5G transport security: What service providers need to evolve? (part 1 of 2)
Introduction by Shane McClelland, Vice President, Strategy and Business Development, Head of Transport at Ericsson.
A consistent theme in our 5G Transport Blog Series has been 5G is a game changer for transport networks. In previous blog posts, we've discussed a range of topics concerning how the 5G transport network:
- must scale to accommodate in the need for more backhaul capacity
- needs to be flexible enough to support new RAN interfaces and deployment models with varying latency requirements
- must support tight timing and synchronization between distributed and virtualized RAN elements
Another critical area that impacts end-to-end transport networks in 5G is network security. With 5G, not only will we see RAN densification and RAN disaggregation in terms of pole-mounted, lamp-post, and in-building radio sites, but we will also see an expected 10X increase in devices connected to the network ranging from small, low power sensors to mission critical modalities. These new devices and small cells will be deployed in locations that are much more accessible as compared to a typical 4G distributed RAN site.
Your network's transport infrastructure is critical to securing the best 5G performance. That's why Ericsson and Juniper Networks have extended their global partnership. Ericsson and Juniper's partnership creates an industry leading, end-to-end 5G ready transport solution that reduces complexity, increases security and addresses diverse service requirements. By complementing Ericsson's Router 6000 product family with Juniper's IP edge and core routing, and security portfolios, you'll have seamless, secure IP connectivity from radio cell site to packet core.
We are happy to have Irene Zhang from Juniper as a guest blogger to address the security in the 5G network.
5G Transport Security: What Service Providers Need to Evolve? (Part 1 of 2)
5G will deliver a step change in network performance and will support a wide range of new ultra-reliable and low latency communication services, as well as fuel the growth of applications based on the Internet of Things (IoT), both of which provide major opportunities for service providers.
However, the increase in performance, new use cases and new network architecture based on distributed telco cloud, all have major security implications. When it comes to 5G security strategy, what do service providers need to consider and evolve?
In this blog, I will focus on the performance and operations aspect first. And in my next blog, I will share what are the new attack surfaces and threats that arise from the new architecture and enabling technologies such as MEC, CUPS and Network Slicing.
Existing security must upgrade performance to avoid being a bottleneck
Like 4G, 5G is not going to be a flash cut. Instead, 5G will evolve side by side with 4G, with logical evolution phases taking place over the next decade. Most 5G deployments will start with the 5G non-standalone (NSA) architecture, which pairs the 5G RAN with the existing 4G core for faster launch of 5G services.
Consequently, service providers' 5G security strategies must first assess existing 4G network security to ensure implementation consistency among both 4G and 5G. The logical starting point to commence this assessment is determining if their 4G network security performance is ready for the increase in network capacity from 5G NSA.
Without this investment in additional performance, security will become a bottleneck to overall network performance. On a product level, security performance such as throughput, connection scale, and session establishment rate should be evaluated for current mobile security use cases such as Gi/SGi firewall, security gateway (SEG), and Gp/S8 roaming firewall.
Another area that must be addressed related to performance challenge is distributed denial-of service (DDoS) attacks. Due to their often-limited security capabilities, IoT devices are a favorite target for hackers. The rising number of attacks this will cause, combined with the increased bandwidth of 5G, will mean that traditional "detect and redirect" DDoS mitigation approach will be inadequate because of capacity overload. More intelligent and cost-effective solutions will be needed.
Security operations must scale with holistic visibility and automation
Security network functions like IPsec Gateways, Firewalls, Load balancers, IPS, DPI, etc. traditionally are based on specialized hardware.
These are typically referred to as Physical Network Functions (PNF). The transformation of PNFs to VNFs (Virtual Network Functions) may take several years because of the need to achieve high performance levels. Some PNFs may never be virtualized.
Therefore, hybrid network architectures in which PNFs and VNFs for security functions co-exist are fundamental to ease successful transformation and migration to NFV of existing network infrastructures. In this scenario, it is vital to have a unified security management system that manages both physical and virtual domains and provides a unified view of these domains. In other words, security management needs to provide a holistic system-wide visibility.
Moreover, 5G infrastructure heterogeneity and complexity will require security to be applied at multiple levels (e.g. associated with a slice, a service, or a resource) across multiple domains. Therefore, security automation and orchestration is critical for service providers to keep ahead of the security operations challenges.
5G promises to be a game changer. Security is fundamental to the successful delivery of 5G networks and services. Service providers must make sure their security strategy is well planned as an integral part of 5G evolution roadmap. To start with, current mobile network security performance and operations must be able to scale to meet 5G requirements instead of being a bottleneck.
To learn more: