Enhancing 5G security for the cloud

With 5G’s faster speed and lower latency comes a need for enhanced security measures to protect against cyber threats. 5G America’s white paper explores the evolving security landscape of 5G in the cloud and the measures being taken to ensure the safety and privacy of data transmitted over 5G networks.

It is imperative for the mobile communications industry to continue security innovations, as breaches threaten to weaken critical infrastructure and present material risks to mobile network operators (MNO) and their suppliers. “Evolving 5G Security for the Cloud” explores the following key topics:

•  Introduction to risks and mitigation in 5G cloud deployments
•  Secure 5G deployments in hybrid cloud environments (shared responsibility models & hybrid cloud deployments)
• Evolving technologies for securing 5G cloud deployments (runtime security, confidential computing)
• 5G supply chain security (software supply chain risks, software supply chain for the cloud, and network equipment security assurance)
• Secure deployment methods for roaming and Security Edge Protection Proxy (SEPP)

MNO responsibilities for tightening 5G-cloud security

With the inclusion of virtualized and cloud-based Radio Access Networks (RAN) in the 5G ecosystem and Core deployments, the possibility of both additional security benefits and security risks are heightened. Cloud deployments present an expanded attack surface with internal and external threats to 5G networks, requiring a zero-trust mindset to secure those networks.

While the MNO can delegate responsibility for security controls to the cloud service provider (CSP), the MNO is accountable for the security posture of the deployment. Hybrid Cloud deployments, such as Multi-Access Edge Compute (MEC), pose additional security risks due to the responsibilities retained by the MNO in the Cloud Shared Responsibility Model. The MNO is always responsible for the configuration of CSP-provided security controls, including firewalls and access management, data protection from exposure and leakage, and scheduling and execution of software patches and upgrades. The MNO must validate configurations, use secure versions of APIs and protocols, and assign privileges to access workloads and data.

Safe software for a safer 5G cloud

A secure 5G cloud deployment ought to be built upon a secure 5G supply chain that includes software vendors and cloud service providers. The cloud can potentially introduce increased supply chain risk due to virtualization, increased use of open-source software, and a larger array of third-party vendors. MNOs, therefore, have to ensure that 5G software vendors implement secure software assurance with a shift-left philosophy, that integrates security into the software development process, continuous integration/continuous delivery, and DevSecOps (a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications) early in the software development lifecycle.

The Software Bill of Materials (SBOM), for instance, provides a comprehensive view of the third-party commercial and open-source components which are incorporated in a product. The SBOM can be utilized to identify known critical vulnerabilities inherited from third parties and affected products when new vulnerabilities emerge. The GSMA association’s Network Equipment Security Assurance Scheme (NESAS) assessment is a valuable tool to ensure the 5G software vendor is following the industry’s best security practices.

In addition to these technical measures, the industry is also taking steps to improve the overall security of 5G networks through the use of secure software development practices. This includes the use of secure coding practices, testing, verification processes, and regular software updates to address vulnerabilities. Even third-party applications in the O-RAN ecosystem, called rApps and xApps, could introduce additional risk to the supply chain. The Service Management and Orchestration (SMO) platform vendor and MNO ought to practice due diligence to ensure rApps and xApps are trusted, securely on-boarded, and designed with proper security controls for integration into the ecosystem.

Protecting against DoS attacks

The cloud has great promise for 5G use cases, which can be realized when the software products have security built in and deployments are securely configured to establish a foundation for secure 5G use cases. A step-wise approach should be taken to achieve a Zero Trust Architecture for 5G deployments in the cloud so that network functions, interfaces, and data are protected from external and internal threats.

Another important aspect of 5G security is the need to protect against denial of service (DoS) attacks. These attacks involve overwhelming a network or system with traffic, rendering it unusable for legitimate users. To prevent DoS attacks, 5G networks are implementing advanced network management and traffic shaping techniques, as well as implementing measures to detect and mitigate malicious traffic.

Conclusion: Ensuring the Security and Privacy of 5G Networks

In conclusion, the security of 5G networks is of paramount importance, as the increased connectivity and speed of 5G technology make it a prime target for cyberattacks. To address this, the industry is focusing on the development of secure network architectures and protocols, the implementation of measures to prevent DoS attacks, and the use of cloud-based security solutions to protect against potential threats. As 5G technology continues to evolve, so too will the measures being taken to ensure the security and privacy of data transmitted over these networks.