What’s the difference between IT and 5G security? What you’re protecting.
A helmet is great for protecting your head when riding a motorcycle. But you’ll look pretty silly if you wear it into a hospital expecting it to keep you safe against COVID-19. To protect your respiratory system, you’ll need different equipment and different processes.
The same goes for technology — and how safeguarding 5G networks requires communications service providers (CSPs) to do more than just apply the same security systems used in the past.
With 5G, CSPs can tap into new opportunities in new verticals: IoT devices, drones, connected vehicles, smart buildings and more. That’s also exposing the operational technology behind mission-critical industrial services and applications to the kinds of cyberthreats typically seen in the information technology (IT) domain. Yet the security controls and processes used for IT aren’t suited to 5G for one big reason: the critical assets to be protected are very different.
What’s critical in IT
In traditional IT, the critical asset is data: personal and business information like bank account details, passwords, or corporate trade secrets. That’s why an IT-focused security operations team will prioritize two of the three core pillars of cybersecurity: integrity and confidentiality.
Let’s look at a bank account, for example. Integrity matters because you never want to be about to make a big purchase and suddenly find that your account has been zeroed out. You want a high level of confidentiality because you don’t want your credit card number spread all over the Internet for anyone to use. And if you run a business, you don’t want your competitors having full access to your financials. Those kinds of leaks can cause serious damage to your revenues and your reputation.
The third pillar of cybersecurity is availability. Of course, you want to be able to access your funds or use your credit card to buy something anywhere, anytime. But at the same time, it’s not the end of the world if the bank’s mobile app goes offline for maintenance for a few minutes and you can’t get into your account. You expect and tolerate a certain amount of temporary downtime from that service.
Since some downtime is acceptable, the IT personnel responsible for the bank’s cybersecurity are expected to apply software updates and upgrades (such as security patches) very quickly and frequently. That’s also why the components at the heart of IT systems have short lifecycles, usually less than five years. It’s about always having the latest protection in place to keep the bad guys out.
What’s critical in 5G
In 5G, things are different. The critical asset isn’t data, it’s the underlying connectivity needed by the systems that control trains, drones, cranes, robotic arms and other critical infrastructure.
Let’s say you’re in charge of a railway’s traffic control system. In this case, confidentiality is far less important than integrity and availability. If bad actors access and reveal the real-time location of a particular train, that’s not a big deal. But if they modify that location data, the train might end up on the wrong track at the wrong time - putting people’s lives at risk. The same could happen if connectivity is ever disrupted between the train and the traffic control system. Unlike your banking app, absolutely no downtime is acceptable.
Because 5G faces so much regulatory scrutiny, the patching and update process has very strict requirements and must be done within very short maintenance windows. There are also the 5G-specific network functions and protocols to consider, which require a more tailored skill set and level of expertise that most IT personnel don’t have.
In fact, everything from incident containment to root-cause analysis to remediation in 5G requires specialized skills and training. The operational tasks required to restore an IT mail server just can’t be compared to what’s needed to get a 5G mobility management entity back up and running.
Two ways to protect your 5G assets
With 5G security being harder and more complex that IT security, CSPs can’t simply port over their old systems and processes. They need a new approach to security operations - one driven by extended detection and response (XDR) capabilities. XDR-based security is built around a data “pipeline” that can accommodate the massive amounts of data flowing through 5G networks, allowing CPS to gather more threat intelligence from more sources.
CSPs can choose to do XDR themselves or sign up for managed detection and response (MDR), where XDR capabilities are delivered as a service by an experienced provider, such as Nokia. This gives CSPs scalable, end-to-end 5G incident management while easing the burden on their security teams.
Download our white paper for more on how 5G security differs from IT — or visit our website to learn more about Nokia’s MDR service.