enterprisesecuritymag

Positive Technologies Introduces 5G Security Program

By Enterprise Security Magazine | Tuesday, February 16, 2021

MNOs compete with each other and service providers, banks, suppliers, and others who are accelerating their own private 5G implementations. Quick tracked implementation of 5G combined with regulatory criteria ensures that network security should not be an afterthought.

FREMONT, CA: Positive Technologies recently introduced its 5G Security Program to help operators improve their security policies and implement effective activities to ensure their 5G SA/NSA networks and services’ resilience. The UK is one of the most mature markets in Europe in terms of 5G implementations, as individuals and vital national infrastructure grow more dependent on these new generation networks-from mobility, such as autonomous cars, to health care and remote surgery, with major national security, data security, and privacy threats.

Across the globe, governments are implementing tougher regulations and new laws for Mobile Network Operators (MNOs) to comply with to protect their networks and mitigate the danger to subscribers. Last year, the UK Government enacted the Telecoms Protection Bill, which imposes stricter penalties on operators who refuse to protect their networks and subscribers. The European Union has released the EU Toolkit, backed by a paper by ENISA, the European Union’s cybersecurity advisors.

Jimmy Jones, telecoms cybersecurity expert at Positive Technologies who has over two decades of industry experience, comments: “Our comprehensive 5G Security Program shapes security based on individual network infrastructure needs, aligning new business processes with security requirements before doing a full scale 5G rollout. The reality is 5G opens up more threats, network siloes and sheer complexity of new configuration burdens, not to mention constant changes which means more vulnerabilities will appear. Mobile operators need to be ahead of the curve and understand the threats which lurk on their systems. As mobile operators begin to turn their attention to 5G networks, it is important that they do not neglect previous generation networks which have their own vulnerabilities stemming from SS7, Diameter and GTP protocols. Having security part of the design and planning stage means MNOs can save money and avoid overstretching budgets.”

At the beginning of this year, Ofcom held a 5G spectrum auction to boost telecommunications services and allow more users access to 5G networks. The competitive world has become more dynamic. MNOs compete with each other and service providers, banks, suppliers, and others who are accelerating their own private 5G implementations. Quick tracked implementation of 5G combined with regulatory criteria ensures that network security should not be an afterthought.

Not just this, modern and secret challenges are emerging as hackers become more advanced in their tactics that avoid conventional security tools. This is important, considering the lack of expertise in the cybersecurity sector, which means that front-line protections are becoming weak. When telecommunications networks get more complicated, security departments are engaging in automating their security systems to balance odds and cross holes. With a growing demand for hackers' talents on the black market, continuous surveillance of networks is required. These threats vary from lone wolf individuals to large-scale, nation-backed attackers.

Through the 5G Security Initiative, Positive Technologies will analyze and perform an in-depth review of the mobile network infrastructure and identify security professionals' feedback and establish a concrete action plan for targeted 5G security strategies. 5G SA/NSA Core Security Assessment - In-depth audit against SS7/Diameter/GTP/HTTP/2 and PFCP threats: roaming and inbound traffic analysis.

5G Telco Cloud Assessment: Deep assessment of cloud systems and innovations utilized (virtualization, containers, MEC, SDN, NFV, MANO). Integrations Security Health Check-Deep Screening of Telecom Interconnections and Collaboration APIs.

Anti-Fraud Security Assessment: Extensive tests about how resilient the network is to multiple fraud scenarios.

Compliance Check: Check compliance with GSMA guidelines.

Operations Resilience Check: OSS/BSS and in-house market framework evaluation.

Application Security Assessment: Network perimeter audit and security investigation against HTTP, API, and JSON violations in web apps, including black/gray/white box scanning.

5G New Radio Security Assessment: RAN/O-RAN Security Assessment.

Weekly Brief