5G Rollout Puts Mobile Network Operators on the Line: How to Handle Cyber Risk?

A new, fifth generation of wireless technology (5G) is commanding center stage this month, as the global mobile industry gathers for its annual mega-conference in Barcelona and as limited 5G deployments get underway in some markets. It’s showtime for the mobile network operators of the world. How will they deliver what some are calling the future of networking? Moreover, how will they safeguard that future in the face of a new generation of cyber risk?

How the Future Is Taking Shape

5G will bring faster data speeds, higher quality and lower latency to the world’s mobile networks. This powerful combination is expected to unleash myriad new applications and services, when countless devices are connected to copious clouds of data via far more intelligent and dynamic networks. The technology is expected to be so good that wireless will compete against broadband wireline in many markets. It will have the obvious additional advantage of being mobile.

There’s a lot on the line. Autonomous cars, remote surgery, immersive computing, the Internet of Things (IoT) – so much of the promise of digital innovation has been tied to the re-architecting of the global mobile network to 5G, as it rolls out over the next several years. Many of these innovations simply wouldn’t work well enough at slower data speeds, with lower quality and higher latency.

For mobile network operators, this rollout is also a make-or-break transition that will define their own future, as either commodity providers of wireless pipes or the purveyors of a new breed of 5G services. With 5G, they can provide business customers with virtual slices of their networks on which to configure advanced applications – a potentially more profitable market in which they may have to compete with cloud service providers.

The Next-Gen Threat Surface

Every new generation of mobile technology has ushered in a new generation of security issues. In the 1980s, the very first, analog generation ushered in what the New York Times called “the golden age of cellphone cloning,” in which thieves with radio scanners stole cellphone numbers and racked up enormous telephone bills.

That may seem quaint, compared to the cyberattacks of the modern internet. It could even elicit nostalgia for a time when global superpowers were not trading accusations of cyber espionage – including in the rollout of 5G.

Now some say that 5G could present the biggest security challenge ever. As a group of academics wrote, “it is highly likely that new types of security threats and challenges will arise along with the deployment of novel 5G technologies and services.”

The pressure to prevent such events is growing with 5G because of the increasingly critical nature of the applications it will carry. Not only should the internet stay online. But a smart city cannot let the traffic lights go out. An automated factory cannot afford down time. “Security is simply going to matter more,” says Peter Margaris, Head of Service Provider Product Marketing at Palo Alto Networks.

Old School Network Defenses Fall Short

Mobile network operators have long faced attacks to their core networks, but today’s bad actors more commonly target the devices and applications running over the network. Since network operators have primarily provided the connectivity, they have not been accountable for device or application security. They have typically avoided the operational, reputational and financial damages that have accompanied mega-breaches.

For the most part, they have just minded their own business, able to handle the volume of core network attacks with a patchwork of security systems and procedures, Margaris says. And they have defended themselves somewhat manually and retroactively, often throttling traffic and otherwise mitigating attacks after the fact.

Erecting a New Network Defense

“Mobile network operators have to think differently about securing their networks in a 5G world,” Margaris says.

With 5G, the core network attacks could be far more numerous and powerful – as in armies of compromised IoT devices. These kinds of DDOS attacks occur in multiple stages: bad actors find vulnerabilities, inject malware, begin communicating with the compromised devices and then, having achieved a critical mass, launch the attack. Mobile network operators will need to monitor such threats from within their network, using a similar, multistage approach. They will need to, effectively, keep devices connected to the network free of malware.

Because of the speed of 5G, there is even more pressure to identify threats before incidents occur, rather than after the fact. And because mobile network operators will be more involved in applications over time, they will be exposed at a new level.

All of this will require end-to-end visibility into data, control and signaling traffic, effective protections across all network locations, and tight integration with network partners and customers. Current patchwork approaches cannot simply be scaled up.

Global standards groups continue to develop and harmonize 5G security technologies to provide such capabilities, but it is still a work in progress. Timing is critical. “Security has to be designed into the 5G network, it cannot be an afterthought,” says Lakshmi Kandadai, Palo Alto Networks’ Director of Product Marketing for 5G Security.

A Point of Differentiation: Security-as-a-Service

Mobile network operators should also look at security as a way to differentiate themselves from competitors – particularly as they roll-out new business services on virtual slices of their networks, Margaris says. “These will be configured end to end across the mobile core, transport, and radio access network (RAN) domains and operate as ‘virtual 5G enterprise networks,’ with each slice being uniquely tailored to suit the requirements of specific industry verticals or enterprise applications,” he says.

By foregrounding security in this business model, network operators can position themselves as “secure business enablers” of self-driving cars, cloud-driven robotics, or other innovative applications, he says. “Security will be a key differentiator.”

The Takeaway

In Barcelona, the 100,000-plus attendees at the global mobile industry’s signature MWC19 event will have a lot to celebrate. Today, over 5 billion people subscribe to a mobile service, and mobile network operators connect half the world’s population to the internet. There will be a lot of blue-skying in Barcelona, too, about the potential of 5G. But there will also be a good deal of handwringing, over how to make this quantum leap without creating an untenable level of cyber risk.

And as essential as it is to develop secure approaches to 5G early in the game, observers note that it will be impossible to anticipate all of the threats that will emerge – the same goes for all of the innovations that 5G will bring. What is clear, however, is that mobile network operators will need to take a new approach to securing the 5G network. For all of the technological development and standardization work to date, there is still much to be done.