Cyberattack can plague 5G growth: Here’show telecom can secure their networks?
The increased attack surface due to new technologies like disaggregated RAN and billions of connected devices demands robust security measures, says Fujitsu’s Kaushik Sinha
image for illustrative purpose
Global technology giant Fujitsu is at the forefront of developing solutions for the burgeoning 5G network. In an exclusive interview with Bizz Buzz, Kaushik Sinha, Senior R&D Director and Head of Mobile Systems at Fujitsu Research India, sheds light on the cybersecurity concerns that come with the massive rollout of 5G. "Cybersecurity is one of the most crucial enablers for such massive deployments," says Sinha, highlighting the need for robust security measures to safeguard these complex networks from growing threats
What challenges are telecom companies facing in terms of cybersecurity and data privacy concerns?
5G services have already been launched by more than 270 operators worldwide, with over 1.5 billion 5G connections in existence. Cybersecurity is one of the most crucial enablers for such massive deployments, and various governments are taking measures to minimize network service breakdowns. Due to the new 5G core, disaggregated RAN, network APIs, and the billions of connected devices, the attack surface has increased significantly. Multivendor systems and more open-source software components make it complex to define ownership of defences to a single vendor; either the operator or the largest vendor usually takes this responsibility.
Malware attacks, including ransomware and spyware, have increased in the last few years, posing increasingly serious challenges for operators. Various SMS-based threats and attacks have also risen. These methods often involve some level of social engineering. Phishing attacks have evolved to exploit human emotional responses, causing targets to click malicious links in states of panic, depression, enthusiasm, or simply in a hurry. The use of SMS Application-to-Person (A2P) messages with manipulations using grey routes and illegal interconnections, fraudsters avoid paying any termination fees. Quishing, i.e., QR code-based phishing, has also been observed in a few regions recently, where users are directed towards malicious content by scanning manipulated QR codes. To assist telecom companies, a few AI/ML innovative solutions, such as SMS analytics, have emerged. However, attackers are also becoming more adept at using similar techniques, presenting significant challenges for operators.
How ARM architecture innovations are reducing operator OPEX?
ARM architecture was originally optimized considering power efficiency targets for mobile devices. Compared to the most prevalent Intel architecture, ARM started with faster and simpler processing instructions bringing power efficiency and speed benefits. Now such processor architecture is also used in many Data Centres. Since ARM is an Architecture concept and any SoC vendors can use it and add innovative enhancements based on their target use cases, it helps bring down overall cost of SoCs because of competition as well. Supportive platforms and frameworks are another innovation enablers where open-source communities can contribute.
On the other side, global telecom operators indicate two major technology trends. Firstly, they are deploying radio networks on cloud infrastructure – both on the edge and on centralized deployments, such as data centres. Core networks can be anyways deployed seamlessly on cloud infrastructure. It is worth noting that as per a GSMA estimate energy consumption costs between 20-40 per cent of total network OPEX. Data centres are also known for costs associated with cooling down infrastructure.
Secondly, many techniques, such as, massive MIMO which is being used in 5G and may continue significantly in 6G also, consume more power especially because of many transmit and receive lines with power hungry hardware components. Considering these two trends and possibly more, overall operators need power efficient building blocks making ARM based chips increasingly popular.
How can Network Management Systems (NMS) play a pivotal role in enabling operators to proactively monitor, troubleshoot, and optimize their network performance?
Network Management Systems (NMS) have complete visibility of each network element within the entire network. Along with other entities, such as, oRAN Service Management and Orchestrator (SMO), NMS software provides an integrated framework for planning and managing the entire network. Operators deploy software upgrades to thousands of network elements simultaneously using NMS software. With evolved network automation and AI/ML techniques, better planning, monitoring, and deployments are possible. oRAN provides an architecture to support RAN intelligent controllers, and the non-real time RIC can be hosted along with NMS and SMO software. Many innovative solutions have been created around network optimization, efficient deployments, energy efficiency, and quicker root cause analysis based on AI/ML techniques.
