5G is heralded for its ability to efficiently deliver faster data speeds with less delay and offer a better user experience to both enterprises and consumers. But 5G is far from perfect. Some of its biggest benefits also come with a dark side in the form of heightened security risks.
Non-standalone 5G networks, which run on a 4G core network, are widely deployed globally today. But 5G standalone (5G SA) networks are only starting to gain traction. According to the Dell’Oro Group, as of January 2024 there were only about 50 5G SA networks deployed worldwide.
5G SA networks incorporate a cloud-native 5G core and run on a disaggregated network architecture using components from multiple vendors making them more vulnerable to cyberthreats. Plus, 5G SA networks will have many different types of connected devices (such as IoT devices) running across them, giving them a dramatically larger attack surface than previous generations of wireless networks.
These 5G SA networks also rely heavily on virtualization and the cloud, which can create security weaknesses. Although the cloud offers greater flexibility and network scalability, there are potential vulnerabilities that can occur between the various software components and hardware.
One important element to 5G SA is the open radio access network (RAN), or O-RAN. O-RAN creates open interfaces between all software components and because it is an entirely different RAN configuration it can create security issues if mismanaged. However, the open interfaces of O-RAN can also be viewed as a security advantage because they are more transparent than traditional RAN implementations.
This vulnerability of these state-of-the art 5G networks has not been lost on cyber-criminals. Many well-resourced nation state and cyber adversaries are specifically targeting telecom operators because they are aware of this opportunity.
In fact, a 2023 Threat Intelligence Report based upon a survey handled by research firm GlobalData and commissioned by Nokia found that 60% of attacks on mobile networks are from IoT bots that are scanning for vulnerable hosts so they can launch a Distributed Denial of Service (DDoS) attack.
Here are some of the most prevalent 5G security concerns of mobile operators, according to the survey:
- Botnets have become a major generator of DDoS traffic and DDoS attacks are becoming larger and more powerful.
- Mobile operators can’t keep up with the latest security threats. More than 30% of respondents said they have experienced eight or more breaches in the last 12 months.
- Fragmented security tools make it difficult for mobile operators to effectively deploy security solutions across their various systems.
Regulatory Landscape is Changing
Because of growing concerns about the vulnerability of telecom networks, many government regulators are starting to mandate a higher level of security. The U.K. government introduced the Telecommunications Security Act of 2021 as a way to protect telecom networks from cybersecurity attacks. Operators must follow a Code of Practice, which includes more than 250 guidelines that operators must follow to ensure they are taking appropriate security measures across their networks. Any operator that doesn’t comply with the Code of Practice risks being fined up to 10% of their operating revenue.
The U.K. Telecommunications Security Act is one of the most comprehensive security mandates available today, but other countries are implementing similar initiatives:
- Germany has enacted the Telecommunications Modernization Act that is similar to the U.K. mandate.
- Switzerland revised its Telecommunications Act in January 2023 to increase cybersecurity requirements for telecom service providers.
- Australia is considering new cybersecurity regulations and in November 2023 the government outlined plans to classify telecommunications as critical infrastructure so it can require telecom companies to regularly report on their compliance with cybersecurity requirements.
- The U.S. Federal Communications Commission (FCC) in December 2023 adopted new rules around safeguarding sensitive customer information and requiring telecom companies to be accountable for protecting sensitive customer information.
Growing Investment in Cybersecurity
Because of the concerns around 5G, and specifically 5G SA, many telecom operators are beginning to invest more heavily in cybersecurity solutions.
Telecom security firm HardenStance estimates that in 2023 telecom spending on consumer security was around $411 million, which was an increase of around 5% over 2022. The firm also estimates that telecom spending on consumer security will grow by 5% in 2024 and 6% in 2025.
This changing telecom network landscape requires telecom operators to rethink how they view cybersecurity —not only do they need to invest in cybersecurity tools to prevent breaches, they also need to invest in solutions that will minimize their exposure should a breach occur.
The Benefits of Cloud-Centric Security
Many existing telecom cybersecurity solutions reside on-premises and handle security for just one aspect of network, such as customer billing information. In addition, often different divisions of the company use different security tools. This leads to siloed solutions that don’t communicate with each other.
A cloud-centric security solution is a better option than on-premises security tools because cloud-centric security solutions are able to better handle the large 5G network attack surface and threat landscape without creating siloed security solutions.
For example, Microsoft’s Azure Operator Insights can provide a platform for operators to bring together different data sources and operate as a tool for data ingestion and analysis. It also will allow third parties to build SecOp tools specifically for operators.
Microsoft is also positioning its analytics engine with Microsoft Sentinel, which offers telecom-specific security tools that extends the Security Information and Event Management (SIEM) to the telecom network to help operators recognize and address security threats and vulnerabilities before they can disrupt their business.
Plus, telecom operators can take advantage of Azure’s massive scale --- Microsoft currently tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals and other threat actors. Its cloud processes and analyzes more than 43 trillion security signals every day and more than 600,000 organizations around the world currently use Microsoft’s security offering.
Microsoft’s Azure Operator Nexus, is a carrier-grade, next-generation hybrid cloud platform purpose-built for telecommunication operators that offers operators greater peace of mind when implementing an on-premises private cloud. With Azure Operator Nexus, Microsoft applies its cloud security principles to the near-edge and far-edge of the network, which makesmaking it particularly compelling to the O-RAN ecosystem.
Microsoft is also working to integrate its RAN analytics engine with Microsoft Sentinel, which offers telecom-specific security tools that extends the Security Information and Event Management (SIEM) to the telecom network to help operators recognize and address security threats and vulnerabilities before they can disrupt their business.
5G networks are a critical part of the global communications infrastructure and require a high level of security. With the growing sophistication of cybercriminals and other threat actors, telecom operators much make their network security a No. 1 priority. Cloud-centric security solutions, such as that provided by Microsoft Azure Operator Insights, should be considered a step in the right direction.