The introduction of 5G network slicing will support a wide range of new use cases and revenue opportunities. However, the rise of network slices will also expand the attack surface available to hackers by exposing more entry points that need protection: user devices, radio access and core networks, the mobile edge, Internet, roaming and air interfaces. All of these must be protected.
The addition of APIs to these slices will mean more types of enterprises will be communicating, and they will all have different security requirements. Greater flexibility in managing who can send what will be required, meaning security considerations will need to be addressed at an individual level. For example, even though both 4G and 5G applications support video services, there are vastly different security requirements for mission critical video applications like remote surgery, as opposed to what would be required for a simple video conference.
To protect IoT devices going forward, it is paramount for CSPs to understand what the device is and the context of its communications. By doing so, you can understand if a device is changing its behavior, or if the eSIM/SIM card has changed. For example, changes in behavior, such as sudden spikes in traffic, can indicate that the device has been taken over by a botnet. By detecting changes in behavior, you can identify the signature of a rogue device and use this to find more devices with the same fingerprint and potentially block them. In addition, by analyzing the data that devices are sending with their mobile connectivity information, you will be able to identify if the rogue device is a lone actor or part of a wider, coordinated attack. To make matters even more confusing, COVID-19 has created a fundamental shift to what is deemed ‘normal’ behavior and traffic. Operators are now seeing significant volume increases both in data and voice, with domestic usage patterns shifting toward the day, away from the evening, and business traffic abating due to remote working.
According to a GSMA report, typical usage, such as call duration, is also changing. Traditional rules-based fraud and detection tools will not understand this shift, which could result in a spike in false positives alarms or worse, with fraud and security threats going unabated. This underscores the need for AI and machine learning-assisted fraud and security threat detection tools to recognize new patterns so that network security teams are equipped with the best protections.
In addition, CSPs will need to have the same understanding of how their IoT devices and subscribers are protected on-net as well as when they are roaming. In the case of your subscribers, if someone is driving their autonomous car on your network, you want to ensure that it is not vulnerable to attacks. Similarly, when your subscribers’ devices are roaming on another network, you want to make sure they are being protected. Juniper Research projects that by 2022, IoT roaming revenues will increase by 20 to 30 percent. Therefore, multi-protocol signaling firewalls are required to ensure that traffic that traverses between your 3G, 4G, and 5G networks has the proper security protections in place, and that your roaming devices are steered to preferred partner networks.
Recent research sponsored by Mobileum found consumers and enterprises alike want CSPs to take a leadership role in the protection of their data and devices—and they want reassurance from their CSPs about the detailed steps they are taking. In fact, subscribers will stake their customer loyalty on it. The same research found that 58 percent of enterprises and 52 percent of consumers said that they would leave their operator in the event of a security breach.
IoT network security is complex, but not impossible. Developments in multi-signaling firewalls and AI and machine learning capabilities mean that network security teams no longer need to feel ill-prepared when it comes to IoT device security. Instead, they have the tools to detect current and emerging threats and protections that ensure that IoT-based messages are verified and allowed to be sent by that operator, to that user, in that context, from that location.