5G brings a world of possibilities - new consumer experiences, new enterprise applications, new partner ecosystems and business models. For service providers and network equipment manufacturers, it’s all there for the taking. Provided, that is, customers and partners can trust 5G services. And there’s the rub: building that trust is not at all straightforward.
As many new capabilities as 5G introduces, it also brings enormous complexity and significant new security risks. Mounting pressure to bring new solutions to market quickly only compounds those risks. And yet, inaction is no option either. Waiting on the sidelines until all the questions get answered, while competitors bring new 5G solutions to customers, can be just as risky as rushing a product out the door.
How can operators and manufacturers solve this conundrum? It’s absolutely possible to capitalize on 5G innovation while protecting your end users, your supply chain, and your business. To do it though, you’ll need to think differently - and more strategically - about the role of security in your business.
Weighing 5G risks
This isn’t the first time operators have introduced a new wireless standard. What makes securing 5G so different? In a word, complexity. 5G brings open, disaggregated, software-defined infrastructure to telecom networks for the first time. It’s this openness and flexibility that makes 5G so powerful, enabling new kinds of services tailored to the needs of the applications using them. At the same time, there are more moving pieces, and more players involved in delivering them, than with any previous wireless standard.
Operators and manufacturers introducing new 5G technologies must contend with:
- Expanding threat surface: Analysts forecast 3.6 billion 5G connections globally by 2025. That’s billions of new potential vectors for network and device security threats. Virtualized infrastructure, cloud edge assets, mass IoT deployments - even just the points where different vendor solutions meet - can all present attractive targets. This is to say nothing of the ongoing, constantly evolving threats of data breach, distributed denial of service, malware, and more.
- More dynamic environment: All thethings thatmake 5G so exciting also make it a Pandora’s box of new potential threats. Support for much higher densities brings huge increases in devices, connections, and cell sites. Disaggregated software models demand more distributed architectures and operations. Openness unleashes new vendors, ecosystems, and open-source tools. All of a sudden, just visualizing all potential points of vulnerability, much less securing them, seems exponentially more difficult.
- More vulnerable supply chain: Suppliers play a much larger role in 5G networks, creating a pressing need to secure the interlinkages between them and between suppliers and operator environments. More than ever before, 5G security efforts must focus on the supply chain. Those efforts should encompass the facilities where products are manufactured or assembled, third-party software, insider risks, continuity systems, and of course device security itself. And they must address the full lifecycle of supply chain interactions—inside supplier facilities, in transit, and within operator environments.
The good news is that, despite this complexity, 5G is potentially more secure than any previous network. Yes, the software models that come with 5G are new to telecom environments. But they allow you to use tried-and-true approaches from the world of IT, as well as the most advanced modern IT security mechanisms.
Five pillars of 5G security
As with any large, complex problem, the answer to securing 5G lies in separating the task into smaller, more manageable chunks. Service providers and manufacturers should build 5G security strategy around the following five pillars:
- Understand the risk: The first step in risk mitigation is identifying, defining, and quantifying risk scenarios. Start by testing your environment to identify gaps in 5G security coverage and ensure that processes are in place to mitigate the risk of 5G device weaknesses. Remember, 5G really does change everything. Even for equipment that was previously trusted, even for devices that are “certified” secure, never assume. Test, verify, and test again.
- Make compliance mandatory: With so many more playersin the 5G supply chain, it’s critical that every stakeholder meets all relevant compliance standards. As a baseline, continuously audit all participants in your supply chain. Require ongoing code audits for back doors and other software risks. And require all device suppliers - especially IoT suppliers - to obtain security certifications such as the CTIA IoT Cybersecurity certification.
- Embed security: Security should be a foundational element of all 5G plans and initiatives, and should be embedded into all key processes by default. Encrypt all data, whether in flight or at rest. And continually audit your security policies and control mechanisms to make sure they’re still working as intended, even as dynamic 5G environments change.
- Continuously test and audit: The software-defined programmability of 5G networks allows them to adapt dynamically to diverse application needs. Yet this dynamicity means many traditional security tools - for vulnerability assessment, asset management, even conventional penetration testing—can’t keep pace. When the environment constantly changes, it’s not enough to know you were secure last month, last week, even a few hours ago. You need continuous testing and auditing using up-to-the-minute threat intelligence.
- Innovate with intention: You can’t slow down innovation just because the 5G security landscape is complicated. What you can do, however, is take responsible risks based on actionable intelligence. Continually gather the intelligence needed to identify, quantify, and respond to security and business risks before they impact the production environment. And embrace a community-oriented approach to innovation. By avoiding operating in silos, you can more quickly identify and react to emerging risks.
Differentiate while minimizing risk
Security experts have long advocated making security foundational to any system rather than trying to bolt it on after the fact. This has always been sound advice. For 5G, operators and manufacturers should treat it as mandatory.
More than any other step you take to secure 5G, the most important is to reorient your organization’s mindset to put security at the center of every 5G initiative and conversation. That mindset should hold true looking outwards as well. Work with vendors you trust to safeguard security across all categories, especially the supply chain.
When you build security into everything you do, when you can continually test and validate the measures you’ve put in place, you can unleash 5G innovation with confidence. And the trust you build with partners and customers becomes a durable competitive advantage.
