5G is expanding faster than all previous mobile technology generations. The latest figures from mobile industry research firm GSMA Intelligence predict that 5G consumer connections will double over the next two years, from one billion at the end of 2022 to around 1.5 billion in 2023, before reaching two billion by the end of 2025. The Asia-Pacific region, in particular, is a crucial 5G growth market, says Dmitry Kurbatov, co-founder and CTO, SecurityGen.
After investing billions in 5G spectrum licences and network infrastructure, operators are prioritising getting their 5G networks up and running. They’re eager to launch 5G services for subscribers and businesses so that they can offer better services and seek returns on their investments as quickly as possible.
But in this rush to roll out 5G, operators cannot overlook security as an afterthought. Even at this early stage of the 5G rollout, operators should regard the security of their new networks as essential to the success of their business. Adequate security measures that safeguard the network and protect customers from malicious attack lets operators deliver safe connectivity and services and generate revenue.
Operators generate significant revenues, serve millions of customers, and store and carry enormous volumes of data. It’s these factors that make them high-value targets for cyber-criminals. It’s for this reason that, far from impeding operators, effective security is actually a core component for enabling and sustaining their business.
Mobile network security should be everybody’s responsibility
First things first – Security needs to be accepted as a business enabler rather than a hindrance to business. It is crucial to listen and understand the network and business team requirements and integrate cybersecurity into the whole business function. This co-ordinated, unified thinking internally between the teams responsible for different functions is crucial. Because if vulnerabilities in one part of the network are overlooked or not properly investigated for the potential impact they could have on the entire network.
Overcoming this problem calls for a change in mindset that starts at the top. Operator leadership teams should recognise that cyber-security is fundamental to the functioning of their network and, therefore the performance of their business, in terms of reliability, guaranteed service quality and customer experience. It is essential to ensure security is not a cost centre but aligned to the business objectives to help its growth and sustainability.
Make network security a prime concern for vendors
Another critical factor in improving network security and reducing risk is for operator procurement teams to emphasise safety when discussing network equipment requirements with infrastructure vendors.
When vendors develop new infrastructure equipment, they do so according to what their operator customers ask for whether that’s interoperability between different network generations, optimising capacity for faster content streaming or delivering coverage to a wide geographical area.
However, through no fault of their own, vendors don’t always have the necessary experience and expertise to identify hidden risks and vulnerabilities in the security of their products, which might only become apparent after they’re installed into the network and begin interacting with other components.
Thus, operators need to add cyber-security to the list of requirements for their new network hardware and discuss the subject in detail with vendors to understand what security measures they can realistically provide. One step in this direction could be incorporating industry guidelines 3GPP, GSMA, ENISA in your RFPs and discussing these with vendor partners across varied stages of 5G deployment – discussion, deploying, commissioning.
Prioritise threats, mitigate risk
Another challenge is recognising the network’s most pressing and urgent security concerns. Accurately verifying potential threats means operators can prioritise them: they can then focus on these actual threats and not waste time, effort and resources searching for and resolving issues that don’t pose any real danger. It is crucial to find out which are the major cyber issues validate the threats that can become breaches due to exploiting certain deficiencies.
By identifying and neutralising genuine stand-out threats, operators mitigate the danger to their network and, by extension, the potential damage to their customers, brand and business.
5G security in the real world
5G was developed with improved protocols to address the gaps and errors present in previous generation networks and make it the most secure network generation to date. But even if operators make full use of the security specifications and mechanisms included in 5G, there are no guarantees that their network cannot be breached.
What’s clear from our research working with operators is that errors in equipment configurations are common, which go on to have potentially grave consequences for the security of their networks and subscribers.
Thus, to properly safeguard their 5G networks, operators need additional automated systems for continuous assessment, control, and filtering: plus, regular security audits to identify new potential vulnerabilities as they emerge.
Lastly, as with any new technology or concept there is a need to study telecom technologies and explore the environment. And the same applies to 5G. The telecom security teams need to test, understand, and better prepare and protect against the security vulnerabilities associated with 5G. But given the limitation of real-5G environments, 5G cyber-labs with telco-specific simulations and apparatus could help the telco security teams – with test beds to plan and prepare better for their 5G security requirements.
Operators should regard telecom security as an ongoing process that requires constant vigilance and complete visibility of their network infrastructure. Security teams must continually update their procedures and policies to confront current risks and threats and prepare for new ones emerging with the growth of 5G and the ecosystems of third parties working together on 5G products and services.
The author is Dmitry Kurbatov, co-founder and CTO, SecurityGen.
Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus
