The FCC is concerned about 5G security – shouldn’t you be?

In today’s 5G world, DDoS attacks have the power to disrupt network services and disturb the mobile subscriber experience to such an extent that customers may lose faith in their mobile carrier and leave, contributing to increased rates of subscriber churn and penalties due to SLA breaches.

For quite some time, my colleagues and I have been evangelizing the importance of 5G network security, not just to improve the quality of 5G services, but to help safeguard 5G network ROI and the viability of 5G offerings all over the world.

Perhaps the message is getting through. At least I’d like to believe so.

Back in April, the FCC announced its intent to re-establish the Communications Security, Reliability, and Interoperability Council (CSRIC), which will provide advice and recommendations to improve the security, reliability, and interoperability of the nation’s communications systems. Acting FCC Chairwoman Jessica Rosenworcel will ask the CSRIC to identify 5G security as a primary focus.

As part of the announcement, Rosenworcel said, “I am committed to working with our federal partners and the private sector to increase the security and resiliency of our nation’s communications networks. That is why I am refocusing and revitalizing the FCC’s Communications, Security, Reliability, and Interoperability Council for the challenges of today and tomorrow.”

Although the FCC may be more concerned with the impact of 5G security on national and business segments, for those of us in the private sector, it’s reassuring to see an outside expert, the FCC, drawing attention to the need for 5G security. We should embrace any activity that helps to address the threats to the proper functioning of 5G networks, which are especially vulnerable to the looming threat posed by DDoS attacks.

Even before the FCC announcement, innovative “greenfield” network operators already recognized the importance of cybersecurity to the viability of their mobile networks. Happily, some of them went a step further and are working with Allot to protect their networks.

For example, DISH is building the United States’ first cloud-native, OpenRAN-based 5G network and they selected Allot to protect the network and customers from cybersecurity threats.

DISH wrote more about this in a whitepaper that explains their reasoning behind this and the rollout of their new 5G network.

DDoS attacks: The bane of 5G network operators

Experts agree that DDoS attacks are increasing in volume and complexity. In the telecom industry, whether aimed at the network or at individual users, every volumetric DDoS attack dumps garbage traffic onto the network which can affect customer Quality of Experience (QoE) and even lucrative SLA fulfillment for business customers. That’s why every telecom service provider needs to have a comprehensive DDoS attack protection solution for their network.

But will DDoS attack protection designed for 4G networks work on a 5G network? Typical 4G solutions, which are usually based on non-inline detection and mitigation, are not as effective. With 5G, the threat landscape will grow exponentially larger for a number of reasons including massive deployment of IoT – adding many millions of new connected devices to the network – the growth in potential points of attack with hundreds of traffic sensitive MECs, and the greatly increased throughput per connection. Add to that the expectation for ultra-low latency for critical applications and you can see how even a relatively small DDoS attack can cause problems.

It’s never too early to start protecting the network

It is not uncommon for new technologies, which bring fantastic benefits to the market, to also bring with them challenges – and security is usually at the top of the liabilities list. Fortunately, with 5G, many of the vulnerabilities have already been identified and the difficulties in implementing inline solutions have been bridged. That’s not to say that, as 5G technology matures, we will not discover new security vulnerabilities. But, it is important that 5G providers plug the holes that they know about as soon as possible. In some cases, intuitive CSPs are working on DDoS and botnet attack mitigation before their 5G networks are even built.

For DDoS and botnet attack protection that blocks even the most evasive new attacks while providing in-event QoE assurance for mission critical apps, 5G network providers need to implement an effective solution to protect the network traffic. The solution needs to be tightly embedded in the network and comply with Service Based Architecture, one of the cornerstones of 5G networks, so subscribers can be properly tracked and quarantined to prevent future attacks.

The solution should be able to mitigate attacks that are initiated from the internet, from the malicious network subscribers, and from other internal and external sources. Additionally, it should be fast enough to handle the massive amounts of traffic that need to be checked to enable fast and accurate attack detection and mitigation. These considerations serve as building blocks in the construction of a well-protected 5G network that offers excellent QoE and to ensures a trusting relationship with customers.

For more info, the team and I have gathered some useful resources, which are currently available online.

If you enjoy podcasts, then you can learn more about 5G vulnerabilities (and mitigation) in this episode:

Previous
Nurturing a healthy digital transformation process
Next
Flubot Threat Bulletin – Allot blocks over 140M C&C connection attempts

Leave a Comment

Your email address will not be published. Required fields are marked *