The U.S. Department of Defense and other agencies across the federal government are preparing for 5G connectivity. With higher data speeds and latency improvements along with greater agility, efficiency and openness, secure 5G adoption will be a core driver of digital transformation.
Agencies’ internal network teams, contractors and traditional service providers will adopt private 5G subscriptions to run small cells across many environments, from campuses to military bases to mobile environments, like aircraft carriers. 5G networks will also accelerate exponential growth of connected Internet of Things (IoT) devices, which will be increasingly integrated into federal infrastructure.
Yet before agencies begin to take advantage of this powerful new technology, they must understand that along with 5G’s benefits come elevated cyber risk, expanded threats and new vulnerabilities. Far more capabilities than ever will be vested in technology over open radio waves rather than closed networks. Legacy cybersecurity solutions, which primarily focused on protecting the perimeter, will not be able to defend against a bigger and more complex attack surface. That means a broader security approach is needed. This nascent stage is the time for federal agencies to start preparing for secure 5G adoption.
5G’s Escalated Security Demands
Protecting 5G will demand the same level of strict controls and protections that are applied to physical network infrastructure. This requires implementing several proven practices.
First, imposing accountability is enabled through granular logging and deep visibility into encrypted tunnel traffic that is analyzed for threats.
Second, Zero Trust access should be implemented. As with traditional network access controls, 5G users should only have access to what is needed to perform their day-to-day functions. Because newly connected devices will rely on analytics from the applications they work with, all network traffic will need to be segmented and prioritized to make sure the highest-performing traffic has the necessary quality of service, latency and network performance.
Third, 5G will require determining the subscriber ID, then applying granular controls to verify how and from where a user or device is attempting to gain network access. End user and IoT devices will need to be dynamically protected against known and unknown vulnerabilities. There will be sensors on 5G networks that still use legacy operating systems and vulnerable firmware that must be secured.
Exposing those devices to 5G’s power will require deeper visibility and controls, which is best achieved by automating mechanisms to find device vulnerabilities as well as classifying the controls needed to quickly remediate them. Moreover, as 5G scales to connect more devices, human operators that run legacy security operations centers (SOCs) won’t be able to keep up. Automation will be the only option that is fast and efficient enough to isolate and counter threats as quickly as they’re found.
Palo Alto Networks: First in 5G-Native Security
Palo Alto Networks offers the industry’s first 5G-native security solution, enabling end-to-end security from the control plane, to the user plane, through the applications. That includes containerized 5G security, real-time correlation of threats to 5G identifiers and 5G network slice security. These sophisticated capabilities enable agencies to achieve secure 5G adoption, protecting the breadth of their IT infrastructure:
- Devices: Palo Alto Networks provides deep visibility into the latest movement of malware traffic traversing a firewall or segmentation gateway. We correlate that movement to the subscriber or hardware identification number of mobile end user devices on a 5G network, so threats can be isolated and stopped before they propagate.
We also use network telemetry and machine learning to discover each IoT device on a 5G network and classify it by its purpose. Our Next-Generation Firewalls (NGFWs) then recommend policies that are dynamically built to allow only normal network behaviors for IoT devices in the same category.
- Applications: Applications that run on 5G networks require consistent security, adopting Zero Trust practices and enabling DevSecOps. The Palo Alto Networks NGFW can be deployed in physical, virtual and containerized form factors to meet the flexible needs of varied hosting environments. Our single pane of glass view provides visibility into network traffic, asset security posture and ongoing network events. This gives operators a deeper understanding of their 5G deployment’s health.
- Networks: Attacks on the underlying infrastructure are among the largest threats to 5G networks. Palo Alto Networks goes beyond the protection against misuse and exploitation of 5G signaling protocols. We inspect network traffic and prevent distributed denial-of-service (DDoS) attacks by dropping traffic that is overwhelming traffic patterns. Preventing attacks against the packet core is the best way to ensure availability of 5G transport.
Of course implementing Zero Trust is critical to secure 5G deployments. Acting as a segmentation gateway, Palo Alto Networks NGFW (compliant with NIST 800-207.1) implements granular security, specific to each slice of a 5G network. That helps to ensure security, speed, performance, low latency and delivery for high-priority traffic. Combining our Equipment ID and Subscriber ID with our App-ID and Content-ID technologies allows agencies to define granular Zero Trust access policies.
The Palo Alto Networks robust security platform provides end-to-end protection for the 5G networks that will soon be running many agencies’ mission-critical operations. Our single platform, which integrates with 5G core capabilities, will help agencies ensure stability, performance, availability and integrity of 5G infrastructure and devices.
Read the white paper, Preparing for 5G: A Security Primer for Federal Agencies, to learn more about 5G’s advanced features and how Palo Alto Networks solutions can help agencies prepare for secure 5G deployments. You can also watch What Is 5G Security? to start taking control of the security risks in 5G environments.