5G Tower

Opinion: Staying Secure Through 5G Migration

The deployment of 5G technology will transform the Internet of Things. But telecommunications providers require security solutions and platforms built to manage them, writes Brian Trzupek is SVP of Emerging Markets at DigiCert in this thought leadership article.

Communications service providers (CSPs) are on the cusp of a new era of opportunity. After several years of hype, 5G is growing fast—and introducing a need for new solutions to maintain security and compliance. The global 5G services market is expected to grow at a compound annual growth rate of 43.9% from 2021 to 2027 to reach $414.5 billion by 2027.

“Despite investment growth rates in 5G being slightly lower in 2020 due to the COVID-19 crisis (excluding Greater China and Japan), CSPs in all regions are quickly pivoting new and discretionary spend to build out the 5G network and 5G as a platform,” said Kosei Takiishi, senior research director at Gartner.

[Read Brian’s recent opinion piece: PKI Points the Way for Identity and Authentication in IoT.]

Security and Compliance Remain Critical

As they seek to set themselves apart in a competitive marketplace, CSPs are moving toward more 5G architectures based on cloud native architectures and DevOps principles. A DevOps approach helps them realize improved performance, innovation and flexibility and roll out the service offerings they need more rapidly and at a reduction in cost and complexity. However, 4G infrastructures are fundamentally different from 5G, with distinct architectures and their own unique security challenges, which makes this transition and the associated security challenges more difficult for CSPs.

Brian Trzupek
Brian Trzupek is the SVP of Emerging Markets at DigiCert

The 3GPP specification for 5G networks offers what some may see as a bit of a contradiction in using dynamic provisioning of assets and strong authentication for those devices. This can often be a hurdle for the CSPs because they do not control the software that is deployed on other containerized 5G critical devices from 3rd party vendors. Because of this, they need a solution for automating this strong credential management across an ever-changing landscape of infrastructure.

Agility and support for rapid customization are at the heart of 5G infrastructures. Built to scale dynamically, these environments are highly virtualized, cloud-native and designed to enable CSPs to quickly develop and deploy new services to respond to fast-changing customer demands, and launch new products with ease. To protect them and maintain compliance, providers require security solutions and platforms built to keep pace with modern, dynamic business models.

Report: Critical Infrastructure Cyber Attacks A Global Crisis

In contrast, 4G architectures were developed primarily in physical environments, using relatively basic authentication. They often lack flexibility and require a significant investment in capital to scale up to support new service offerings.

Although they represent different generations of technology, 4G and 5G environments both have common security and compliance requirements. They need to provide peace of mind and operational integrity for CSPs that face growing legal and regulatory mandates. At the same time, they must deliver flawless, dependable performance at scale on massive networks—where network load can be highly variable. This is no easy feat.

A Unique Threat Landscape

As soon as any new technology emerges, security issues rapidly arise to take advantage of its unique vulnerabilities. One use case that enables 5G to truly shine is the IoT, because the technology offers dramatically higher bandwidth and can readily take on large volumes of users, devices and sensors. Unfortunately, IoT is also drawing the interest of hackers and other bad actors, because additional connected devices mean more possible targets. According to Nokia’s Threat Intelligence Report 2019, IoT bots made up 16 percent of infected devices in cloud service provider networks, up from just 3.5 percent the previous year.

“We’re going to see these IoT botnets get larger and start to do more significant damage,” said Kevin McNamee, director of Nokia’s Threat Intelligence Lab. “They are branching out and becoming more sophisticated and the techniques they are using to spread malware are becoming more sophisticated.”

Maintaining Legal and Regulatory Compliance

Compliance is also a constant concern for CSPs, which must be ready to respond to law enforcement if they are served with legal requests such as the Foreign Intelligence Surveillance Act (“FISA”) orders. To accommodate a lawful intercept decree or similar action, they must be sure that their network that houses the relevant information will maintain full data integrity, including robust authentication and secure transport.
Maintaining the integrity of data and operations is also key for a CSPs reputation and revenue because even a brief breach can put sensitive customer data and communications at risk. The stakes are high, as initiatives like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have elevated the importance of maintaining data privacy.

To achieve their 5G transformation, telecommunications providers require security solutions and platforms built from the ground up for modern, dynamic business models. Public Key Infrastructure (PKI), backed by a modern digital certificate management platform, delivers the strong, scalable, flexible security CSPs need to step into this new world.

Making the Leap to 5G Securely

A proven, widely-adopted technology, PKI enables providers to create more trusted, secure environments through identity. It offers reliable encryption, ensures data integrity and provides support for device authentication at large scales, to enable an extremely high level of trust throughout a wide range of environments, including 5G.

Administrators can set expiration dates for PKI certificates or revoke access to users and devices at any time. When paired with a device manager, PKI technology also lets CSPs provision and embed device identity throughout any environment, at any point in the device lifecycle. An effective management platform for modern PKI should offer:

The ability to scale easily to accommodate growing and changing 5G environments, with support for a variety of leading certificate management protocols like EST, RESTful API and CMPv2.

Solid, dependable IoT security that creates a root of trust through PKI for encryption, authentication and data integrity. With a platform designed to manage certificates at a massive scale, a CSP can gain full visibility over certificates issued to devices and easily assign and manage device identity at any stage of the lifecycle. The system should be able to manage security from the silicon manufacturing out to IOT edge devices.

The ability to conform to legal mandates and comply with regulatory requirements. With an effective management platform, providers can bring together a variety of tools that can support broad operational integrity. By bringing together metadata from multiple sources, they can also gain the added insight they require to better support device management.

As the 5G transition takes shape all around us, it’s up to CSPs to move fast to take advantage of the many opportunities it’s creating. It’s also more imperative than ever for providers to take steps to ensure that their new infrastructures remain secure, available and compliant, to deliver a superior customer experience and minimize risks. With a modern, fully manageable PKI platform, CSPs can move forward with confidence, knowing that their updated environments will deliver the scalability, trust and speed they need to minimize risk as they move forward.

(*) Disclosure: This article was sponsored by DigiCert. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

Tags: ,