5G is coming, bringing with it speedier connections and higher bandwidth. But what about security? As with most things related to technology, there’s good and bad, according to Kevin McNamee, director of threat intelligence at Nokia. It’s a two-sided coin.

5G is inherently more secure than previous wireless standards, but also vastly increases the attack surface as Internet of Things (IoT) devices proliferate, McNamee said. Monitoring, automation and secure communications will be essential to securing 5G investments, he added. His remarks came during a breakout session as part of (ISC)² Security Congress 2020 , taking place virtually this week.

Kevin McNamee, director of threat intelligence, Nokia

On the positive side, McNamee said, 5G uses HTML2/TLS-based secure services, which are more robust and make it very difficult to crack the control plane. 5G’s BroadForward Security Edge Protection Proxy, which ensures end-to-end confidentiality between networks, provides secure communications for roaming users.

5G also enables network slicing, allowing separation data between applications and services so that, for instance, communications involving banking, medical and financial data are isolated from each other.

Security Concerns

Even with the improved security that 5G delivers, McNamee warned that 5G significantly widens the attack surface. As organizations deploy geographically dispersed IoT networks with thousands of devices, they are creating more opportunities for DDoS (distributed denial of service) attacks and other cyber threats.

IoT devices do not have the security protections of traditional IT endpoints such as smartphones and laptops. “You are going to have all of these IoT devices, and the IoT devices for the most part are not as well protected.” Devices tend to be smaller and low-powered, and are not updated on a regular basis, which makes them more vulnerable, he said.

With IoT expansion, organizations also are implementing more applications at the edge. Edge sites, which are cloud-connected and place compute power close to data sources to reduce transmission latency, also add attack opportunities for hackers.

Another security concern involves increased device visibility. As IoT and edge networks expand, more devices are becoming visible on the internet. “If a vulnerable IoT device is visible from the internet, it will be hacked in a matter of minutes,” McNamee said.

What to Do

To avoid security issues, McNamee shared the following recommendations:

End-end-end security – Implement a holistic security strategy covering all aspects of 5G networks, from the endpoints to the radio-based communications to the edge sites and the network core.

Slicing – Leverage this type of network segmentation to create and manage separate security zones with specific criteria for each slice.

Edge Computing – Manage and monitor all edge applications, require authentication for users, and deploy physical security.

IoT – Use patching for devices that can be patched and updated (many cannot), monitor all the devices and make sure all communications are secure.

McNamee stressed the importance of monitoring, especially with IoT devices that do not have built-in security. He also said that automation will be key to 5G security. Wherever possible, organizations should automate security functions and responses to security incidents. For instance, if a group of IoT devices show signs through monitoring of a cyber attack, they should be automatically disconnected from the network for remediation.