What the Defense and Intelligence Communities Need to Know About 5G
By Brian Green, Senior Vice President, Booz Allen Hamilton
With the potential to revolutionize global telecommunications, fifth-generation mobile technology (5G) forges connections between physical devices and the digital world – creating new opportunities to share, compute, and act upon information with unprecedented speed and at an unheard-of scale. For the defense and intelligence communities, 5G opens myriad possibilities to address operational needs, enhance mission readiness, and gain new organizational advantages – imagine, for example:
- Stronger defenses and intelligence gathering capabilities via sensors, artificial intelligence (AI), and edge computing that rapidly receives, analyzes, and acts on massive amounts of data in near-real-time
- Integrated smart sensors on drones and warfighter equipment that enhance battlefield visibility
- Safer, more realistic, and cost-effective training by implementing augmented/virtual reality
- The perimeters of “smart bases” secured by edge computing-powered monitoring systems and automated alerts
- Autonomous vehicles for high-risk missions, and safer, more timely equipment maintenance via remote technical experts
These scenarios are incredibly promising—but we’re not there yet. To fully tap into the maximum potential of 5G, intelligence and defense communities must rethink several aspects of cybersecurity.
The transformative changes powered by 5G, while holding great promise, can also bring new risks, from vulnerabilities in the networks themselves to a vastly expanded attack surface. “New 5G-enabled masts, built and operated by a plethora of companies and governments to varying levels of assurance, will have new vulnerabilities exposed and create new ingress points for attackers to exploit,” Information Security Forum Managing Director Steve Durbin wrote in Cyber Defense Magazine last year.
Booz Allen recently took an important step in this area by assembling experts in cybersecurity research, engineering, and threat intelligence to consider what 5G threats might look like. By examining each component of the 5G ecosystem, we gained insights into vulnerabilities that adversaries could exploit, along with motivations, the potential impact on organizations and users, and ways operators could mitigate their risk. Highlights and guidance follow.
(1) Reinforce the expanded attack surface
5G makes possible the increased usage of virtual machines, resulting in greater agility, scalability, and cost-efficiency. Yet picture the following scenario: A sophisticated threat actor manipulates a 5G network’s virtualized infrastructure manager, misdirecting network routing decisions or reducing its ability to schedule, scale, and optimize resource utilization. Or imagine a threat actor with stolen credentials gaining access to a cloud-hosted virtual machine. The adversary then pivots to the underlying host infrastructure, enabling access to sensitive data and other critical network elements.
For intelligence and defense organizations, such scenarios could be disastrous.
Organizations can mitigate these threats through hardening virtual resources, equipping virtual machines with endpoint detection and response capabilities, and using a zero-trust model to enforce additional layers of inspection, validation, and access controls.
Another defense is to expand visibility into the network. Through aggregating and analyzing logs from non-standard parts of the infrastructure, operators can detect anomalous activity early and accurately. Furthermore, security products implemented at abstracted layers of the cloud core infrastructure can help detect even the most sophisticated adversarial actors or be deployed in remote areas.
Adaptive technology platforms and analytics tools can also aid in helping defense and intelligence communities stay ahead of ever-changing threats. For example, Continuous Diagnostics & Mitigation (CDM) programs help to easily integrate and operationalize capabilities with a seamless, agile process by providing valuable network data that in turn can be used for actionable defense intelligence.
(2) Guard against supply chain compromise
While 5G can positively impact intelligence and defense organizations, the technology can also bring new challenges by introducing complexity into supply chains. 5G networks are attractive targets for data breaches and disruption—and a virtual network firewall is one-way in. Say an adversary inserts a backdoor into a popular virtualized firewall’s codebase. The threat actor then uses the backdoor to steal sensitive information and posture itself for network degradation activities. The adversary further leverages its newfound access for covert infiltration/exfiltration activities through the firewall to the rest of the network, including the 5G infrastructure. Supply chain attacks are only increasing in severity as we saw with the recent SolarWinds breach. The new connectivity enabled by 5G will up the ante.
Network telemetry analysis to identify irregular network activity is a good foundation for protection. Beyond this, operators can mitigate such a threat by giving similar attention to the security of supply chain partners as the organization itself. Specific to a virtual network firewall, it’s important to diversify vendors in the 5G environment and creating a strong DevOps practice with a continuous integration and deployment pipeline that supports joint agile delivery with virtual network firewall suppliers.
(3) Take extra steps to secure new technologies
As 5G enables advanced digital technologies like AI and machine learning (ML), it also gives adversaries new places to lurk and ways to attack. Consider an adversary poisoning the AI-powered network optimization functions at an industrial operation like an oil refinery. The facility might greatly underestimate its available network bandwidth, causing highly synchronous devices to react aberrantly and damage equipment.
