By Paul Rasmussen
Mavenir calls for heightened network security
The rapid growth in 5G adoption is attracting new service providers and vendors resulting in a surge in cyber attacks, according to the network software developer Mavenir.
“While the introduction of multi-access edge computing (MEC) brings compute and storage out to networks edge, it brings traditional IT threats into the OT and mission environments. The diversity of MEC providers will also bring new risk factors as hyperscale cloud providers, MNOs, enterprise wireless service providers and organic MEC solutions inject different risk postures into networks,” said Deborah Brown, VP of Mavenir Government Channel.
The Mavenir exec readily acknowledges that 3GPP has done good work in defining cybersecurity as a core design element and that their standards work for cybersecurity has been excellent. “The standards, however, outline cyber solutions at a high level and include measures which are voluntary. Details are left to service providers and vendors with widely different approaches to cybersecurity.”
“Implementation details will be important as will effective lifecycle sustainment of internal controls. Additionally, the introduction of new vendors responsible for Infrastructure-as-Code for the CU, DU, RU, MEC and UE tech stack, introduces seams for which cyber risk responsibility is poorly defined.”
To combat this, Brown calls for the industry to work as a team. “It should be of interest to all 5G market providers to collaborate on security challenges. Operators need to identify roles and responsibilities for their own operations but also for 5G enterprise customers and UE vendors. Operators, industry associations and government oversight agencies should encourage threat and vulnerability information sharing and analysis. We will want to encourage AI-enabled, machine-to-machine cyber command and control to rapidly remediate discovered security shortfalls. Operators should build 5G O-RAN and UE security sustainment into their business models and identify lifecycle security challenges to include product/service ‘end of life’ responsibilities.”