Keeping the lights on in the 5G stadium
For me a fantastic game or concert in a stadium is exciting enough, but when we add 5G into the mix, it becomes something else - a Smart Stadium. Fans and concert goers can select content to improve their enjoyment of the event, as well as different camera angles to add a whole new aspect.
Imagine thousands of people in the arena – suddenly everything goes dark. Cyber terrorists have struck, cutting off lights, communications and alarm systems.
In a Smart Stadium 5G technology can provide discrete network slices, virtual networks running on the same physical infrastructure. The different slices can be controlled by different parties such as Mobile Network Operator (MNO), venue operator and Public Safety response teams.
As an enterprise customer of a 5G MNO, the venue operator can use one slice to provide all the fantastic entertainment possibilities to its own customers.
It can use another slice for facility control, managing the drone video surveillance. A third slice can be dedicated to emergency use – using cameras around the stadium and from drones, the slice can provide HD imagery about the emergency to the handsets of the Public Safety response teams.
The role of 5G security
Here is my short definition of what to expect from the 5G security mechanisms applied in the stadium:
- Firstly, they protect the privacy of the different users of the slices.
- They also ensure the integrity and confidentiality of the traffic the slices transport.
- They also protect against cyber-attacks that may affect the availability of slices or the confidentiality of data they transport and store.
Although privacy and confidentiality issues cannot be neglected, we can say that the most critical security aspect in a Smart Stadium is the availability of services.
Let’s try to summarize what to take into consideration to achieve the above goals
- We first need detailed knowledge of the threats to 5G technology. All the conventional IT security threats apply - there are also specific telecom related 5G instances, so we need expertise in both 5G and IT security. We need to pay special attention to threats against availability of services in the stadium such as DDoS attacks from the internet and from compromised endpoints exhausting critical network functions.
- Built in security capabilities in the 5G network elements that make up our slices. These can include 5G authentication/authorization, gNB traffic encryption, superior VPN capabilities of the transport network and native security features in the cloud, etc. These mechanisms ensure sufficient defense for user privacy and data confidentiality in the stadium but provide insufficient protection against attacks targeting availability of services.
- Built in security features cannot work in isolation – they need to be backed up by massive security infrastructure, providing the E2E security. These include perimeter security via zoning and micro segmentation, network traffic inspection, operation tooling such as SOAR and GRC management etc. Since the Smart Stadium is vulnerable for DDoS attacks due to the high density and the logical segmentation/limitation of the physical resources through network slicing, security infrastructure needs to have a special focus on DDoS defense from multiple directions – preventing compromised endpoints to form botnet to launch DDoS attack through network traffic based anomaly detection and mitigation SW and defending core functions via NG perimeter security and micro segmentation.
- The above assets come to life through the Security Operation prepared for 5G services consisting of security infrastructure and GRC management as well as security monitoring and response. The Smart Stadium must be treated as a special event, needing additional resources beyond those of conventional use cases. Automation in the SOC (through SOAR cyber playbooks) is essential to offload security analysts to focus on possible zero-day exploits.
Security from end-to-end
I believe the combination of built-in security mechanisms, the surrounding security infrastructure as well as the adapted security operation processes ensures that the security controls in the Smart Stadium are flexible, adaptable and automated thus helping the facility operator prevent or respond to cybersecurity incidents.
However, I still have a feeling it can be challenging to even identify all the possible security implications in a 5G use case. To identify all of them it will involve a partner with 5G security expertise to assess risks. Also, you should consider outsourcing security operations to an MSSP with skills in IT and 5G, one that can help prevent your Smart Stadium from becoming a Dark Stadium.
If you are interested in more detail on this topic please click here
Visit our website to see Nokia’s full security portfolio: Nokia Security Portfolio
Please see our materials related to Security Assessment and Managed Security Services:
Share your thoughts on this topic by joining the Twitter discussion with @nokianetworks or @nokia using #5G #5GNR #5Gmobility #5Ginaction