Cyber network security

In the era of 5G, it's important to conceptualize security on a system wide level where telecom networks are an important component, while adopting a strong understanding of the following:
Cyber network security
  • Increased value at stake and decreased risk tolerance
  • Cyber-physical dependencies
  • Security of standards, products, deployments and operations
  • Proactive cybersecurity measures
  • Vulnerability management
  • Securing the supply chain

Building a secure 5G network requires a holistic approach rather than a focus on individual technical parts in isolation. For example, interactions between user authentication, traffic encryption, mobility, overload situations, and network resilience aspects need to be considered together. It is also important to understand relevant risks and how to address them appropriately. To that end the guide to 5G network security aims to provide the necessary context to reach and depth of a holistic approach: A guide to 5G network security

A comprehensive approach to security is required to protect end-users. Subsequent appropriate strategy and mitigation takes into account four key pillars: standards, products and related development processes, network deployments, and network operation. Collectively, these four pillars define the security status of live networks and hence the de-facto end-user security experience. A comprehensive approach ensures that mitigating measures are implemented in such a way that interdependencies between the layers as well as specifics for a layer in question are addressed effectively.

The four pillars of 5G security:

Operations

  • Secure operational procedures, e.g. segregation of duties, use of least privilege and logging.
  • Management of security functions, vulnerability mgmt. and detection of attacks.
  • Response and recovery after breach.

 Deployment process

  • Solid network design with security and resilience in mind.
  • Operator specific configuration of security parameters, hardening.

 Vendor product development process

  • Secure hardware and software components.
  • Secure development processes.
  • Version control and secure software update.

 Telecoms standardization process

  • Secure protocols, algorithms, storage.

 

Each of the pillars is addressed in further detail below:

Ericsson’s key policies