5G network security is national security
5G will accelerate innovation and provide transformative use cases across multiple global sectors. However, it will also bring new security challenges for the mobile ecosystem, with broader attack surfaces, more devices and increased traffic loads. We must have networks that are trustworthy, resilient, and secure by design – all on day one.
5G: benefits and challenges
We know that the transition to 5G will speed up innovation and enhance productivity. The uses cases will be transformative and improve lives. At the same time, this move will create new mobile security challenges. There will be broader attack surfaces, more devices, and greater traffic. It is imperative that we ensure 5G networks are secure from the start.
According to a study by Juniper Research, the United States is expected to account for 50 percent of data breached or compromised worldwide by 2023. As the lead target for cyberattacks, the US must ensure secure and resilient 5G networks. This is an opportunity for the US to set a global example in 5G network security across policy, technology, and standards. Ericsson is positioned to address and lead key priorities and action items that will guide the US through this pivotal moment.
5G brings new security enhancements
Unlike previous network transitions that were more like upgrades, 5G is a totally new and different technology and network architecture. When fully deployed, 5G will be “virtualized” across a service based architecture (SBA) – meaning that the core network functions will happen through a cloud-based and “software defined” network. This will allow tailored security solutions such as “network slicing” for different network functions and private networks, which can significantly enhance network security.
5G will also allow for more discrete control of access to data, topology obfuscation between network segments, greater requirements on inter-element encryption, provisions for extended authentication, and enhanced privacy protections for subscribers, among other new capabilities – all of this adds up to more resilient, secure and trustworthy networks.
Let’s set the example in 5G network security across policy, technology and standards
From a network perspective, protecting end users requires an all-inclusive approach that considers risk mitigation in four areas:
- standards, which give suppliers and carriers a common, open and well-established technical understanding of interoperability and security
- products that are developed through internal governance frameworks for security and privacy by design
- network deployments which are supported by resilient, high-integrity supply chains
- secure network operations, with top priority placed on protecting the confidentiality, integrity and availability of customer data
Collectively, these four areas help define the risk posture of real world networks, leading to a more secure end-user experience.
Today, there are several secure and trusted 5G suppliers in the US and globally, in addition to Ericsson, resulting in a competitive and robust marketplace. The 5G landscape is ripe for innovation and market expansion that will aid in ensuring security throughout global networks.
Telecommunications provide the framework for our international, hyper-connected economy, which makes network security a global issue, not just a domestic one. We must continue to encourage the adoption of guidelines that enhance the protection of 5G end users by deploying networks that rely on secure and trusted suppliers and supply chains on a global scale. Any delay in 5G advancement policies risks forgoing first-mover advantages in the 5G investment cycle. Being first in 5G deployment is not merely an economic award, it’s a meaningful step toward a secure ecosystem.
Government has a big role to play in 5G security
We believe government’s first role in advancing the security of 5G deployments is to keep its attention and resources behind robust government-industry collaboration efforts.
There are already numerous collaborative public-private efforts in place to aid in ensuring a secure 5G network. The Department of Homeland Security ICT Supply Chain Risk Management (SCRM) Task Force exemplifies how industry and government collaboration can quickly and effectively deliver useful, sharable, expert-driven guidance in complex areas like supply chain and 5G security. Ericsson is actively engaged in that effort, understanding and evaluating supply chain threats, and developing a common supplier template for SCRM.
Security goes well beyond products. That’s why we contribute to several US-based industry initiatives focused on ensuring secure 5G solutions and a high-integrity supply chain. These include the Communications Sector Coordinating Council (CSCC) and its Cybersecurity Committee, CTIA’s Cybersecurity Working Group, the Council to Secure the Digital Economy (CSDE), and multiple working groups within the standards-setting organization ATIS.
Ericsson is also active on the Federal Communications Commission’s Communications Security, Reliability, and Interoperability Council (CSRIC), which makes security policy recommendations. Ericsson is engaged across three working groups in CSRIC VII, notably:
- Managing Security Risk in the Transition to 5G
- Managing Security Risk in Emerging 5G Implementations and
- 911 Security Vulnerabilities during the IP Transition
Standards work is another key component of security assurance, as it supplies guidance and frameworks that ensure security and privacy requirements are met consistently. These efforts help industry and government collaborate efficiently, productively and more swiftly on 5G security, both domestically and globally. 5G security standards and 5G supply chain standards are still under development, and Ericsson is helping shape them for long-term security.
A call to action: what needs to happen now
The US government should remain attentive to factors that might promote or undermine 5G deployment.
Ericsson believes that accelerated US 5G deployment will in turn protect the security of the 5G supply chain, a goal that can be achieved through increasing spectrum availability, especially in the mid-band, putting in place reasonable and streamlined small cell siting rules, developing and deploying a skilled tower workforce, and ensuring effective incentives to encourage 5G deployment in rural areas.
Continued focus on these issues plays an important role. For example, the Senate Commerce Committee recently held a hearing on 5G Supply Chain Security.
I was honored to be one of the witnesses who testified. This provided an opportunity to highlight the work Ericsson is doing and help educate Senators on these critical issues. I encouraged additional hearings to address 5G related matters.
With steps already being taken in the right direction, Ericsson looks forward to continuing to work with the US government to ensure that the 5G world is a secure one.
Take a look at our guide to 5G network security.
Read our 5G network security whitepaper.