Who is responsible for securing the mobile ecosystem? What are the implications of 5G “boundless connectivity” for the security of connected cars and e-health applications, as well as network slicing and other evolving mobile network technologies?
These were the questions discussed during our presentation at the ETSI (European Telecommunications Standards Institute) Security Week’s 5G Security session, “Threat Prevention in a Hyper Connected 5G Environment.” Security concerns for network function virtualization were further discussed in a Palo Alto Networks-led panel, “NFV Deployment Security Challenges & Opportunities,” also held at the conference.
The recent WannaCry ransomware attacks and the Mirai botnet attacks last year signal that cyberattacks have become a global threat that crosses industrial, national, public network and technological boundaries, and must be more fully addressed by all parts of the mobile ecosystem. The Mirai and WannaCry attacks were not particularly focused on exploiting mobile devices or network vulnerabilities but they demonstrate the growing capabilities of attackers using automation strategies to make broad sweeps to locate vulnerable devices in any network, install malware, and launch attacks against consumer, business, and public infrastructure. Both attacks exploited inattentive subscribers or IT users/admin who had not deployed basic protection mechanisms for their devices or had not updated them with available patches.
For mobile network operators furiously working to evolve their networks to NFV and prepare for the massive IoT demand with 5G, the security implications of these and other types of threats are significant. The level of participation at the ETSI Security Week conference demonstrated that growing concern.
Over the years, for 2G to 3G, the mobile industry has implemented rigorous security standards into proprietary network technology with near perfect results. But with the IP basis of 4G and the introduction of smartphones, the threat landscape has massively changed, and more threats are now emerging. In fact, in a Mobile World Live survey, when asked who is responsible for securing the mobile ecosystem, 62 percent of respondents said the mobile network operator is, even though MNOs have virtually no control over their subscribers, nor their subscribers’ devices or applications. The industry seems to be asking MNOs (as well as other service providers) to step up and play a bigger role in securing the ecosystem, but the challenges in doing so are enormous and will require broad cooperation from all ecosystem participants.
Palo Alto Networks helps mobile network operators to meet the 5G and IoT challenges with our Next-Generation Security Platform, which provides full application-layer visibility as well as prevents malware installation and successful execution. For more information, download the white paper, “Protect IoT Opportunity With Network-Based Security.”