Safeguarding critical infrastructure with embedded security for emerging risks
Written by:
Kaël Haddar, Customer Security Director, Ericsson
This article was written in English and has been editorially adapted for publication in Nordic Digital Security 2024.
How do we ensure trustworthy and reliable mobile networks and critical infrastructure? In this article, we share insights into several aspects related to critical infrastructure and its evolution within the telecoms sector. This includes everything from 5G and the role of mobile networks in critical operations to the emergence of new technologies, such as confidential data processing and compliance with increasingly strict government regulations.
Telecommunications has emerged as an indispensable facet of contemporary existence, seamlessly bridging individuals across the globe irrespective of geographical barriers. Its impact reverberates through economic development, industrial progression,and global connectivity. Any disruption in service directly impinges upon societal functioning, economic stability, and government operations.
With mobile networks now part of critical infrastructure, additional regulatory requirements have surfaced, necessitating audits and security assurance. The introduction of diverse use cases for connected business and industry will introduce new security and safety dimensions,shaping future research, development,and operational security aspects.
The backbone of a robust 5G system lies in its ability to maintain uninterrupted availability, reliability, and responsiveness.
5G, resilience, and security
Governments and businesses are rapidly adopting advanced technologies driven by 5G, aiming for consistent performance and security assurance in mission-critical operations.
The backbone of a robust 5G system lies in its ability to maintain uninterrupted availability, reliability, and responsiveness,even in the face of disruptions or attacks. These attributes, including reliability,availability, robustness, and security, not only protect privacy but also ensure continuous service.
As digital transformation sweeps critical functions into the digital realm, telecom networks emerge as indispensable pillars, supporting existing operations while enabling innovative use cases.
For example, the rise of remote-controlled machinery demands instantaneous communication, ensuring rapid responses to potential threats.
The landscape of critical infrastructure is swiftly evolving, with intelligent network platforms offering a spectrum of essential properties such as security, privacy, reliability, and robustness,tailored to diverse use cases. As we transition from 5G to 6G, fortifying these networks with advanced building blocks becomes increasingly crucial to ensure their resilience and effectiveness.
Confidential computing emerges as a pivotal technology in bolstering security within virtualised systems. By protecting data during processing and storage, confidential computing instills confidence among users and regulators alike. Its integration into network architectures lays the groundwork for secure identity management and enables automated trust assessment across all network elements.
Secure identities and protocols are another cornerstone of network security, essential for safeguarding communication channels across various industry segments.
Evolving technologies like trusted identities, authentication frameworks, and access control management ensure secure communication at every layer,promoting unified identity management and automated data governance.
Furthermore, security assurance and defense mechanisms are pivotal throughout the development, deployment, and operational phases. While current methodologies primarily focus on product security, future solutions will incorporate built-in assurance mechanisms, ensuring compliance with security standards and regulations, for example,regulations such as GDPR (General Data Protection Regulation) in the European Union.
Regulatory landscapes play a crucial role in shaping security and privacy standards within critical infrastructure. Adhering to stringent regulations fosters trust among stakeholders and ensures alignment with evolving security specifications and standards.
Navigating the path to resilient networks
As we navigate towards resilient and secure network infrastructures,collaboration, innovation, and regulatory compliance will remain paramount in safeguarding critical assets and driving sustainable growth across industries.
To address the evolving threat landscape effectively, three key development components are crucial for building trustworthy systems. These components drive innovation and resilience, empowering 5G networks to adapt and thrive in an ever-changing environment.
Trustworthiness
Trustworthiness of the wireless infrastructure is built through use of globally agreed standards, strong security solutions, and well-defined processes. This is complemented by threat intelligence, actively and continuously updating on current security threats.
Security at scale
Security at scale includes safeguarding huge volumes of devices and data, for a large variety of use cases. To accommodate this, we research adaptable, scalable, and automated security solutions for future networks and connected devices.
