By Vishal Salvi
In the digital transformation journey, 5G interacts with most aspects of the digital services we consume and provides enhanced experiences as business objectives come to fruition. The pandemic intensified the demand for faster, reliable, and secure connectivity across the business ecosystem, bringing more focus on digitization and hyper-automation. Advanced wireless technologies are set to transform both network providers as well as their customers in the near term as per a Deloitte study. 5G is at the forefront of these promising next-generation wireless technologies, establishing capabilities like very high throughput and bandwidth, ultra-low network latency, resilience and more.
Holistically, 5G provides an industrial-grade wireless network that enterprises essentially need to fast-track digital transformation by enabling advances in big data analytics, artificial intelligence (AI), Internet of Things (IoT), cloud, and edge computing. It is also expected to drive faster innovation and new revenue streams and is a true enabler for business possibilities.
While 5G enables more kinds of devices to connect and talk to each other and offers more innovative capabilities, it also introduces new use cases requiring focus on the security posture and cyber risks related to 5G. Public service organisations and private enterprises in India, like their global counterparts, are looking to exploit its potential for economic advancement and thus take long-term visions such as Industry 4.0, smart cities, and smart agriculture closer to realization.
A game-changer with inherent insecurities
Despite potentially being one of the more secure and resilient connectivity platforms that is also industry agnostic, 5G adoption brings its own share of security concerns for CISOs. The advent of 5G will open up a complex and dynamic ecosystem of vendors to address a diverse range of wireless technologies, integration, application, cloud, network equipment, components, and consulting needs. These factors widen the attack surface as the level of security ensured by the ecosystem will only be as strong as its weakest link.
For instance, while 5G will spur greater adoption of IoT, the use of low-end devices with limited security and compute capabilities, lack of sophisticated encryption and decentralized operations raises security concerns. By 2026, Juniper Research expects the number of cellular IoT devices to reach six billion. With a larger number of devices connecting to one technology, and exchanging data at higher rates, the chances of unauthorized access will increase within the IoT environment.
Autonomous vehicles, which will rely on 5G networks to meet the low latency and high data bandwidth requirements, will also need stringent security measures.
Managing complexities of 5G security
The multi-tiered 5G architecture typically comprises a core network through which the endpoints of the IoT devices are connected to the infrastructure providing network connectivity. Security is more complicated in this scenario since it means protection at the endpoints, the core network, and all points at which devices are connected to complete the network. Therefore, it is imperative for cybersecurity leaders to build their strategies around these different tiers into 5G applications for end-to-end protection.
CISOs would require a complete set of controls that enable comprehensive insights into the 5G network as well its management, considering security as a foundational aspect of the enterprise’s 5G roadmap. Starting with an all-inclusive approach, improving visibility into each tier, and establishing the right set of policies and firewalls in place will go a long way towards securing the network. As machines will communicate primarily through APIs, it is also important to understand the different APIs of the endpoints at which access is getting enabled and enforce the right set of security controls there. While these insights will help generate reports to the management and take definitive actions, it’s equally important to have the right set of auditing and monitoring from all the tiers of the 5G network. An effective 5G strategy includes a holistic security paradigm with a high degree of security automation and orchestration as well as incorporates ‘zero trust’ principles with real-time management of cyber controls such as user authentication, micro-segmentation, secure cloud adoption, and data trust fabric.
ALSO READ Jio claims its 5G services now available across Delhi-NCR
The recommended security reliability framework for CISOs to enable an integrated approach that is required for the 5G environment includes:
Adoption of a zero-trust framework
Combined with secure access service edge (SASE), layered defensive mechanisms such as Defense in Depth, user authentication, vulnerability management, detection and monitoring, it will provide a strong security posture in the context of an IoT-based 5G network.
Security controls at multiple layers
Security controls at multiple layers will help protect the entire infrastructure from endpoint to network as well as control the attack surface and minimize the blast radius. SASE is expected to be the future standard for security according to Gartner and includes technologies such as Zero Trust Network Access (ZTNA), which help protect application assets from public visibility and reduces the attack surface considerably.
A secure-by-design approach
Security must be seeded into the whole infrastructure and not considered a standalone or add-on after the complete network has been set up.
Interdependencies or interactions between the cyber and physical ecosystem
Security measures need to consider these diverse domains and scenarios so that 5G can effectively deliver the demands of low latency, high speed, high bandwidth to the end devices.
The principles of user privacy
This is a fundamental requirement that helps protect data and enables visibility to the end-user at any point in time.
Secure endpoints
Deploying security measures and controls such as Intrusion detection systems (IDS) and intrusion prevention systems (IPS) against Distributed Denial-of-Service (DDoS) attacks will help provide an elevated level of security and data encryption whether it’s at the endpoint or on the network or through the cloud.
Cloud security
More workloads are becoming cloud-bound, making the cloud a key component of the broader 5G ecosystem and its security more significant than ever. Visibility into the organisational assets with a clear understanding of governance, misconfigurations and vulnerabilities will help shape remediation solutions, which is vital.
Threat mitigation
The core model of 5G requires adequate security for the user plane and control plane, network slice, segregation of virtualized functions, protection against DDoS, API security etc. This assumes higher significance as core 5G functions can now be consumed as an API.
Given the large volumes of data and the complexity involved, automation and orchestration of the 5G security infrastructure are essential and must be underpinned by a zero-trust framework that enables a holistic, secure-by-design approach, which can address the evolving needs of the 5G environment. These can not only minimize human errors but also provide business stakeholders with a much-needed confidence boost regarding the reliability and security of the 5G network.
(The author is chief information security officer & head of cyber security practice at Infosys. Views are personal.)
