Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Delivering on the Promise of 5G Requires New Security Standards

In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training

In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training

5G has the potential to deliver incredible innovations — from smart cities to self-driving cars to advances in healthcare, manufacturing, and other key verticals. While 5G improves upon previous generations’ cybersecurity vulnerabilities, it also brings new risks:  

● 5G is software-defined. The increased role of software in 5G makes it more susceptible to dynamic, software-based attacks on the software that manages the network and the network itself. 

● 5G will accelerate IoT. Frost & Sullivan predicted there will be 67.7 billion IoT devices in service by 2025. Each of these devices represents expanding attack surfaces and potential entry points for cyber attackers to gain access to the network and its connected devices. This opens up a wealth of frightening possibilities for attackers — from taking over a webcam or manipulating sensor readings to far more serious implications like crashing a power station, shutting off a pacemaker, or even taking control of a car.

● 5G has a complex supply chain. 5G’s decentralized, open source foundation is made up of a complex, interconnected supply chain of networks (as recent high-profile breaches can attest), mobile operators, and suppliers that creates new opportunities for cyber attacks. 

Developing security standards across the 5G ecosystem

These fundamental network changes lay the foundation for innovation, but also create an expanded attack surface for dynamic, software-based cyber threats. As a result, in order to deliver on the promise of 5G, we need new industry standards for security, testing, and training.

The 5G ecosystem of mobile operators, device manufacturers, vertical industries, standards bodies (such as 3GPP), and regulators must come together to reassess current security standards and provide updated recommendations before 5G scales. These new standards should communicate steps that businesses can take to proactively combat 5G cyber threats and minimize risks, including the following strategies. 

Advertisement. Scroll to continue reading.

1. Build cybersecurity into the software development lifecycle

Security by design means integrating security measures into each stage of the software development process — from requirements, design, and implementation to testing and deployment. This philosophy focuses on proactively preventing breaches instead of reactively repairing them and is critical as the number of 5G-enabled devices and networks proliferates. 

Building security into software early and from the ground up not only mitigates risk, but creates more effective and reliable applications by discovering and addressing potential vulnerabilities.  This ensures security is always top of mind, helps identify potential design flaws early, and lowers overall development costs. Ultimately these important steps reduce potential risks for organizations and help to protect end users from breaches. 

2. Take a holistic approach to continuous testing

Security is never static.  Attackers are always looking for new vulnerabilities to exploit and the only way to stay ahead of them is through continuous validation.  While device penetration tests are valuable, they overlook two major factors: the network infrastructure and networking blind spots. Additionally, penetration tests are only valid for a limited period of time; results become outdated after changes are made to the device software, the network configuration, or security policies. 

5G security standards should include the implementation of breach and attack simulation, using automated tools that are regularly updated to detect the latest threats. Continuous testing goes beyond a simple penetration test and should include a full suite of attack vectors, helping to expose vulnerabilities throughout the network’s core and edge — covering both security gateways and endpoint devices. As dynamic attacks continue to shift in a 5G environment, a continuous testing strategy dynamically minimizes risk. 

3. Develop comprehensive training for cybersecurity teams 

Learning how to manage the high-stress situation of a network breach is critical for security teams today. As part of the 5G security standards, security teams should undergo hands-on security simulation training so they can know what an attack looks like and practice responding to it before it happens.

Cyber range environments offer realistic, virtual attack simulations using the actual network equipment and systems used by the team every day. In these exercises, team members are assigned roles on the “defender” or “attacker” teams, and practice detecting and containing attack vectors, evasions, good traffic, and attack life cycles in a simulated hostile environment. These exercises enable cybersecurity teams to learn key lessons that dramatically improve their ability to thrive under pressure in the event of a real breach scenario. 

Redefining security standards for the 5G era

In order to stay ahead of the evolving landscape of 5G vulnerabilities and threats, mobile carriers, suppliers and businesses need to implement new security, testing, and training standards across their organizations. With industry cooperation and collaboration, this new security framework will proactively protect 5G users and deliver on the near limitless potential of 5G.

Written By

Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before becoming Keysight’s CMO, Marie was CMO at Ixia and at Check Point Software Technologies. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio and helped drive the company’s leadership in networking. Marie also worked at Nortel Networks, Alteon WebSystems, and Shasta Networks in senior marketing and CTO positions. Marie received a master’s degree in Business Administration in Marketing from York University and a Bachelor’s degree in Electrical Engineering from the University of Toronto.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...