Because 3GPP and oRAN provide data model definitions as well as data collection interfaces, applying AI/ML techniques is now enabled under SMO or NMS control by design. Fujitsu's 5G solution also supports most of these use cases including quicker root cause analysis of network issues.
What role can emerging technologies like edge computing, network slicing, and virtualization play in transforming the telecom industry's service offerings and operational efficiencies?
These emerging technologies provide numerous advantages for both the operators and the users. Edge computing improves latency and enhances user plane performance. For example, the User Plane Function (UPF) can be hosted near the Radio Access Network (RAN) or alongside RAN software at the same site location. In fact, NVIDIA provides a 5G RAN platform and framework where the UPF can be hosted on the same platform as GPUs. Fujitsu has successfully conducted trials with the NVIDIA 5G RAN solution and will continue offering RAN solutions together.
Distributed Unit (DU) software, i.e., 5G RAN L2 and L1 software, is typically deployed at the cloud edge to provide better fronthaul latency. Network slicing is a versatile, flexible, cost-effective, and fundamental feature of 5G. However, it has not been widely deployed by global operators so far; mainly, enhanced Mobile Broadband (eMBB) use cases have been launched by most of the global operators. Similarly, virtualization techniques offer advantages such as scalability, capacity, security, redundancy, and speed of deployment. Fujitsu offers a carrier grade virtualized solution for 5G RAN in a hardware-agnostic manner. We aim to provide a truly flexible, multivendor solution based on open architecture principles. Most of these techniques will also be used and will continue to evolve with 6G use cases.
As the telecommunications industry transitions towards Open RAN architectures, what are the specific security challenges that vendors like Fujitsu must address to ensure the integrity and resilience of these networks?
ORAN architecture is based on disaggregated RAN principles, meaning that legacy monolithic RAN products are now divided into various smaller, simpler, independently deployable logical functional software blocks. This also introduces many new interfaces between these RAN software blocks. Each such interface must be carefully designed to ensure that security principles are followed as they expose newer attack surfaces. This is easier said than done. There are variety of protocols used in these interfaces. OEMs must ensure, e.g., in case of SMO related interfaces, Transport Layer Security (TLS) protocol along with Netconf stack is always upgraded to the latest versions as mandatory because they provide fixes for many older vulnerabilities seamlessly. Detailed Threat analysis and Security Specifications are collaboratively being evolved in oRAN WG11. Fujitsu 5G Radio Access products plan to enhance Security feature sets with these recommendations and on similar lines beyond them as well. It is also important to note that there are Security testing related Work Items under discussions in oRAN. They are good references to ensure security features are validated on these open interfaces providing needed reliability.
What innovative solutions is Fujitsu bringing to the table to address the unique security vulnerabilities associated with virtualized and disaggregated RAN components?
Fujitsu has a legacy of many years of successful 5G/4G RAN products for DOCOMO networks. This solution is already 3GPP Security compliant from air interface considerations. With Open RAN, where there are many disaggregated RAN components, there are many new interfaces between these components, and hence the attack surface has increased manifold. Though we have considerations of advanced security frameworks, as a first phase, we are bringing features mostly as described in oRAN Security specifications. There is a set of security protocols, such as SSH, TLS, Secured FTP, and DTLS that radio products must support. A few protocols, such as TLS 1.2, have known vulnerabilities, many of which are fixed in TLS 1.3. So, it is important to keep upgrading to the latest releases. OEMs must be careful about open-source software being used as well, as it may be used by hackers for malicious purposes with known vulnerabilities. The good news is that all ecosystem partners, such as GPU vendors and virtualization/cloud platform vendors, are also providing increasingly mature security solutions. If good security principles are followed, such as mutual authentication, access control, trusted communication, secure storage, and if the mindsets of ‘Security by Design’ and ‘DevSecOps’ are practiced, 5G and 6G RAN products will be more secure.