This post is also available in: 日本語 (Japanese)
Managing the security of telecom networks and the data that runs on them is a challenge, particularly in the context of the evolution to 5G. Due to its compelling value proposition as a major driver of business transformation, 5G adoption is growing rapidly across numerous industry verticals worldwide – bringing a new threat landscape.
When it comes to 5G cybersecurity, some stakeholders focus on the trustworthiness or security of particular technologies or vendors in the network and consider excluding them accordingly. While vendor supply chain security is important, this narrow approach does not account for how telecom networks are architected and operate, nor the full picture of cybersecurity threats and risks to networks and end-users. As a result, this approach does not enable effective management of all risks.
Telecom networks have undergone a large technological shift, leveraging more types of technologies than ever before, which has radically changed the necessary approach to security.
Traditionally, networks were largely composed of physical equipment, such as hardware switches and routers, often placed in operator-controlled physical premises with dedicated communications links. Today, while physical elements still exist, networks have evolved radically. They are dynamic and scalable, largely software-driven, virtualized and decentralized, as well as cloud-ready, and many operators prefer a multi-cloud strategy. Today's telecom networks "mix and match" multiple vendors from across the globe, producing various technologies that must be integrated seamlessly. Examples of technologies in today’s 4G/5G telecom networks include diverse hardware such as networking and storage; software to enable business service functions like fulfillment, service assurance and operations support; and cloud technologies.
The massive increase in network connectivity, move to software-driven networks, and emergence of new types of applications pose expanded security risks for both telecom operators and their end-users/customers. At the same time, cyberattacks on network infrastructure, applications, services and operators’ customers/end-users (enterprises) continue to grow in volume and sophistication. Threats are amplified in 5G, where attacks leverage 5G speeds and there are many new points of attack as IoT devices proliferate.
Given the facts outlined above, we must revisit the conventional approach to the security of telecom networks, especially as they become increasingly virtualized. While individual information and communication technologies (ICT) vendors remain responsible for securing their own proprietary hardware, software or unique offerings deployed in a network, telecom operators have the ability to secure the network infrastructure and communications/data traversing networks. Further, security of the device and communications traffic is imperative.
Proven, state-of-the-art security tools and capabilities are available to operators to secure today’s complex network infrastructures, communications, and data, regardless of underlying technology or vendor in the network. Important functionalities of these tools and capabilities include:
As government policymakers seek to address concerns about cybersecurity in 5G networks, they should encourage the use of state-of-the-art, scalable security tools and capabilities that can secure modern telecom networks, communications and data regardless of the underlying technology or ICT vendor in the network; promote and incentivize ICT vendor best practices and transparency; work with vendors that are open to shared responsibility and demonstrate best practices; and promote automated sharing of actionable cybersecurity threat information.
Read more details on all of the above points in our 6-page position paper, “A Comprehensive Approach to Securing 5G Networks and Data.”