CSPs can develop higher digital trust by highlighting their full compliance with relevant regulations governing network security and data confidentiality to customers or industries. Recognized requirements already mandate CSPs to comply with lawful intercept, user privacy, and customer notification of security breaches. However, they need to meet several new regulatory requirements. These include industry standards such as the Cyber Security Act, the Payment Card Industry standards, and the EU’s General Data Protection Regulation (GDPR). In the future, a CSP may also be required to show a specific level of security for its 5G infrastructure (e.g. NESAS).
New security concepts are required for the next mobile network generation because 5G supports new use cases and the adoption of new networking methods. The open 5G network of the immediate future will consist of a complex ecosystem of multiple stakeholders. This ecosystem requires trusted and trouble-free interaction.
Not all customers, though, need the same levels of security. For example, an online gamer and a large retailer have quite different security needs. Security measures must therefore match each use case. This is where network slicing comes in. Network slicing, one of the newest technologies enabled by 5G, addresses this issue by allowing different levels of security to be offered to users of different services. In more detail, 5G network slicing is a network architecture that enables the multiplexing of virtualized and independent logical networks on the same physical network infrastructure. Each network slice is an isolated end-to-end network tailored to fulfill diverse requirements needed by a particular application. Isolated network slices also help to confine a cyberattack to a single slice. Because of this, network slicing takes a starring role in supporting 5G mobile networks that are designed to efficiently embrace a wide array of services with very different service-level requirements, including security KPIs.
The new approach to security for this new type of 5G network requires service providers to develop four key capabilities to help them operate all the integral and standalone safeguards to build customer trust. When combined, these capabilities help ensure properly secured—and thus reliable—new 5G services.
The four 5G security capabilities necessary are adaptation, speed, integration, and automation.
Adaptation means that a CSP can respond quickly to deal with cyberattackers’ increasingly sophisticated techniques.
Speed is important because it is one of the most important success factors in reducing the length of time a hacker goes undetected. In 2018, the median dwell time in the corporate sector was estimated at 78 days. By being able to increase response speed through analytics, machine learning, and automation, this time can be cut by up to 80 percent.
Integration of as many different security tools and systems as possible into a central reporting system reduces the time needed to filter out false alarms and respond to genuine threats.
Automation reduces the growing workload facing security teams. 5G cybersecurity uses automation to deal with recurring attacks by using pre-defined, automated responses. This security automation translates into more efficient provisioning, security configuration and hardening, and delivers higher quality.
Security in 5G networks isn’t a one-size-fits-all endeavor. Each domain and technology that makes up a 5G network has its own risks and causes different business impacts. As such, each has varying security priorities.