It is security, not COVID-19, that challenges 5G’s commercial deployment

Since the beginning of the current pandemic, false and unsubstantiated rumours of 5G and its impact on people’s health have been prevalent in social media. Phone masts have reportedly been damaged or destroyed in several European countries, says Adrian Taylor, regional VP of sales for A10 Networks.

The problem has been particularly acute in the UK, where dozens of towers were targeted, and engineers abused as they worked, according to media reports.

The scale of the problem prompted the World Health Organisation (WHO), the UN agency which is leading the response to the pandemic, to add the 5G conspiracy to its COVID-19 myth busters article, which highlighted that “viruses cannot travel on radio waves/mobile networks. COVID-19 is spreading in many countries that do not have 5G mobile networks.”

In the midst of this controversy, A10 Networks released a report titled, “Toward a More Secure 5G World,” which highlighted how COVID-19 may result in some short-term delays for operators, but ultimately it demonstrates a global need for higher speed, higher capacity 5G networks and the applications and use cases they enable. The study also found that 81% believe industry progress toward 5G is moving rapidly, mostly in major markets, or is at least in line with expectations.

Whilst the report shows 5G adoption is scaling rapidly, one of the main concerns from the report was surrounding cybersecurity. As 5G networks expand, so does the explosive growth in network traffic, connected devices, and mission-critical IoT use cases. This will impact network security and reliability more than ever before. The report supported this view, with 99% respondents expecting 5G networks will increase security and reliability concerns and 93% have or may change security investments in light of 5G.

To address this challenge, service providers need highly cost-efficient security solutions that offer flexibility, scalability, and protection as they evolve their networks to 5G and integrate cloud and edge capabilities. This means a comprehensive security stack at service provider scale with other functions most needed in mobile networks, including a firewall for all network peering points, deep packet inspection (DPI), carrier-grade network address translation (CGNAT) and IPv6 migration, integrated distributed denial of service (DDoS) threat protection, intelligent traffic steering and analytics.

Below is a blueprint of five of the key solutions required for a successful migration to 5G.

Gi-LAN security – Gi/SGi firewall

Significant threats to mobile subscribers and networks come through the internet interface – the Gi/SGi. As traffic volume, devices and cybercriminal expertise increases, so do these threats. An integrated Gi/SGi firewall protects infrastructure and subscribers and delivers the performance that mobile carriers require. The Gi/SGi firewall solution meets both current and future traffic requirements for any service provider. This comprehensive and consolidated approach provides best-in-class performance, efficiency and scale to protect the mobile infrastructure while reducing OPEX and CAPEX costs. Service providers can also use a Gi/SGi firewall solution in a virtual form factor to gain a flexible, easy-to-deploy and on-demand, software-based deployment.

Mobile roaming security – GTP firewall

The GTP protocol used in the roaming and other EPC interfaces has known vulnerabilities that can be readily exploited by malicious actors. Operators must meet the growing security challenges while also providing a seamless subscriber experience – wherever they travel, whatever devices they use, and whatever network is accessed. A GTP firewall provides extensive capabilities including stateful inspection, rate limiting, and filtering of traffic for protocol abnormalities, invalid messages, and other suspicious indicators.

It protects against GTP protocol vulnerabilities such as fraudulent use, confidentiality breaches, DDoS attacks by malicious peers and other threats. A GTP firewall can be inserted into multiple interfaces carrying the GTP traffic. In the primary use case, it is inserted on S5-Gn and S8-Gp (roaming) interfaces.

The GTP firewall provides scalability and supports uninterrupted operations while protecting subscribers and the mobile core against GTP-based threats such as information leaks, malicious packet attacks, fraud and DDoS attacks through GTP interfaces in the access networks and GRX/IPX interconnect.

Network slicing – Intelligent traffic steering

Network slicing will allow mobile operators to offer security and other capabilities tailored to each vertical application and to capture revenue from these diverse use cases, without losing the economies of scale of common infrastructure. Network slicing isolates each use case or service from one another so that the services can be independently deployed, managed securely, and delivered in a robust way.

This solution identifies specific types of traffic by multiple criteria including radio access type, IP address, DNS address, device type, destination, subscriber ID, and other parameters and then redirects these “slices” of traffic to value-added service platforms, such as protection platforms for deeper threat analysis and scrubbing. This re-direction can be based on either static policy or dynamic factors. This solution enables differentiated treatment to the developing 5G use cases, deepens the security posture and boosts revenue opportunity without adding unnecessary inspection load on the entire network.

Network wide DDoS detection and mitigation system

Mobile operators must maintain high network availability at all times. DDoS attacks target mobile networks and their subscribers with high volume message floods that overwhelm infrastructure and can cause service degradation and network outages. Now, targeted attacks can also come from any network peering point and include both volumetric and lower volume, sophisticated attacks against specific network elements or important applications of key enterprise customers.

Over-provisioning of network elements to meet rising threat volume or simply blocking traffic during an attack increases costs and can result in service denial for critical traffic. Operators need a more cost-efficient and comprehensive approach that quickly detects and mitigates DDoS and infrastructure attacks across the entire mobile network without denying service to important traffic. Service providers can achieve full DDoS resilience and improve security by using a layered approach for detecting and mitigating attacks of all types and sizes before attackers take down their targets.

Secure, efficient MEC

Multi-Access Edge Compute (MEC) architecture is often part of the 5G transition plan. In a MEC architecture, network traffic processing functions move from a centralised data centre or mobile core to a number of distribution points that are located closer to the user at the “edge.” A distributed architecture with thousands of nodes increases management difficulty and requires a high level of automation and analytics for deployment, management and security and operational changes.

We at A10 Networks offer a Thunder CFW solution that offers high performance, low latency in a software-based or hardware form factor for firewall, CGNAT and IPv6 migration, traffic steering and other functions. Many functions that may have been provided by single point appliances are combined into one appliance, virtual instance, bare metal or container. Cost-efficient, high-performance security is ensured without exceeding space and power limitations. Centralised management and analytics simplify operations for lower TCO.

As we reach the halfway point of 2020, the A10 study indicates that major mobile carriers around the world are on track with their 5G plans, and more expect to begin commercial build-outs in the coming months. That means mobile operators globally need to proactively prepare for the demands of a new virtualised and secure 5G world. That means boosting security at key protection points like the mobile edge, deploying a cloud-native infrastructure, consolidating network functions, leveraging new CI/CD integrations and DevOps automation tools, and moving to an agile and hyperscale service-based architecture as much as possible. All these improvements will pay dividends immediately with existing networks and move carriers closer to their ultimate goals for broader 5G adoption.

The author is Adrian Taylor, regional VP of sales for A10 Networks.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more