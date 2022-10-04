New cybersecurity frameworks were developed to address the new class of vulnerabilities within 5G networks, far more complex than the earlier generation of physical networks.

With the goal of fostering innovation while accounting for an entirely new holistic security architecture, having the right testing strategy at the right time is the key to 5G success.

Network operators are deploying 5G networks around the globe on a widespread scale.

This technology trend is defining and transforming the technological landscape for the foreseeable future.

Meanwhile, a myriad of new 5G devices is appearing in the market, with many more to come. The requirements for 5G security are continually evolving, as is the attack surface.

To face that challenge, 5G security was substantially redesigned to address the known vulnerabilities that existed within the architecture of earlier networks.

New cybersecurity frameworks were developed which include:

Zero Trust and Zero Trust Network Access (ZTNA)

Use of encryption on the transport level

Mutual authentication

Secure Access Secure Edge (SASE).

The new complexity in these 5G security frameworks, however, must also account for the continuous and growing number of new vulnerabilities.

Therefore, building security from the beginning of 5G architecture development, rather than bolting it on later, is key.

The goal is to not only be capable of implementing trustworthy 5G services, but to also foster innovation, keep pace with it, and add new value continuously.

To achieve this, a comprehensive testing strategy is required, right from the start.

This facilitates timely test campaign development to validate and in turn ensure trust in the security measures you put in place.

This validation must identify vulnerabilities and test to ensure the 5G architecture is secure.

Top five 5G security threats discovered by Spirent SecurityLabs

Through Spirent’s extensive global SecurityLabs engagements, the top five 5G vulnerabilities exposed were:

Unauthenticated remote code execution (RCE) – Allows for a full compromise by a remote unauthenticated malicious user Authentication bypass (Unauthorized User) – Unauthorized direct access to restricted resources Broken access control – Unauthenticated access leaves compromised access to NF functionality Services running as root user – Unrestricted access to network resources Information disclosure (pre-auth) – Insecure encryption at rest leaves insecure storage of sensitive data

If these vulnerabilities remain undiscovered or are unaddressed, they can place an organization’s business operations in a position of severe risk from both an operational and data security perspective.

For 5G, the industry has few proof points of deploying a fully virtualized, disaggregated mobile network, with advanced and complex security requirements implications.

Having the right 5G testing strategy from the beginning can be the key to go-to-market success.

To learn more, read Spirent’s white paper, Keeping Pace with the Requirements of 5G Security or click here.