Policy-driven automation
Policy-driven automation that aligns with industry frameworks,together with rule-based analytics (for known threats) and AI-based analytics (for anomalies and unknown threats) will enable holistic and cost-efficient security for future use cases.
Our approach to telecom security is built on four key pillars: standardisation, product development, deployment and operations. These four areas contribute to ward creating a secure platform that is an ideal foundation on which to build large-scale, security-sensitive systems.
Ericsson has a long history of systematically incorporating security and privacy considerations into all relevant aspects and phases of our product value flow. We follow a well-established internal control framework known as the Security Reliability Model (SRM). The SRM enables a managed, risk-based approach to security and privacy implementation where requirements are tailored to the target environment and demands. This approach helps us meet stakeholders’ expectations and cater for the rapid evolution of technology and the continuous changes in legislation globally.
ZTA represents a paradigm shift in cyber-security, rejecting the traditional perimeter-based security model in favour of a more granular and dynamic approach.
Achieving Zero Trust Architecture for critical infrastructure
Among the myriad challenges faced by critical infrastructure environments, the interest is increasingly turning towards operational resiliency. Maintaining operational resilience in an era marked by escalating cyber threats, natural disasters, and evolving work patterns poses an ongoing dilemma for numerous organisations. These challenges necessitate a comprehensive approach to security and resilience, encompassing robust protocols, advanced technologies, and proactiverisk management strategies.
As threats continue to evolve, both Mobile Network Operators (MNOs) and governmental bodies are actively embracing the concept of Zero Trust Architecture (ZTA) for safeguarding critical infrastructure. ZTA represents a paradigm shift in cyber-security, rejecting the traditional perimeter-based security model in favour of a more granular and dynamic approach.
By assuming that no entity, whether inside or out side the network, can be trusted by default, ZTA mandates strict access controls, continuous authentication, and real-time monitoring to mitigate risks and prevent unauthorised access.
However, achieving ZTA entails more than just adhering to industry standards. While the 3rd Generation Partnership Project(3GPP) standards provide a foundational framework for implementing zero trust in areas such as network functions (NFs) and interfaces, operational security often lies beyond the realm of standardisation. Operational security encompasses a wide range of practices and procedures aimed at safeguarding network infrastructure, data, and resources from internal and external threats. This includes regular security audits, vulnerability assessments,incident response planning, etc.
Furthermore, successful implementation of ZTA requires a deep understanding of the unique network context and operational requirements of each MNO. It is essential to tailor ZTA deployment and configuration to align with the specific challenges and constraints faced by the organisation. This involves conducting thorough risk assessments, identifying critical assets and dependencies, and establishing clear policies and procedures for implementing and managing ZTA controls.
Ericsson products have the ambition to offer the necessary capabilities to deploy a ZTA, andwe are actively engaged in the ZTA journey alongside MNOs and industry bodies such as the O-RAN Alliance, 3GPP, and ATIS. Realising a ZTA that aligns with all the NIST seven principles of zero trust and CISA ZTMM requires a high degree of automation and visibility in mobile network security operations. To this end, Ericsson provides a security management solution designed to automate and orchestrate security operations, thus fortifying mobile networks against external and internal threats.
Need for continued collaboration across the industry
It is evident that achieving a robust security posture in deployed networks requires a multifaceted approach that goes beyond standardisation efforts alone. With the increasing importance of critical infrastructure security and privacy needs, coupled with evolving regulatory perspectives, it is imperative for industry stakeholders to collaborate effectively on cyber-security implementation.
This collaboration effort should of course prioritise business outcomes in network performance and availability but also embrace the principles of Zero Trust Architecture (ZTA).
By consolidating security controls and offering comprehensive recommendations, these types of initiatives pave the way for the industry to successfully realise the three key development components that are critical for building reliable systems and ZTA in 5G networks - trustworthiness, security-at-scale, and policy-driven automation. Moving forward, continued collaboration and alignment with regulatory frameworks will be essential to ensure the resilience and integrity of mobile networks in the face of evolving threats.
