By: Lakshmi Kandadai, Director of Product Marketing for 5G Security, Palo Alto Networks
Excitement is building around the globe for the potential of 5G, and now is the time to lay a strong foundation for security. To avoid problems down the road for mobile operators and others looking to this technology to revolutionize their ecosystems, we need to consider three key challenges for securing 5G: the Internet of Things (IoT), 5G cloud adoption, and the development of standards and best practices. Many stakeholders – including industry, government and standards development organizations – have a role to play in addressing security risks while bringing the vision of 5G into reality.
We laid out our vision of the future of the 5G digital economy early this year, outlining key security focus areas critical for 5G transformation. 5G promises transformative mobility by offering enhanced mobile broadband experience and enabling industrial digitalization through customer value creation. It’s particularly important to set high standards for connectivity, security and targeted service-level agreements (SLAs) for 5G use cases that involve key enterprise verticals. In these early stages of the 5G evolution, it’s natural that many stakeholders are focusing on delivering higher data speeds, latency improvements, and the overall functional redesign of mobile networks to enable greater agility, efficiency and openness. However, it’s critical that security not be left out of this early stage of 5G development. While the 5G digital environment opens the door for diverse players beyond traditional cellular networks, such as managed security service providers (MSSPs), cloud providers, enterprises and technology partners, security often falls short.
With all the technology shifts happening around 5G, how prepared are we to deal with the impact of cyber threats?
Challenge 1: Security in the Internet of Connected Things
Based on the numerous “proof of concept” (POC) tests we have conducted around the world, we discovered that IoT botnet activity makes up a very large proportion of the malware in mobile networks today. Malicious actors have often utilized Command & Control (C2) communication channels over the Domain Name Service (DNS) and, in some cases, have even used DNS to exfiltrate data. The Palo Alto Networks Unit 42 threat research team found more than half of all IoT devices are vulnerable to medium- or high-severity attacks, meaning that service providers and enterprises are sitting on a “ticking IoT time bomb.”
The severity and frequency of attacks associated with IoT security in operator networks and enterprises continues to evolve at an alarming rate. Large-scale attacks can come from anywhere, even from within the operator’s own network, through a botnet comprising tens of thousands of large-scale, weaponized IoT devices. As threats are becoming more sophisticated, service providers need to up their detection and prevention game to the same level of sophistication.
The modern IoT environment consists of nonstandard computing devices, such as microcontrollers and sensors, often running stripped-down versions of open source or proprietary operating systems and applications, utilizing diverse cellular connectivity models to connect wirelessly to the internet. Poorly configured and vulnerable IoT devices present a target-rich environment for hackers to build massive botnets. It is no surprise that malicious network attacks through rogue IoT devices are on the rise. Cyberattacks on IoT devices impact the overall device performance, device usability and services offered by those devices.
A recent Unit 42 threat report highlighted some of the types of cybercrime campaigns being faced by multiple critical industries, including government and medical organizations, leading the urgent response efforts to address the COVID-19 pandemic. The implications of these findings are clear: Botnets are worrisome, since their denial of service attacks do not only impact their intended targets – they could impact overall network services, greatly expanding the number of people affected.
Challenge 2: Security Gaps in 5G Cloud Adoption
Telecom networks have undergone a large technological shift, which has radically changed the approach needed to secure them. The physical network perimeter is rapidly disappearing. Operators are embracing a distributed telco cloud environment spanning multi-vendor, multi-site cloud infrastructures, with end-to-end automation for network operations and services, to meet the performance and scalability requirements of diverse 5G-enabled service offerings. Many operators prefer a multi-cloud strategy as the better operational model. While software-driven models help drive agility, they come at the price of serious security flaws. These software-driven models make networks more vulnerable to attacks introduced by the software platform, underlying OS and the software stack, including host vulnerabilities, Linux threats and hypervisor/container vulnerabilities. They can also be vulnerable to lateral threat movement between Virtual Network Functions (VNF) and applications. The risks are no longer confined to the data center assets – the whole landscape is becoming more distributed, and hackers are also targeting devices outside traditional perimeters.
Challenge 3: Standards and Best Practices for 5G Security are Immature
Many people and organizations clearly understand that security is a fundamental part of successfully launching and using 5G. Establishing the right security approach across 5G networks is critical. Here, standards development and industry organizations can play a key role in gathering and promoting standards and best practices to operators and associated vendors around the globe. There have been an array of standards and best practices released on other aspects of 5G – such as spectrum allocation and use – but not as many on the leading-edge security practices for 5G. The pace is picking up, however. GSMA, an industry association representing the interests of mobile operators worldwide, including more than 750 operators and almost 400 companies in the broader mobile ecosystem, has released a series of reference documents detailing best practices in mobile security. GSMA has recently expanded its guidance to securing the data plane, as described below.
The Right Approach: Securing 5G Requires a Collective Effort of Both Industry and Government
Given the array of challenges outlined above, what is the right approach to securing 5G? It is multifaceted.
Given the importance of 5G to their economies, governments around the globe have a deep interest in its security. Governments and industry share the goals of mitigating cybersecurity threats to mobile network infrastructures, preventing cyberattacks and reducing the impact of related cybercrime. As in all areas of cybersecurity, achieving these goals is a collective effort. Technical measures that mitigate security risks to mobile network infrastructures, applications, services, and the operators’ customers and end users – including both consumers and enterprises – exist and should be incorporated into government planning.
In addition, governments and industry should identify statutory, regulatory or policy obstacles that could also hinder effective mobile network infrastructure security. They should collectively develop plans that will ensure our critical lifeline activities enabled by 5G deployments are appropriately secure. In a welcome move, the United States government released its National Strategy to Secure 5G in March 2020, including a line of effort focused on developing security principles for the hardware, software and services used to facilitate 5G activities. In January 2020, the European Commission endorsed the joint “5G Toolbox” of mitigating measures for use by EU Member States to address security risks related to the rollout of 5G.
At the same time, work is picking up in standards development and industry associations. Recently, GSMA collaborated with a group of service providers and vendors to develop a new security reference document, FS.37, which highlights best practices for securing 5G networks. This document outlines recommendations for service providers for detecting and preventing attacks on the GPRS Tunneling Protocol User (GTP-U) plane against mobile networks, services and applications. It provides recommendations for service providers on how to address the threat posed by malware and vulnerabilities, including specific examples, contains guidelines on how to logically deploy security capabilities, including specific interfaces, and the modes of deployment. It also briefly introduces new topics, such as the concept of security per network slice.
A strong security posture portends successful digital transformation. Service providers need to have constant real-time visibility and granular control across traffic passing through their networks in real time. Only then can they detect and stop malicious activities, IoT-based botnets and threats in 5G and build an effective and efficient scalable defense against IoT-based botnets.