specific interfaces, and the modes of deployment. It also briefly introduces new topics, such as the concept of security per network slice.
A strong security posture portends successful digital transformation. Service providers need to have constant real-time visibility and granular control across traffic passing through their networks in real time. Only then can they detect and stop malicious activities, IoT-based botnets and threats in 5G and build an effective and efficient scalable defense against IoT-based botnets.
