Leonid Burakovsky is editor of Fraud and Security Group’s FS.37 “GTP-U Security”.
Communications service providers (CSPs) are moving to 5G. With 57 commercial 5G launches, GSMA predicts that 20% of global connections will be 5G by 2025. CSPs are eager to make this move because of the economic value of 5G to businesses. Industries are also eager to make the move to extract the benefits from 5G. From energy to manufacturing, finance to transportation, healthcare to government we will see processes and behaviours evolve because of 5G.
Typically, as we rush towards new technology, security considerations are an afterthought. With the 5G focus on bandwidth, devices, coverage, and density what about security? Cyber threats pose tremendous risks to businesses and industries transitioning to 5G. Standards development organisations have a key role to play to ensure network, services and applications are secure. But, as the 5G digital environment opens the door for diverse players beyond traditional cellular networks that are looking to revolutionise their ecosystem through 5G, security often falls short. The promise of 5G will be challenged by the current security practices of both the CSPs and their enterprise customers. GSMA is focusing its industry collaboration activities on key areas of 5G security, and a new document described below, recently released to members, contributes to this focus.
For the CSPs, the massive increase in network connectivity and emergence of new types of applications pose expanded security risks for both the CSP’s network and their subscribers. Within the network we see a technology shift towards virtualised services requiring new security practices.
With critical infrastructure as well as industries such as energy and healthcare connected to 5G, are we prepared to deal with the impact of cyber threats? Are we able to protect 5G networks and the businesses and industries that use them? Do we have a 5G security reference document ready to help detect and prevent cyber-attacks?
Consider the following IoT examples:
- Modern IoT malware and attacks, such as botnet scanning, drain the CPU and memory of the IoT devices under attack, causing substantial service response delay for time-sensitive applications, lower device stability and increased device reboot risks. It directly impacts the availability of legitimate services that are running on the IoT devices.
- Malicious programs running extraneous processes on a battery-powered IoT device exhausts the battery, long before the life expectancy of the device. For example, a simple malicious program that alters the sleeping cycles of battery-powered cellular IoT devices can exhaust the battery power of such devices very quickly.
- Botnets are worrisome, as their denial of service attacks do not only impact their intended targets, they could impact overall network services. For example, Mirai malware gained notoriety in 2016. It used massive denial of service attacks and caused several costly network outages. Botnets are getting increasingly automated and sophisticated, day by day. Having targeted a much broader array of IoT devices such as wireless cameras, routers, and digital video recorders until late 2019, new variants have emerged that target Zyxel network-attached storage devices, as seen in March 2020.
These examples of threats and attacks are also relevant today in 4G. With critical industries connected to 5G, with massive IoT and ultra-reliable low–latency IoT we should be prepared to deal with the much bigger impact of cyber threats and attacks.
A year ago, GSMA organised a group of CSPs and vendors together to develop a new security reference document, FS.37. This document outlines recommendations for CSPs for detecting and preventing attacks on the GPRS Tunnelling Protocol User (GTP-U) plane against mobile networks, services and applications. It provides recommendations for CSPs on how to address the threat posed by malware and vulnerabilities, including specific examples, contains guidelines on how to logically deploy security capabilities (specific interfaces) and the modes of deployment, and briefly introduces new topics, such as security per network slice.
The new GSMA FS.37 recommendations will guide CSPs on how to analyse traffic passing through the GTP-U tunnels within their networks and between it and the radio access network for cybersecurity threats and to be able to detect and stop these threats in real time. Indeed, security automation is critical in correlating threats to the attack source, and to isolate those infected subscribers and devices before botnet attacks can potentially take place, offering actionable insights for faster security troubleshooting.
The move to 5G brings many opportunities but also challenges. With the right cyber security technology your network, your service, and your business will be ready to meet these challenges.