As the attack surface area in 5G IoT environments increases, IT professionals must thoroughly examine the risks of a growing device network
In what seems like the blink of an eye, fifth-generation wireless technology went from a fantastic notion to a global rollout of connectivity solutions that are quickly becoming table stakes for enterprises operating in a contemporary, digital ecosystem. Compared to wired broadband solutions, 5G delivers a growing capacity for the speed, reach, and growth needed to deploy IoT technology across industries. But even with the ballooning benefits of 5G, IT professionals are wrestling with questions centered on 5G IoT and WAN edge security.
Is the adoption of 5G IoT worth the increased attack surface? Let’s find out.
How does 5G enhance IoT?
The relationship between 5G and IoT is similar to that of a wall and climber, where IoT is a rapidly ascending climber using 5G as a wall of support.
5G density has the capacity to support up to 100 times more connected devices within the same physical area as 4G LTE. Seeing this potential, enterprise businesses are finding new, innovative ways to include hundreds or even thousands of sensors, cameras, meters, and other IoT devices in their data collection and analysis processes.
The scalability of 5G is unprecedented and favors IoT, leading to predictions that by 2025 there will be more than 75 billion IoT connected devices in use — an increase of nearly 300% from 2019. In addition to scalability, 5G benefits for IoT include low power consumption, ultra-low latency, reduced operational costs, and blazing fast speeds without sacrificing quality of service. On top of these perks are a considerable number of security improvements over 4G cellular technology.
Exploring the benefits of 5G security
Organizations benefit from the inherently more secure characteristics of 5G as defined by the 3rd Generation Partnership Project (3GPP). These improved 5G security standards have been developed and tested over the last several years and include:
- Authentication framework that relies on the originating network to make final authentication decisions in addition to ensuring all authentication communication is encrypted.
- Prevention of false base station attacks by postponing International Mobile Subscriber Identity (IMSI) information until after authentication.
- Service-Based Architecture (SBA) at the network core, which enables agile programming and network slicing.
- Expanded roaming security made possible by a security edge protection proxy (SEPP) that filters and encrypts all communication across the user plane.
- User plane protection between devices and cellular towers to mitigate man-in-the-middle attacks.
With cloud-native SBAs and tenets of zero trust in place to improve confidentiality and data privacy, there is seemingly little opportunity for data breaches in a 5G environment. But how secure is 5G really?
It’s important to note that 5G is inherently secure. Although data breaches are often credited to 5G IoT security vulnerabilities, these security failures usually are the result of certain vendor technologies operating on the 5G network within a single ecosystem.
IoT devices are vulnerable to security threats due to the simplicity of their hardware and communication protocols. By entering the network through blind spots found in these connected devices, threat actors may be able to make lateral moves throughout the expanded IoT attack surface. Simply put, the onus of 5G IoT security deficiencies lies with the IoT framework, not the 5G network.
How to secure 5G IoT technology
Operating with a security-first mindset is key to tackling the ins and outs of 5G IoT. This starts with taking the time to understand and educate IT teams on where IoT security issues occur and how to prevent them.
IoT security breaches can occur in one of three architectural layers: the perception layer, the network layer, or the application layer.
- The perception layer includes sensors, meters, actuators, cameras, and other connected devices. Security breaches within this layer are typically attributed to device theft, sniffing attacks, and terminal or radio frequency identification (RFID) security.
- The network layer — home to the IoT router or gateway — is where 5G IoT security truly comes into play. Attacks on this layer are typically attributed to network or LAN security, routing issues, or the security of data in transit.
- The application layer includes servers and the cloud that may be susceptible to attacks from software bugs, access control, application programming interface (API) issues, or denial-of-service/distributed denial-of-service (DoS/DDoS) attacks.
Investing in a non-client-based 5G Wireless WAN router can simplify the detection and prevention of security threats by providing built-in, end-to-end network visibility. On top of an effective hardware solution, 5G security overlay features including zero trust network access and network slicing play significant roles in effectively reducing the attack surface of the WAN edge.
ZTNA solutions safeguard networks
A zero trust strategy is the linchpin of all 5G security principles for edge computing. ZTNA looks at the entire IoT network through the lens of continuous inspection and authentication. In a zero trust environment, access is specifically granted per resource, per connection after authenticating and authorizing the user, and is continuously monitored once granted. By vetting users and devices throughout their session rather than just at the beginning, this security measure uses policies to ensure users aren’t crossing segmentation boundaries and doing more than what they’re allowed to, based on their profile.
5G network slicing amps up security through isolation
Network slicing is an effective defense against attacks, executed by dividing the network into virtual, isolated slices. Each slice is tailored to host various types of traffic based on speed, latency, quality of service (QoS), and security needs. By segmenting the network, traffic on one slice is unable to “cross over” or interact with traffic on another slice. In an IoT environment, this means devices can be routed to their own slice based on their unique use cases and security needs. If a threat actor were to infiltrate the network via one of those devices, the range of impact would be stifled thanks to the isolated slices.
Just as every new car on the interstate ramps up the potential number of hazards on the road, each new IoT device activated on an enterprise network adds an incremental level of risk. While IoT security is bolstered by the addition of 5G, IT leaders must build secure infrastructure architecture based on zero trust principles and continue to be diligent in their research of vendors, manufacturers, and service providers supporting their enterprise growth.