Cybersecurity: a toolbox of defenses for the age of 5G
Security has always been important in mobile communications, but the arrival of 5G raises the stakes. And governments are taking note.
New network architectures, new services and a proliferation of new devices all increase the challenge for 5G network operators. At the same time, 5G will host more critical infrastructure than ever before and affect almost every aspect of life, making any breach potentially catastrophic. Security must therefore be front-and-center in new 5G networks.
It will take concerted action to counter the emerging threats, so the European Union has analyzed various risk scenarios and come up with a toolbox of mitigating measures and supporting actions that member states and operators can use to fight back.
The toolbox makes a clear distinction between strategic measures and technical measures. Strategic measures include things like regulatory powers, maintaining a sustainable and diverse 5G supply chain and ensuring there is no over-reliance on a third country. Technical measures include deploying specific network security solutions and processes.
While strategic considerations are mainly the domain of governments and regulators, mobile operators and their suppliers are on the front line when it comes to deploying technology-based security solutions. Nokia has identified three of the EU’s risk scenarios where technology will lead the way.
Building a strong network
The first is the possible misconfiguration of networks. Even if we assume network components are initially configured with the right parameters to comply with security policies, settings will be changed as the network evolves. Misconfiguration creates vulnerabilities that can only be countered by an automated audit and mitigation process in place.
5G networks include potentially thousands of data centers distributed towards the edge of the network, each playing host to cloud-native virtual network functions. It will be impossible for operators to keep track of them all manually. Instead an automated solution can verify network parameters and compare them to a gold standard, correcting any anomalies with minimal operator intervention.
The Nokia NetGuard Audit Compliance Manager automates the audit and analysis of all the parameters in physical and virtual networks, checking them against ideal versions. It then flags any mismatches to help prevent service degradations and process inefficiencies.
Protection from people
The second risk scenario considers a failure to control and monitor exactly who does what in the network, which can lead to a variety of security problems. Operators typically work on a ‘zero trust’ basis, recognizing that even employees and contractors pose a potential threat. Even so, such threats can go undetected for months without the right solutions. Ideally, all activities should be attributable to a specific user so that any abnormal behavior can be spotted.
Nokia’s NetGuard Security Management Center module can analyze user behavior to spot and terminate suspicious user sessions, for instance, or to trigger actions by the NetGuard Identity Access Manager.
Securing smart devices
Connectedness is our strength in the information age, but it is also a weakness. IoT connections will reach almost 25 billion globally by 2025 and this poses some big security risks for 5G networks. How do you ensure the security of billions of devices, as well as the network they are running on? How do you prevent a hacktivist group or state-backed actor taking control of IoT devices to attack the network?
Rather than scanning files for malware, Nokia recommends monitoring network traffic between user end point devices and the internet, looking for evidence of interference or infection.
Nokia’s solution is the NetGuard Endpoint Security (NES), which provides real-time network-based detection and analytics for all devices, whether the device has its own anti-virus or other protection systems. For example, NES can detect the creation of a Botnet in real time and block or disturb the communications to and from the command and control point coordinating the infected devices. NES can then either tell the subscribers or the IoT vendors to start cleansing their devices, or initiate processes within the MNO’s organization to update the firmware of the affected devices.
Trust the experts
Nokia has already played an important role in securing critical networks for more than 15 years. Our technologies and expertise can help protect 5G networks and services in the future.
For more details on the role of technology solutions in providing security for 5G networks, check out Nokia’s solution paper ‘Cybersecurity in the age of 5G technology’. And for more general advice on strategic and technological risk mitigation measures, see the European Commission’s ‘Cybersecurity of 5G networks - EU toolbox of risk mitigating measures’.
Interested to learn more about our Security solutions? Visit HERE our product demo zone.