5G wireless networks are coming, and so are the security threats. By now you’ve undoubtedly heard about, talked about and thought about what the World Economic Forum has coined the “Fourth Industrial Revolution” that will take our industry by storm, transforming business models and network infrastructures, and enabling technologies and applications that just a few years ago were solely those of science fiction films.
But as they say, with great power comes great responsibility, and it’s crucial for enterprises to establish an effective and scalable security architecture before these new networks are deployed into the mainstream so they can deploy new applications and maximize their business potential with confidence with regards to 5G.
Faster and More Connected Everything … Including Cyberattacks
5G brings the promise of a highly connected future. And with faster speeds, lower latency and more reliability, and more devices connecting and communicating than ever before, what could possibly go wrong?
With this next generation of mobile broadband enabling faster and more connected everything will also come faster and more connected cyber attacks. As with any new and shiny introduction to the industry, security cannot get lost in the excitement and deemed an afterthought.
5G is still new and evolving and therefore the majority of the potential security vulnerabilities have yet to be discovered. For example, recently, researchers from the Technical University in Berlin, ETH Zurich and SINTEF Digital Norway, discovered (PDF) a vulnerability with the 5G network that affects Authentication and Key Agreement (AKA), which is how a phone securely communicates with cellular networks. This vulnerability allows cybercriminals to steal information from 5G airwaves, such as calls and sent text messages.
This shouldn’t come as any surprise as it’s only the tip of the iceberg. History has shown us that whenever we expand our computing power and connectivity capabilities, we also expand the threat landscape. Not only that, but as we continue to increase our dependency on communications networks and technologies to move tremendous amounts of data, we open up greater potential for serious disaster should they be compromised.
Utilize the 5G Runway
As we are still in the early stages of 5G technology, there are many unknowns when it comes to all the changes that can result. And while enterprises cannot be prepared for everything, they can be proactive by focusing on and investing in a solid foundation when it comes to their network security, and altering their mindset to see security as a way to enable strategy and progress rather than a detriment to innovation, to ensure they’re ready and waiting when the 5G wave hits. Fortunately, enterprises have a runway right now to do so.
• Audit infrastructure and management techniques: Organizations cannot remain reliant on legacy management techniques and security architectures that are dependent on disconnected and uncorrelated security products with management of platforms in various different places. The image of the security engineer managing nine different consoles at once is outdated. Solutions that do not ‘play well’ with others need to be updated or removed altogether, with future investments only being made in technologies that allow for customization and integration. Being able to leverage the data across solutions is also key here – a breach is likely to occur across different parts of the organization, so having a consolidated picture of the current security posture will be invaluable in fast identifying and remediating threats. Too many existing solutions do not work well with others, and this results in ineffective security. But, at the same time, the ‘ripping and replacing’ of security architecture is costly, ineffective and shoud not be considered as an option.
• Improve automated threat detection and mitigation capabilities: We are at an arms race with cybercriminals and effective 5G security will require actionable insights at cloud-scale. As enterprises transition to cloud-based architectures, the need for fast and elastic protection from advanced threats grows. Organizations need security that detects and automatically enforces security policy from endpoints to edge, and every cloud in between. It’s going to be a balancing act for any enterprise as they need to keep abreast of new security threats and tactics, but also maintain high awareness of what’s already out there and threatening their organization.
• Update response plan: Security breaches happen. Crossing your fingers and hoping one won’t happen to you is not the wisest course of action. How you respond in the event of a breach plays a big role in how much damage is done, so it’s important to hope for the best and prepare for the worst. Instruction on How to develop a response plan could easily form the content for a complete book, but one of the best pieces of advice I can offer is to align it to an existing industry standard such as the NIST framework. This has been developed by the US National Institute for Standards Agency and includes information on best practices to detect, identify, respond to and remediate threats. And, because the process is cyclical, this means that best practices for remediation are always fed back to the start for constant improvement and education. Make sure your response plan is up-to-date and ready to recover in the worst-case scenario.
• Don’t disregard MSSPs: MSSPs offer cost and time savings by allowing ourganizations to outsource their security functions. When the 5G transformation takes hold, there will be a lot for your oganization to keep track of and there’s no denying that things can easily slip through the cracks – but, even the smallest miss can lead to a serious security snafu. Managed security service providers (MSSPs) are ready and equipped to help monitor and manage your infrastructure so you can focus on larger issues at hand and let your security practitioners focus on the most critical issues at hand.
Long story short, preparation is key to ensuring a successful and secure transition to the era of 5G. Take advantage of this runway period while you can.
Laurence Pitt is Global Security Strategy Director at Juniper Networks. He joined Juniper in 2016 and is the security subject matter expert for the corporate marketing team. He has over twenty years of cyber security experience, having started out in systems design and moved through product management in areas from endpoint security to managed networks. In his role at Juniper, he articulates security clearly to business and across the business, creating and having conversations to provoke careful thought about process, policy and solutions. Security throughout the network is a key area where Juniper can help as business moves to the cloud and undertakes the challenge of digital transformation.
Tags: 
