5G Security: Seeing Through the Clouds
By Chris Christou and Joseph Bull, Booz Allen Hamilton
SPONSORED – U.S. government organizations racing to adopt 5G mobile technology must overcome significant security blind spots. Although most government and enterprise organizations know security is critical when migrating workloads to the cloud, the intersection of cloud security and 5G security is still unfamiliar territory. Gaining greater perspective can help organizations apply leading practices to safeguard systems by design.
Recent research commissioned by Booz Allen sheds light on the learning curve that many organizations face. The survey encompassed 175 individuals involved in the development, analysis, and review of U.S. cybersecurity practices and policies. Respondents included mostly federal and military personnel, as well as stakeholders in think tanks, non-governmental organizations, lobbying roles, and the legislative branch.
While many respondents (82%) ranked cloud security among the most important aspects of cybersecurity, fewer (60%) said the same for 5G security. The White House has stressed the stakes for securing 5G networks “could not be higher.” The survey findings suggest that information technology specialists, program and project managers, administration and operations personnel, and others with cyber-related roles are still absorbing this message.
The irony is 5G networks are intended to be cloud native: Organizations need to apply cloud security leading practices to 5G infrastructure itself, in addition to securing the network and applications by design. What’s more, the cloudification of mobile networks is greatly expanding the attack surface to include data centers and open-source software. It’s getting easier for less sophisticated threat actors to target mobile networks. Threat vectors related to 5G cloud infrastructure include software/configuration, network security, network slicing, and software-defined networking.
Most survey respondents (62%) said they had limited knowledge of 5G security. And respondents were roughly split on whether they had limited or substantial knowledge of zero trust—a leading security mindset that is ideal for 5G. Embracing zero trust is about stepping up and owning the risk that threats can emerge inside, not just outside, traditional network boundaries—and it’s about proactively countering these risks. This shift in mindset is needed even as efforts to build, deploy, and use 5G technology are still taking shape.
The Department of Defense, for example, is working to deploy private 5G solutions for a wide range of use cases. And as one of DOD’s partners, Booz Allen is at the forefront working with DOD to build the 5G infrastructure and conducting the prototyping based on specific 5G-enabled use cases. But this large-scale push to build and manage such infrastructure and define use cases—almost like a mobile carrier would—is new territory for the department. And many organizations are still assessing how they will use 5G, let alone how they will secure it.
While there is no “easy button” for 5G cloud infrastructure security, organization leaders can look to guidance from the Cybersecurity and Infrastructure Security Agency and the National Security Agency. This guidance shows how to bring a zero trust mindset into 5G cloud endpoints and growing multi-cloud environments: It covers preventing and detecting lateral movement, securely isolating network resources, data protection, and ensuring the integrity of cloud infrastructure.
In addition, here are five steps to guide organizations interested in developing private 5G networks:
Build a secure foundation: Start protecting 5G infrastructure, software, and all network elements by develop