5G and 5 essentials for victory

5G is one of key technologies of the coming decade and it is going to be much more capable than 4G — focusing on digitalization of all verticals based on advanced IoT

/ By Matjaž Beričič, Director, ICT and Network Services; Janez Anžič, Director Service Operations Center; Metod Platiše, Product Manager Cyber Security, B2B, Telekom Slovenije

In a high-risk business environment that demands business continuity and must follow the highest IT security standards and compliance, cyber security assurance can only be a successful when it is the result of systematic and strategic plan­ning. Any cyber security assurance process must include the following 5 essential activ­ities in order to prevent, detect, respond and recover from threats. Size and variety of risks is increasing with time, and the emerging 5G era is going to further boost these risks.

5G is bringing new dimensions of digita­lization to 5 key verticals: energy, healthcare, transport, manufacturing and also public protection and disaster relief. If there are 4 essentials for 5G deployment (new spectrum and antennas, network and IT transforma­tion to 5G cloud, sales transformation to support “use case-driven network” for the verticals, new terminal equipment) the 5th essential is preparedness– the capacity and competence to assure cyber security — and strong telcos have that capabilities.

The current secure 4G converged ICT solutions include permanent risk manage­ment run by key telcos in highly dynamic and complex ICT environments. They need to provide the e2e view on cyber security, need to be competent to manage the whole chain from end-point-devices to interna­tional connectivity and process driven orga­nization with 24/7/365 operations, involving critical mass of personnel with established people training and competence built pro­grams. Telekom Slovenije is one of such tel­cos and it holds the ISO27001 and ISO 22301 certificates, proving its capability and com­mitment to security.

4G mobile technology was introduced seven years ago and at the moment more than 60% of the global population is using it. Telekom Slovenije 4G+ (LTE-A) network provides high performance and is the lead­ing mobile network in Slovenia. It provides highly competitive coverage and capacities to and highest possible mobile data speeds despite increasing traffic demand and is– it is best network, proven by independent inter­national benchmark tests and the only one in the country that supports VoLTE. (Voice over LTE). All this makes it best prepared for the 5G chapter. 4G already provides ca­pability for fixed wireless access temporary solution and IoT solutions for different busi­ness verticals. However, 5G will support that to an even greater degree. 5G is one of key technologies of the coming decade and it is going to be much more capable than 4G — fo­cusing on digitalization of all verticals based on advanced IoT.

We envisage an open 5G infrastructure that can support various virtual dedicated networks, achieving economies of scale with critical mass to cope with all the challenges. 5G technology is highly complex, and con­sequentially it is essential to have highly ed­ucated and trained experts who are already experienced in 4G technology and security. 5G requires managing a full set of technol­ogies — antenna systems, base stations, fron­thaul/backhaul transport systems, aggrega­tion, core network, service network and the terminals. Countries like Slovenia need a smart 5G strategy to support a smooth and sustainable deployment with efficient uti­lization of spectrum. 5G can only be built as an upgrade to existing 4G, but even this requires significant investments to establish the 5G core system functions and upgrade the base stations.

Additionally, the trend of mobile reve­nues coupled with a lack of clear 5G busi­ness cases are not conducive to appealing market development scenarios. 5G has also prompted a global information warfare re­lated to health concerns of 5G radio signal. Analysts see this side attack on 5G as geopo­litically motivated. Some of the players try to undermine others and tie them up in fights over 5G’s environmental and health hazards fears. Consequently, 5G infrastructures will also have higher physical security risks. Nev­ertheless, stakeholders have to assure safe levels of total emitted radio signal energy, es­pecially where numerous 4G/5G infrastruc­tures per country would be deployed.

The first phase of 5G is the pure upgrade of 4G according to 3GPP (3rd generation Partnership project) Release 15 . Initial user experience is not fantastic, but it will evolve and overtake 4G in the coming months, es­pecially when 3GPP Release 16 comes after 2020. With all built-in security measures and well-managed 4G/5G, all types of security risks are reduced significantly.

Close EU-wide cooperation is essential both for achieving strong cybersecurity and for reaping the full benefits of everything that 5G will have to offer

Abuses in ICT come as sophisticated, co­vert and innovative. Cyber security is based on active involvement of experts, technology and processes. Recently, IoT has present­ed new challenge in application of security. Telcos have to perform strict verification of security communication protocols, authen­tication, code and system hardening of ap­plication servers. Preparation and protection is mandatory, but telcos also have to deploy strong detection capabilities. Analyzing tons of security monitoring data from all the sources, including the 5G network, com­bining it with external threat information in real-time is the main capability of Telekom Slovenije Cyber Security Operations Center that is running 24/7/365, which also pro­vides services to business customers. It will be one of the main trusted anchors for 5G as well.

5G capabilities like network slicing, ca­pacity, availability and security will be game changers in mobile data services. This is es­pecially important for critical services that require guaranteed communication. These technologies will be able to provide strictly separated communication services for differ­ent entities with different SLA (Service Level Agreement) parameters and the highest se­curity level based the virtualization of net­work functions. Since the environment and the society cannot sustain too many physical 5G infrastructures due to limitations such as the lack of cell tower space, frequency spec­trum and technical experts to manage the technology safely, this concept will help to maintain adequate level of competition and flexibility.

5G security includes many aspects, e.g., application security, network device securi­ty, deployment security, operation security etc., and there are different scenarios based on variety of network architecture, network elements and several mechanisms. Common recommendations and requirements for 5G Cyber security consist of standardized secu­rity solutions (GSMA/3GPP) and certifica­tion of equipment at the EU level by a inde­pendent verifying entity.

From the perspective of security, the whole 5G network follows a layered & do­main-separated model, defined by the ISO 19249 standard.

The 5G ecosystem includes application/ service providers (application layer), user device (IoT/Smartphone), vendor (User do­main), network vendor and operator (net­work domain). For the security certification of assurance, the GSMA (GSM Association) has defined a set of standards jointly with 3GPP on it, i.e. NESAS (Network Equipment Security Assurance Scheme) & SCAS (Secu­rity Assurance Certification).

Close EU-wide cooperation is essential both for achieving strong cybersecurity and for reaping the full benefits of everything that 5G will have to offer. National risk as­sessments include an overview of main threats and actors affecting 5G networks, the degree of sensitivity of 5G network compo­nents and functions as well as other assets and various types of technical and non-tech­nical vulnerabilities, including those po­tentially arising from the 5G supply chain. Based on the information received through the national reports, member states, and together with the Commission and the EU Agency for Cyber Security (ENISA), will prepare a coordinated EU-wide risk assess­ment by 1 October 2019. ENISA is analyzing the 5G threat landscape in parallel as an ad­ditional input. By 31 December 2019, the EU Network and Information Security directive (NIS) Cooperation Group, which leads the cooperation efforts together with the Com­mission, will outline a toolbox of mitigating measures to address the risks identified. By 1 October 2020, member states will need to evaluate the effects of measures implement­ed to assess whether further intervention is required. After the implementation of the Cybersecurity Act, Commission and the EU Agency for Cybersecurity will set up an EU-wide certification framework covering 5G networks and equipment.

Any norm related to 5G security should comply with the following 5 essential re­quirements:

• Harmonization at the EU level
• Support of security standardized ap­proaches (GSMA/3GPP)
• Coordination with additional security initiatives (GDPR, NIS)
• Equipment certification
• Efficiency in costs with minimal impact in Time-To-Market

You can also follow #BusinessBSF on Twitter, Facebook, and Instagram. Full versions of past panel discussions are available on our official YouTube channel.