5G Networks Lack Adequate Cloud Security

5G systems provide accelerated communications, but they can be a target for cyber attacks if they are not properly secured. 5G, with its promised high-speed, low-latency performance, is finally here and with it a plethora of intriguing cloud computing developments loom.  

It seems almost impossible to overstate as 5G’s impact on the ability to create, store, use, and share data will be felt across most business sectors, especially those using the Internet of Things (IoT), AI, and machine learning.  

Already redefining business networks, 5G will also shift the role that cloud computing and networks play in storing, moving, and accessing data as innovation drives and creates more technological applications for digital business transformation. However the nature of 5G networks exacerbates the cyber security threat. Fifth-generation networking is inherently cloud-based and the recommended mitigations go far beyond the implementation of multifactor authentication to validate user identity. 

5G systems provide accelerated communications, but they can be a target to cyber attacks if they are not properly secured. 

Major US federal agencies have released the first in a series of reports detailing their expectations for providers of fifth-generation networking equipment and services. Addressing cloud providers and mobile operators, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) said: “5G networks should assign unique identities to all elements (and preferably to each interface) that will communicate to other elements in the 5G network”.

The report focuses on preventing and detecting lateral movement so that if one cloud resource is affected the entire network doesn’t become compromised.

Overcoming confusion around the shared responsibility model for cloud security has been part of the challenge. “Cloud providers and mobile network operators may share security responsibilities in a manner that requires the operators to take responsibility to secure their tenancy ‘in the cloud,’” the report says.  

Military Application Of Cloud Enabled 5G

The US Dept. of Defense and its component forces are focused on the need for increased connectivity in their military operations and the Pentagon has been planning a shift to fifth-generation communication technology. The technology that is being used to advance commercial industries has various applications in the military field.

A 5G-enabled “network of networks” established by Lockheed Martin integrates military and enterprise networks, and leverages existing telecommunication infrastructure technology. Lockheed aims is to enable seamless, resilient and secure connectivity and data flow across all battlefield assets in order to deliver prompt and decisive action on the battlefield.

5G networks are designed to be more secure than previous technology generations by providing link layer protection to prevent eavesdropping and tampering of data in transit. but no network technology provides end-to-end security. 

CISA and the NSA said that 5G service providers and system integrators must measures to block and detect lateral movement in the 5G cloud. To counter threats it is vital that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. 

GSMA Intelligence:    ITPro:    Nextgov:    I-HLS:   Brookings:    I-HLS:   Bleeping Computer:   IT Business Edge

You Might Also Read: 

Properly Securing Your Cloud System:

 

« Artificial Intelligence Could Be As Powerful As A Nuclear Weapon
Cyber Effects On The Legal Profession »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.