The next generation of mobile networking technology — the highly anticipated 5G — will improve the speed and responsiveness of wireless networks when deployed, but it is already raising questions for mobile operators, specifically about the implications of 5G security.
Commercial 5G is in the early stages of becoming a reality and will continue to grow. In “Opportunities and Challenges in a 5G Connected Economy,” a recent report from market research firm Business Performance Innovation Network, in partnership with security vendor A10 Networks, looked at the security concerns 5G brings to the mobile industry.
“Security is a top concern for 5G operators, almost equal to increasing capacity and throughput,” the report said, reporting that 94% of respondents expect the growth of 5G to increase security and reliability concerns for 5G mobile operators.
5G concerns can be looked at in two ways, according to Paul Nicholson, senior director of product marketing at A10 Networks. One concern is the increase of traffic and devices. Whenever technology changes, unexpected issues often arise. There is new technology with 5G, but operators are also moving to a cloud, software-type environment, so they have to secure that, he said, adding security works differently with different components.
Despite the high level of concern, the study also revealed most mobile operators still have significant work to do in building the security foundation needed to support 5G.
While the majority of survey respondents said they intend to upgrade security tools — such as firewalls — to work better with 5G, only 11% have actually implemented the upgrades.
Paul NicholsonSenior director of product marketing, A10 Networks
A full 79% of survey respondents said their companies are taking 5G requirements into consideration with their current security investments. Another 17% said they are already looking at it.
The top security concerns include core network security, with 72% of respondents rating it very important; 60% are concerned with endpoint security and 38% with security management and staffing requirements.
Core network security concerns include upgrading different types of firewalls given the increased traffic and scalability of 5G. Only a small percentage of respondents have upgraded their firewalls already, while more than half said they plan to.
“The need to upgrade the Gi firewall at the Evolved Packet Core is widely recognized as a critical need for improving 5G security, while it also delivers significant benefits to existing 4G networks,” the report said.
“[Mobile operators] also need to think about external forces, like volumetric DDoS [distributed denial-of-service] attacks, which are coming in from the outside to try to disrupt service,” Nicholson said.
The threat of DDoS attacks
The deployment of 5G will open a lot of networking possibilities due to its improvements in speed, capacity and latency. Those advances, however, also open up the possibility for more severe attacks.
One of the most significant security concerns of respondents was the possibility of DDoS attacks — 63% said advances in DDoS protection were important to their future ability to address larger and more sophisticated attacks.
“Today, A10 [Networks] knows that there are 23 million DDoS weapons out there poised to attack on demand,” Nicholson said, citing the spread of the Mirai botnet that followed DDoS attacks in 2016.
“The most recent was a 1.7 terabit attack against GitHub using misconfigured Memcached servers in a reflection attack,” he said. “Reflection attacks are still the biggest attacks we see today with multiple types of devices being used.”
DDoS attacks often target internet-connected devices, so as the number of devices continues to grow and as 5G network deployments increase and connect to more devices, DDoS threats could lead to more attacks — not only in frequency but in how far and fast the attacks could spread.
“When we get to the 5G world, there’s going to be a lot more connected devices, and they’re going to be capable of generating traffic at a much higher rate,” Nicholson said. “With the DDoS weapons, we think this is just the tip of the iceberg.”