5G Standalone (SA), and, specifically, the dynamic network slicing it offers, will provide multiple benefits to communications service providers (CSPs), offering new market opportunities and revenue streams.
But, at the same time, dynamic network slicing represents a significantly expanded cyberattack threat surface with multiple attack opportunities for malicious actors.
5G SA offers multiple use cases – ultra-reliable, low-latency communications, (URLLC) massive IoT (which will enable smart factories and ports, for example), and enhanced mobile broadband. It is already making its mark.
5G Standalone deployments gaining momentum
For example, Analysys Mason predict that 5G SA will surpass 5G Non-Standalone (NSA) sometime in 2024 and will account for 90% of global wireless revenue by 2028[1]. Meanwhile, according to the GSA, 116 operators in 53 countries have invested in public 5G SA networks, and there were an estimated 1.5 billion subscribers at the end of 2023[2].
On the flipside, the continued virtualisation of the network, dynamic network slicing (through which virtual networks are instantiated and deployed to meet specific customer needs QoS demands, and use cases), and the new capabilities that URSP (User Equipment Route Selection Policy) – which is used by connected devices to determine how to route applications traffic to different slices – brings represent a significantly expanded threat surface that MNOs must monitor and protect against on a continual basis.
Operators and service providers also face an increasingly demanding and complex compliance landscape. Legislation such as the European Union’s NIS 2 Directive, which came into force on 17 October 2024, require a holistic, joined-up, comprehensive approach to cybersecurity and demand the need to protect national and international communications infrastructure.
URSP extends slicing by dynamically selecting the most suitable network slice for applications resident on user devices based on required or appropriate QoS, preferences, and security needs, amongst other things. The USRP ensures that devices are directed to the appropriate network slice and was specified in 3GPP Release 16. URSP and the slice selection functions it enables have, for example, been available in Android devices since Android 12 was released in 2021 – so, even though slicing is only now gathering pace, there are millions of devices that can interact with network policy functions to request access to a specific slice instance[3].
An expanded threat surface from network slicing
Of course, slicing and USRP also expands potential security vulnerabilities and the threat surface, as service providers need to ensure security and protect against cyberthreats throughout the lifecycle of the slice and manage existing or ad hoc UE connections. Essentially, what this means is that security processes must act dynamically, because new UEs can gain access to a given slice, under the direction of local applications. If these applications are infiltrated by malware, or even designed to provide attack vectors, slices could be threatened.
In this context, the requirements of a basic IoT-connected consumer device will be very different to those utilising a smart port that serves critical applications, or a corporate network slice that carries confidential data — but each offers malicious actors a potential entry route into the network, from where they can move laterally into other areas of the network and applications. If devices can independently request access to different slices, the potential for malicious activity will be increased.
Ensuring robust security in 5G network slices, therefore, requires a proactive, comprehensive, and holistic approach, on a continuous basis. And, this is required alongside the QoS, availability, reliability, performance, and SLA compliance slices must also deliver.
As a result, slices must be isolated from each other to prevent cross-slice data contamination or leakage. Similarly, security protocols and software patches need to be up-to-date and secure at all point across the lifecycle of the slice; data and users must be validated and authorised; there need to be systems in place to detect intrusions and anomalous behaviours and patterns in the network, as well as a system for business continuity should the network be breached. These represent just a few of the potential security requirements of 5G SA and network slicing security.
NIS 2 Directive compliance demands a holistic approach to network security
The NIS 2 Directive also demands regular security auditing and testing, as well as rapid reporting of security breaches so that information can be shared across organisations within the European Union to ensure aa more robust communications infrastructure.
Securing such a broad threat surface is not possible manually or using traditional siloed approaches to security. The only viable option is automation. The We Are CORTEX automation platform uses reusable process fragments, chains, and function blocks that can be applied on an incremental basis and enable a cross-domain approach to cybersecurity, providing a holistic view of your network, systems, and processes.
Security is a moving target, so the flexibility and reusability of our platform means that you can quickly and easily keep up to date with changing requirements and new threats. Automation eliminates human error, and enables automated security upgrades and patches, intrusion monitoring, compliance, the detection of anomalous network behaviour that could represent an attack, and so much more, and a continuous basis.
Our platform’s reusability and flexibility offer future-proof protection against a significantly expanded, dynamic, and ever-changing threat surface. To find out more about how to start your automated security journey, contact us today or access more in-depth information here.
[1]https://www.analysysmason.com/contentassets/0150978e8a534bf896a388be3acb5e28/analysys_mason_5g_charging_standards_perspective_march2023.pdf
[2] https://gsacom.com/technology/5g/
