Hidden Security Considerations When Moving to 5G
The newest generation of wireless technology comes with several transformative advantages, as well as some pitfalls.
The next generation of wireless technology is rapidly rolling out across the country. Called 5G or 5th generation, it promises a jump in speed and reliability that will enable mobile devices to act more like desktop computers connected to a wired network. Most experts say that the changes will be even more pronounced with 5G than they were when we moved to 4G, which was responsible for the explosion of the mobile applications and services that we enjoy today.
The advantages of 5G wireless in government will also be transformative, with the military seeing a lot of potential gains. The military will be able to, for example, put thousands of sensors, drones, autonomous vehicles, warfighters, IoT devices and nearly everything else onto a 5G network, without worrying too much about bandwidth constraints. That is one of the reasons why the military has taken a leading role in 5G adoption.
There are also some inherent advantages when it comes to the security of 5G networks. For example, most of the data traffic on a software-based 5G network can be routed through an IP tunnel, which is encrypted by default. The DOD can then layer even more security on top of that without worrying about clogging up the bandwidth of a 5G network. But even with better bandwidth and enhanced native security, there are a few potential hazards. I talked with an expert working in this field who wanted to make sure that a few specific 5G security concerns were not overlooked as we continue to push forward with the new technology.
Stefan Pracht is the senior vice president of product marketing for Axellio, a company that is known for being an innovator in high-speed, no-loss network traffic capture, distribution and analysis. In other words, they are experts at analyzing how traffic moves safely through a network, and how it might also run into problems.
NextGov: Before we talk about the potential pitfalls of 5G, perhaps we best reiterate the advantages of being able to bring together so many devices and applications within a 5G network. This situation within the military is probably best described in the US DOD Joint All Domain Command and Control (JADC2) program.
Pracht: The JADC2 combines applications and sensors from all military services into one unifying network to allow for information sharing to drive faster response. This will address the DOD concern that current command and control programs are too narrowly defined, too complex and too siloed in their approach.
NextGov: And JADC2 would probably not work right under 4G?
Pracht: Unlike 4G, which is predominantly used for mobile phone communication, 5G technology can interconnect a wide variety of endpoints, from traditional mobile phones to sensors and control devices of all kinds, often referred to as Internet of Things, plus the Military Internet of Things, and vehicle communication.
5G may enable militaries worldwide to deploy and operate networks while sharing their infrastructure and data quickly and easily across a nation’s military services or even across allied national militaries more quickly and easily.
NextGov: Can you explain why 5G is also more secure?
Pracht: Typical 4G networks had a different approach to security which has been exploited by threat actors, at billions of dollars of losses for both service providers and users. In addition to being vulnerable to denial of service attacks due to their overall architecture, subscribers could be tracked, or IDs could be stolen, due to the lack of the initial authentication not being encrypted.
Even though 5G has implemented a lot of the 4G network architecture, it has taken a much more comprehensive, end-to-end delivery and security approach. 5G also defines Software Defined Networking and Network Function Virtualization for the network transport, allowing for multiple layers of security that prevent the 4G exploitations.
This approach provides the flexibility and security required to configure the routing paths through dynamically configured virtualized network functions for highly versatile and extremely mobile end-devices communicating with a highly distributed and similarly dynamic application environment.
NextGov: Okay, all of that sounds pretty good. So what is the weakness you have found in 5G?
Pracht: The biggest challenge for 5G networks is also its strength—significantly more devices, more diverse applications and services are carried over the same network, providing a much broader attack surface. And with many of those devices being non-traditional end-devices such as sensors and military or other IoT devices, traditional security paradigms, such as keeping Operating Systems up-to-date and installing end-point protection, are no longer feasible.
NextGov: What are some specific problem areas that are making secure 5G networking more challenging? Can you break this down into specific points for us?
Pracht: Yes. While 5G is probably the best example of end-to-end security being built into every part of its definition, its Achilles heel is that this is a fundamentally more secure, but also a different approach to networking and application delivery, and to securing communication.
[The challenges, according to Pracht, are as follows:]
- First, vendors are not ready. Delivering these 5G networks takes a diverse set of suppliers. But lack of standard interfaces and immature technology makes this difficult. Most required technologies, if available, are often vendor-specific, custom solutions targeting certain verticals and use cases. And standard and open-source software offerings are very immature at this point.
- The virtualized and cloud characteristics of 5G create new visibility challenges. IT operations departments still struggle to get visibility into most commercial cloud and virtualized environments to configure, maintain and secure today’s environment. Adding the scale and complexity of 5G networks will not make this any easier.
- The massive increase of end devices and traffic will easily overwhelm today’s network and security monitoring approaches and solutions. Enterprises are already challenged by the amount of data that networks are producing for analysis today—and 5G networks will exponentially increase the available metadata.
- End-to-end encryption, especially TLS1.3-based, will make traditional monitoring approaches obsolete or significantly weaken their value. Concepts like application and network traffic flow analysis or network detection and response are very much dependent on visibility into TCP and even some of the application layers. Encryption will render a lot of this information inaccessible for analysis applications.
- Interconnecting end-devices not initially designed for connecting to communication networks, are often designed by vendors that have expertise in the primary technology—such as building drones—but not in implementing wireless communications for swarm computing and analysis. This introduces vulnerabilities that traditional communications vendors are well aware of and avoid.
- There is a lack of wireless technical skills, expertise and headcount for development and operation, in both vendors as well as commercial enterprises and defense organizations. 5G is an extremely complex amalgamation of leading-edge wireless, networking, security and application infrastructure technologies. As we are currently experiencing in cybersecurity, demand for this expertise easily outstrips supply, and education is fragmented at best.
NextGov: How do you think that those concerns can all be overcome?
Pracht: Government and especially defense projects often force diverse organizations to work together to address issues, by providing research and development funding and an environment that fosters cooperation. However, we need to be careful that we are not falling back to building vertical solutions that only solve the communications problem in one area, defeating the purpose of a unifying network.
Many of the other wireless technologies, especially 3G, 4G, and 802.11 wireless have only solved the wireless transport problem. And even as they secured the wireless transmission, all the communication going across this transport has left security to the endpoints and the network as a whole. The more comprehensive, end-to-end, and modular security approach of 5G is something that any network, not even just wireless networks, could benefit from. With 5G, it even has built in the ability to integrate 4G access networks into the overall concept to allow for a more gradual evolution.
NextGov: So despite these concerns, you feel that government can move ahead safely and securely with 5G?
Pracht: As I mentioned before, government and defense projects can be a huge enabler by providing guidance, motivation and funding. Service providers have given us the essential 5G wireless access technologies and some of the initial network infrastructure, but applying these to commercial and military solutions that go beyond higher-quality consumer YouTube videos will drive our next industrial revolution.
John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys