How to secure private 5G networks

Nokia noted that private 5G is well equipped with comprehensive in-built security features mandated by 3GPP

The deployment of the edge on-premise is essential to ensure that industrial use cases benefit from private wireless networks performance, according to Stephane Daeuble, head of Enterprise Campus Edge Solution proposition and Market Development at Nokia.

“The edge deployment enables the latency, OT data sovereignty and security aspects that critical industrial use cases require. Private wireless is an essential part of the OT environment and can meet business, mission – and even life – critical requirements if deployed close to the shop floors or industrial production systems,” the executive told RCR Wireless News.

Commenting on the key security risks associated with private 5G networks in industrial settings, the Nokia executive noted that one of the security risks of private wireless is the fact that its signal propagates and could allow intrusion from outside of the campus perimeter. “That being said, in contrast to Wi-Fi networks, the 3GPP tech end-to-end encryption and strong user authentication provides a robust barrier to external intrusions.  Generic security risks also apply for private wireless, such as an extended attack surface due to digitalization, adversary sophistication and lack of skilled security personnel.”

Daeuble also highlighted that private wireless networks are almost always embedded in an enterprise OT LAN domain, meaning that these face the same threat landscape applicable as the rest of the industrial OT environment.

The executive went on to say that private 5G is well equipped with comprehensive in-built security features mandated by 3GPP, which means that it has its own mechanism to authenticate and authorize mobile devices accessing services that is different and more sophisticated versus traditional access control methods. “In-built 3GPP mechanisms natively support key zero trust principles in the private 5G network. If needed, the overall OT security posture can be strengthened by applying overlay security solutions on top of built-in mechanisms based on security assessments of organizations. Those include perimeter security, zero trust network access, IoT related threat and vulnerability management,” Daeuble said.     

When asked about what strategies should companies adopt in order to enhance the security of private 5G networks in industrial environments, the executive stated that the relevant security controls need to take private wireless security implications like applicable vulnerabilities, threat landscape and baseline security features into consideration. “Preferably a security assessment needs to be conducted to reveal what kind of overlay security control is required to comply with the organization’s own security requirements, as well as relevant standards and regulations,” he said.

He also highlighted the differences in the security implications in a scenario where the private network is on-premise core and RAN versus on-premise RAN, public core, stating that a full on-premise deployment, typical of almost all industrial private wireless deployments, is the only way for enterprises to have full control over the security of that network and of its OT data. “These are two must-have requirements for OT use cases. It’s worth noting that private wireless networks which are not on-premise simply cannot meet the critical OT requirements.In other deployment architectures, the responsibility for the network is shared with third parties, hence the security of some of the elements is not under enterprise’s control and the attack surface becomes wider.”

RCR Wireless News published an editorial report dubbed “Securing the edge- Where 5G meets the enterprise”, in which key industry leaders and analysts explore the critical considerations surrounding the security of 5G private networks deployed at the edge for enterprises. Click here to access the report.