5G Cybersecurity

Adopting Private 5G Networks? Now, Think Security.

This is the second article in a two-part series on private mobile networks. Part one is about knowing your acronyms

The next industrial revolution, aka Industry 4.0, is on the horizon. Enterprises across a wide range of industries are already on it, including manufacturing, utilities, energy, mining and transportation systems. 5G technology is a key driver. And private mobile networks in particular promise more robust connectivity, acceleration of Internet of Things (IoT), as well as greater operational and financial efficiencies. This has many executives salivating.

But it has CISOs and other cybersecurity professionals worried. And for good reason, too.

That’s because as more data is captured on more mobile devices and shared over those networks, the number of potential vulnerabilities expands. Not only that, cyberattacks continue to become more innovative, more automated and more “defense-aware.” That puts added pressure on organizations to further harden their rapidly expanding private mobile network infrastructure.

Whatever technology is used to build and run your private mobile networks—4G/LTE or 5G—your journey to pervasive mobility is guaranteed to be a wild ride. There will be exciting benefits, like dramatic increases in performance, reliability and connections. But there also will be anxious moments when security professionals try to properly secure all those new mobile endpoints along the private mobile network.

It is cybersecurity readiness and preparation—more than concerns about spectrum availability, rollout timeframes and consistent latency—that has the greatest potential to shape the deployment and operation of next-generation private mobile networks.

The Brookings Institute summed it up nicely: “The adage ‘what’s everyone’s business is nobody’s business’ has never been more appropriate—and dangerous—than in the quest for 5G cybersecurity.” And make no mistake, the race to make next-generation private mobile networks the de facto foundation of enterprise communications is well underway.

“The Fourth Industrial Revolution encompassing industrial IoT and smart manufacturing is upon us, and enterprises seeking digital transformation are moving rapidly in embracing private mobile networks,” said Lakshmi Kandadai, director of product marketing at Palo Alto Networks. “A big reason why is that private mobile networks are becoming available globally, either through mobile operators or independently through a do-it-yourself approach using dedicated enterprise spectrum allocated by governments.”

Why Build a Private Mobile Network?

Research indicates that spending on private mobile networks built on LTE and 5G technologies will balloon from $4.7 billion by the end of 2020 to nearly $8 billion by 2023. That growth will undoubtedly be spurred by a range of both communications and industrial IoT use cases.

We’re not just talking about traditional high-rise offices and carpeted environments, either. Unique and potentially groundbreaking private LTE networks have been rolled out by global players like heavy equipment manufacturer Komatsu and Canadian mining giant Agnico Eagle, to name just two.

5G’s speed, reliable connectivity and high performance to fulfill industrial machine-critical needs make adopting private networks built on the technology so attractive. Add to those another key quality: 5G’s ability to support connection density at massive scale. That means industrial-scale IoT, spanning applications from robotic manufacturing lines to industrial sensor networks.

But as exciting as IoT is in driving increased economic value and access to real-time data in many different forms, it unquestionably brings substantial cybersecurity risks—risks that will surely materialize as 5G-based private mobile networks are deployed.

While there are clear benefits to deploying private mobile networks, the cybersecurity implications must be top of mind for all organizations. This is particularly the case when enterprises opt to build their own private mobile networks, according to Kandadai. “The emerging network architectures using private mobile technology vastly impact the network security postures for all industries,” she said. “These networks introduce new security risks to enterprises that, until now, were known only to mobile operators. Do these enterprises have the critical expertise skill sets and technology necessary to detect, protect and remediate against a surge of volume and variety of cyberthreats?”

Proliferating threats such as ransomware and spear-phishing campaigns have already become more innovative in design and execution. This is especially true in IoT environments because of smart devices’ limitations on memory, CPU and bandwidth to host security modules. In fact, IoT systems are often hard-pressed to meet the “secure by design” paradigm. As 5G-based networks support new workloads, there are so many more potential points of incursion by hackers.

“Cybersecurity becomes more important than ever to de-risk private network investments,” Kandadai said. “That puts a lot of pressure on network and security architects both inside enterprises and at operator and system integrators.”

Security Questions to Ask

Here are a few questions you and other business leaders should be prepared to ask when your CTO presents to the board their plans for 5G technology and private mobile networks:

  • How will we approach cybersecurity with our new network infrastructure, especially with emerging private mobile networks?
  • Do we have visibility into network traffic traversing private mobile networks for consistent security enforcement across the enterprise?
  • What steps are we taking in order to properly secure all the new connections accommodated by private 5G networks?
  • How will mission-critical applications be properly secured on cellular-based private networks?

5G technology—and whatever comes next—offers a lot of exciting potential to help your organization derive greater economic value from the data and services carried on your private mobile networks. Just don’t let it all be for naught by failing to properly account for the right cybersecurity strategy.

Mike Perkowski is an award-winning journalist who has written extensively about a wide range of technology topics for IT professionals, security experts and business leaders.