Narrowband communications systems, which are used in public safety and critical infrastructure, are considered very secure and resilient. This is mainly due to their closed private nature. Moving to 5G networks presents huge opportunities for new services and the creation of value, but those broadband and open networks also introduce mission-critical systems organizations to a new world of cybersecurity risks that they need to prepare for. Indeed, those networks introduce digital internet protocols (IP) into critical communications systems, which must now share the physical infrastructure with other less critical government agencies, but also private companies and public individuals. However, contrary to the usual internet environment, human lives are at stake during mission-critical operations. Such organizations cannot take unnecessary risks nor assume they are safe without proper assessment. For this, they need to find and engage trusted partners with both experience in mission-critical systems and cybersecurity. Such partners are capable of: Covering for the growing shortage of cybersecurity skills, as various reports show, the most prominent being the annual (ISC)2Cybersecurity Workforce Study. Bringing their extensive experience in cybersecurity systems integration. Leveraging their knowledge of mission-critical systems as per customers’ specific requirements. The delicate combination of cybersecurity expertise and customer intimacy will be critical in balancing 5G security risks versus the higher resilience, safety and business continuity required by the less latency-tolerant world. As such, there is a growing need for 5G security help on public and private 5G deployments due to the technology challenges and skills gaps. This is even more challenging for private 5G deployments, where customers and providers might not have the same internal capabilities as large Tier-1 telecom providers. 5G: Isn’t it secure by design? The fact that, unlike previous generations, 5G was designed with security in mind is a good thing. Here are a few examples: Mechanisms for leveraging encryption best practices Mutual authentication between network elements Logical isolation for network slices Additional security for cloud-native virtual infrastructure Protocols for stronger user authentication and key agreements However, 5G broadband standards only provide a framework. The actual security of a 5G network will highly depend on its design, implementation, and operations. Even large Tier-1 national telecom operators must integrate third party cybersecurity providers to bring those functionalities into their 5G public networks and they are not free of misconfigurations and challenging real-world environment introducing a wide diversity of potential denial-of-service attacks or man-in-the-middle risks. 5G private deployments will be even more challenging as they need their own 5G security design, implementation, and operations. Moving to 5G networks represents huge opportunities for new services and the creation of value, but those broadband and open networks also introduce mission-critical systems organizations to a new world of cybersecurity risks that they need to prepare for. Key 5G security threats and how to mitigate them The Enduring Security Framework (ESF), led by the US National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) published a series of reports addressing the 5G security threats and recommendations. The most interesting one is about 5G network slicing, for which they highlighted potential 5G security threats like denial-of-service, misconfiguration, and man-in-the-middle attacks in their publication dated December 2022 and completed recently, in July 2023, with a report providing best practices for the following: Network slice service profile Open RAN security Core networking security User equipment security Cloud and virtualization security Interconnect and roaming security Data network security Management and orchestration security Network slice isolation and segregation Policy, workflow, monitoring, alerting, reporting for operations and maintenance The sheer volume of recommendations and their diversity demonstrates the criticality of planning a 5G security stream, properly resourced, for any 5G project/program. Assessing your inhouse capabilities in comparison to engaging a consultant Unless the customer has the required cybersecurity skills and capabilities in house for all the above cybersecurity domains, it will be critical to involve an experienced cybersecurity systems integrator, capable of driving such a large program, coordinating 5G network and cybersecurity providers. The good news though is that all cybersecurity recommendations are well known and mature enough. They include implementing well known authentication and authorization controls, monitoring and alerting capabilities, access controls or data protection and encryption. From a cybersecurity strategy aspect, they leverage concepts well-known by cybersecurity integrators and providers, such as Zero Trust Architecture (ZTA) principles, Multi-Layer Security (MLS), Cross-Domain Solutions (CDS), Post-Quantum Cryptography (PQC), and isolation. As the threat landscape is dynamic, and 5G is no exception, functions like advanced monitoring, threat intelligence and periodic audit and assessment of the existing design, deployment and operations are critical. In February 2023, Eviden’s Digital Security announced, 5Guard. This is a security offering for organizations looking to deploy private 5G networks and for telecom operators looking to enable integrated, automated, and orchestrated security to protect and defend their assets and customers. It leverages Eviden’s expertise in digital security and experience in mission-critical systems and cybersecurity to streamline customer 5G security deployment and configuration process in their specific environment. Gear up to embrace the security and value of 4G LTE and 5G private networks. Learn more about how you can do this seamlessly with critical communications solutions.