5G is today the buzzword in the telecom industry. With new technology comes the fear of the unknown. 5G will surely present many benefits to its users, but as with any new technology, cyber criminals will be ready to exploit its weaknesses and as such, experts must evaluate the risk of 5G connectivity and how it may directly or indirectly impact the user. It’s not only that 5G brings new threats, but existing ones might undergo considerable lateral expansion and amplification.
In an exclusive interview with Telecom Review, Andre Fuetsch, President and CTO, AT&T Labs exposes insights regarding this matter.
5G wireless technologies are promising faster speeds and greater reliability. However, there appears to be a growing consensus within the ICT ecosystem that there are a number of security concerns that need to be addressed before 5G networks are launched. As the VP of Security Architecture of a major operator, can you tell us what your views are on the security vulnerabilities and challenges of 5G?
5G networks will enable revolutionary advancements in connectivity and AI. These advancements will enable us to more quickly and effectively identify and address cyber threats, but we expect they will also create opportunity for bad actors as the cybersecurity arms race continues to evolve. We expect the volume of data traversing an operator’s network to be 10x the amount traversing the 4G network today. This would likely translate to a wider attack surface and cybersecurity vulnerabilities.
When it comes to preventing and addressing cyber threats, our migration to SDN actually enhances our security posture in terms of prevention, detection and mitigation of threats to data at rest, in transit and in storage as well as to devices. Additionally, enhancements in 5G standards will provide additional security and privacy counter measures. One example is the Subscription Concealer Identifier feature which will preserve the device identify and help to mitigate many of the currently known risks. We continue to implement security controls at the edge of the network to protect against vulnerabilities from the devices such as certifying devices for use on the network and implementing DDoS protection at the edge of the network.
That being said, when 5G reaches full deployment, device manufacturers will play a critical role in securing the billions of connected devices anticipated. Collaboration between the network operators and device manufactures will continue to drive a holistic approach to security.
What does ‘secure’ mean to you? Is your 5G network ‘secure’ when you get approval from your government, or perhaps a governing body like the GSMA?
For us, a “secure” 5G network is one that adheres to established, industry-wide security specifications and standards as well as having the people, processes and tools in place to effectively detect and respond to known and unknown cyber threats. We’re embedding security directly into the design, architecture and functionality of our software-defined (SDN) network on day one of full 5G deployment, which enables us to be more agile as new attack vectors are identified. We can more quickly detect threats, patch vulnerabilities, and ultimately prevent attacks from being successful.
Our new SDN, powered by the Open Network Automation Platform (ONAP), puts us in a unique position to address cyber threats at the 5G Radio Access Network (RAN), core, and edge of the network.
Here are some examples of the emerging security capabilities powered by our SDN and ONAP technology:
- Virtualize our security controls which enable us to dynamically orchestrate security across the network at a global scale.
- Automate security policy throughout the network utilizing machine learning technology which is an integral part of our best in class threat analytics platform.
- Improve agility by creating technology that automates the process of instituting firewalls and micro-perimeters to protect applications, and deploying technologies that help to prevent lateral movement from attackers.
- With security embedded in the network and utilizing our SDN network, we are able to dynamically detect and mitigate threats within the mobile RAN, core, and edge networks.
- Our DDoS mitigation capabilities allow filtering and scrubbing of attack traffic within the network in a highly-automated fashion - without customers having to deploy or manage any infrastructure.
We know that 5G is going to be a ‘key enabler’ for driverless vehicles and autonomous transportation. However, if those connections are not secure, then the risks will be immense. How do you determine your 5G network is verifiably secure? What tests and research will you conduct to ensure the network is bullet proof from potential threats? What’s the best way to achieve verifiability and transparency in this process?
There is no bullet proof combination of processes, tools and technology, no “silver bullet” when it comes to cybersecurity. We are applying more resources and technologies than ever before to protect our network and its users from both known and unknown cyber threats, including use of machine learning-based automation to detect and respond to threats. In fact, with more than 242 petabytes of data crossing our network every day, we analyze approximately 670 billion flows of network data, identifying roughly 110 billion potential probes for vulnerabilities across our global IP network every day.
How long does the 5G network need to be secure for and what category of threats is it tailored towards combating? Some industry experts believe that if we want 5G networks to be secure for more than three years, then we need more research. Do you subscribe to this viewpoint?
Our approach to security, including 5G security, is evolving to respond to new attack vectors. Security will be embedded from day-one, based on standards-based security features and our unique combination of security platforms and capabilities. We are committed to securing 5G, and since 5G is an evolving technology, additional security vulnerabilities and risks may be discovered as the design evolves. We will continue to proactively research and assess potential 5G security threats and develop corresponding security controls to mitigate emerging risks.
As any technology ages, moving from new to legacy, we see an increase in the number of security vulnerabilities discovered, and the same can be said about wireless network technologies. The 5G standards communities have introduced the Subscription Concealed Identifier (SUCI) to conceal/encrypt and protect the 5G Subscription Permanent Identifier (SUPI) also known as the IMSI. This feature mitigates the risk of IMSI catchers currently present in previous generation wireless technology.
Similarly, we’re evolving our award-winning, proprietary security platforms to enable the distributed security needed to help mitigate the risk of Distributed Denial of Service (DDoS) attacks at the edge of our network from the anticipated billions of devices that will connect to our 5G network. Our DDoS detection and mitigation platform will evolve to help protect against vulnerabilities in massive IoT devices connected to the edge of the network. This feature will effectively help block malicious traffic at the edge of the network.
In your expert opinion, what is the most complex and acute cybersecurity challenge for operators seeking to commercially deploy 5G networks?
Over the past 143 years, we have become a technology leader across telecom, advertising and entertainment sectors, with a huge subscriber base that includes consumers, businesses, first responders and government entities. As a result, billions of devices will be connected to our network in the next few years. We therefore uniquely face a sincerely complex cybersecurity challenge: helping to protect not only our 5G network backbone, but also our subscribers and customers from various cyber crimes and denial of service attacks.
To address this cybersecurity challenge, we are taking a “defense-in-depth” approach. This approach includes embedding various controls within the network such as compliance auditing, micro-perimeter, and automated security policies. We are coupling these embedded policies with security platform innovation and enhancements to do truly real-time monitoring, alerts and response activities when anomalies are detected.