UK report calls for new approach for 5G security
LONDON — Planning for security in 5G networks requires a whole new approach compared to previous-generation networks to protect network infrastructure, according to a new technical report on 5G architecture and security published by the U.K. government.
With 5G rollouts planned in some form or another around the world this year, the very fact that the architecture opens up opportunities for multiple players to operate on the network (rather than just a single network operator) could significantly increase the attack surface for connected devices, autonomous vehicles, and other use cases flagged up for 5G. Hence, the report suggests that a whole new mobile security strategy is needed and makes four significant security-based recommendations that the authors believe will protect vital infrastructure.
"Since the age of 2G, mobile networks have been some of the most secure things on the planet, helped by the fact that each one is controlled by a single network operator," said Peter Claydon, project director of AutoAir, one of the 5G testbeds in the U.K. that contributed to the report. "5G opens up mobile networks, allowing network operators to provide 'slices' of their networks to customers. Also, customers’ data can be offloaded and processed at the edge of the network without going through the secure network core. This report is a timely reminder of the security challenges that these new features raise."
Regius Professor Rahim Tafazolli, founding director of the 5G Innovation Centre at the University of Surrey, added, 'Performance risk in such a complex network means that we need to reconsider many of our digital security processes."
The report was produced as part of the U.K.’s 5G Testbed and Trials program, a government initiative to ensure that the U.K. plays a key role in 5G development. Three of the six 5G testbeds contributed to the report, along with the University of Surrey’s 5G Innovation Centre. The three testbeds were AutoAir, which is testing transport use cases; 5G RuralFirst, which is testing the use of 5G to enhance rural communities, and the Worcestershire 5G Testbed, which is testing industrial use cases of 5G.
Key highlights are the challenges and inevitable trade-offs between cost, security, and performance in the development and deployment of 5G. In a new environment of multiple use cases, each with different performance requirements, along with the expected introduction of new market players, alignment and cooperation between parties will be essential. In addition, systems will need to be "secure by design," and new approaches, including the use of artificial intelligence (AI), will be required.
New ways will be required to predict and pre-validate 5G network connections, leveraging mobile AI-based autonomous network technologies — from mobile phones and smart industrial machines to health-monitoring devices and smart home consumer devices. The networks will need to quickly and efficiently recognize these devices and confirm that they are secure without compromising user experience and performance. The paper also recommends:
- A cross-layered process that will allow end-to-end security for critical services such as the transport and logistics, health and social care, Industry 4.0, and rural connectivity solutions.
- An organization that is tasked to help monitor and encourage good security-by-design practice and set out and document an approach to designing secure 5G networks, applications, and services.
- Further testing of standards and security capability using existing U.K. test beds.
>> Continue reading page two of this article on our sister site, EE Times: "5G Needs New Approach to Security."