Bringing Zero Trust in 5G Orchestration and Automation
5G continues the trend of cellular technologies becoming more secure, with new security features that make it more difficult for attackers to exploit vulnerabilities. The 3rd Generation Partnership Project (3GPP) has standardized 5G as the most secure foundational wireless technology yet. As the first cellular technology designed for cloud deployments, further security considerations are necessary to ensure the safety and integrity of the system.
The evolution of 5G network functions for Core and Radio Access Networks (RAN) is progressing to become cloud native. 5G's transformation to open interfaces, containerized applications, and cloud-based deployments enables new capabilities and introduces new security risks. To maintain the highest level of security, organizations must consider cloud security best practices, multi-layer security controls, zero-trust architecture (ZTA), and supply chain security.
Collaboration between various stakeholders is essential in a multi-stakeholder environment like the cloud. To ensure a secure environment, software vendors, platform vendors, mobile network operators (MNOs), hyper-scale cloud providers (HCPs), and system integrators (SIs) must work together and establish clear roles and responsibilities for implementing security architecture and controls.
Given the complexity of the environment, telecom operators must prioritize the security of orchestration and automation. To achieve this, it is essential to explore ways to mitigate risks while implementing Orchestration and Automation.
Zero Trust in 5G Orchestration and Automation
To cater to the diverse range of new use cases for 5G, 5G network functions must be flexibly deployed across RAN, Transport, and 5G Core (5GC). This flexibility is provided by multidomain network orchestration and software-defined networking (SDN) architectures, which efficiently deliver orchestration and automate multiple 5G network instances with tailored services.
Common abstractions allow SDN-enabled resources such as networking, processing, and storage to fulfill a business purpose. Open and programmable interfaces in SDN and orchestration layers allow dynamic control and automation of network slice creation and operation.
However, orchestration and automation introduce an expanded attack surface that can be exploited through vulnerabilities such as improper isolation, insecure API implementation, unauthorized user and function-level access, excessive data exposure, broken object level, data exfiltration, data hoarding and sniffing, and denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks on the SDN, orchestration, and automation layers.
To mitigate these risks, organizations can take several steps, including implementing role-based access control (RBAC) and more granular access controls, integrating an application protection and policy enforcement layer, closely monitoring orchestration and automation layers, and implementing a secure API strategy.
Close monitoring of orchestration and automation layers is necessary to identify any behavioral anomalies that may lead to risks, such as data exfiltration and data hoarding, which can then be mitigated.
Conducting penetration tests and audits on APIs and applications using APIs is also critical to ensure secure APIs and contribute to secure orchestration and automation communication with the network functions.
Implementing RBAC and more granular access controls, such as microservice to user policy mapping, can authorize access to the service layer, orchestration, SDN, and 5G network functions deployed in the public cloud, on-premises, or hybrid models.
The orchestration and automation layer should integrate with an application protection and policy enforcement layer that scans all software images before execution to enforce policy checking and validate execution permissions. Such scans should prevent the deployment of untrusted and vulnerable images. These block containers that violate its runtime model based on the configured runtime rules and avoid deployment of such instances by the orchestration solution.
Conclusion
In conclusion, the cloud-native nature of 5G network functions requires enhanced security considerations to ensure the integrity and safety of the system. Organizations should collaborate with stakeholders to implement best security practices and mitigate the risks associated with orchestration and automation. By following these guidelines, organizations can ensure that 5G security is maintained at the highest level.
Virtualized Network Functions (VNFs) serve as essential components for delivering services, and as we move towards future transformations, it becomes crucial to introduce automation across all elements of the 5G network infrastructure (applications, data, and infrastructure). To meet this demand for agility, our comprehensive automation orchestration and management solution provides a robust framework that incorporates policy-driven governance, compliance, security, and performance considerations. By leveraging our workflow automation solutions, organizations can automate a wide range of workflows originating from diverse data sources. Furthermore, these solutions seamlessly integrate applications and processes, enabling the rapid and reliable delivery of digital business services.
ACL Digital is a leading provider of 5G security solutions. We offer a comprehensive suite of products and services that help organizations protect their 5G networks from cyberattacks. Our solutions are designed to meet the unique security needs of 5G networks, and we offer a wide range of features and capabilities to help organizations achieve their security goals.
To learn more about our 5G security solutions, please visit our website or contact us today. You can also download our Zero Trust eBook here.