Organizations running AI over 5G need to protect the baseline from day one, with internal and external security precautions that ensure a threat does not live undetected within the 5G environment. One way to detect manipulation as early as possible is by maintaining a secure database of reference points, archived off the network, for analysis and comparison. Operators can use an encrypted path between log source and AI model or a blockchain method for recording and disseminating log data in a trusted manner. Another valuable method is to secure workloads and protect data by deploying a secure cloud environment that allows for the ability to encrypt data at rest and deploy in-line packet inspection and passive Secure Sockets Layer (SSL) decryption for traffic into and out of the cloud.
5G can also be used to speed intelligence collection at the edge, combining real-time data collected from a drone with behavioral detection analytics – the results of which can be shared with operatives on the ground in near-real-time. While the expansion of endpoints is poised to help empower the intelligence and defense communities, the proliferation of connected and interconnected devices requires proactive, relentless security. One powerful approach is deploying purple teams where offensive experts – the red team – simulate adversaries while defensive experts – the blue team – measure and improve prevention, detection, and response in real-time.
(4) Pay special attention to network segmentation and slicing
For ICS and operational technology (OT) environments, 5G offers great potential for supporting innovations like a vastly expanded industrial Internet of Things (IIoT). Yet the marriage of 5G networks and ICS/OT will again expand the attack surface. As former National Security Agency deputy director Richard Ledgett Jr. has said, lack of and lapses in industrial control systems (ICS) security presents a serious vulnerability for industry and the nation.
Current ICS/OT environments rely on network segmentation to mitigate cyber risks. Though migration to 5G will maintain a similar level of segmentation in most cases, centralization of network operations and data collection to a layer-agnostic hub or edge network will appeal to attackers as a way to directly access physical operations and wage disruptive and destructive attacks. Network slicing, which allows internet service providers to divide the network based on the needs of each device, is another 5G-related area of vulnerability.
Innovations like AI can also help mitigate the risk. Say a threat actor accesses a manufacturer’s orchestration controller to modify authentication controls. The adversary then breaches the OT networks of other organizations to steal proprietary process control data.
Organizations can use AI applications segmented from the orchestration components to detect and alert on abnormal slicing behavior. They can also use automation to segment off potentially comprised portions of the slicing environment, isolating weak network links, and minimizing degradation to network operations.
(5) Plan your 5G migration strategy
Network segmentation and slicing are two examples of approaches organizations should consider when migrating ICS and OT networks to 5G. Factors like legacy technologies and technical debt also complicate the picture. How can organizations prepare for 5G attacks and minimize their risk?
- Address “tech debt” in advance: Before deploying 5G in IIoT environments, address known security flaws and outdated technologies by layering security controls such as ML-based traffic monitoring.
- Harden underlying structures: Ensure that systems are as up to date as possible. Consider upgrading devices that are unsupported by manufacturers and ask vendors about communications protocols that may be more secure than legacy protocols.
- Strategize 5G network architecture: Do you plan to implement a private 5G network or a managed commercial solution? Consider the implications of each option, and the possible impacts stemming from centralizing network layer management. Also, consider how your security detection stack will identify and alert on attacks in IIoT environments.
Looking to the future
With its unprecedented ability to share and compute information and make it actionable, 5G offers defense and intelligence organizations great promise for addressing operational needs, enhancing mission readiness, and gaining new advantages. Organizations can mitigate their security risk by anticipating and modeling the threats, and continuously adapting their defense and intelligence strategies as their security posture evolves.
Brian Green is a senior vice president at Booz Allen Hamilton.
About the Author
Senior Vice President Brian Green is a leader in Booz Allen’s Cyber Account business supporting the U.S. Cyber Command, Service cyber components, and national security clients. His focus is on cybersecurity, cyber capability development, and security of next generation network architectures such as zero trust networks and 5th generation mobile networks.
Before rejoining Booz Allen, Brian was President of Ponte Technologies, a cybersecurity services business where he led corporate strategy, contract management, and business development for the company’s government and commercial businesses. Prior to his time with Ponte Technologies, Brian spent 15 years at Booz Allen. As a Principal, he led the firm’s penetration testing and advanced persistent threat detection capabilities. Brian led client delivery efforts in security product testing, advanced persistent threat hunting, wireless security, information assurance architecture, systems security engineering, and vulnerability analysis primarily focused on intelligence community customers.
Early in his career, Brian served in a tactical communications unit as a communications engineer in the U.S. Air Force, and later as a technical surveillance countermeasures and wireless security researcher at the National Security Agency. He is a certified information systems security professional (CISSP), a certified project management professional (PMP), and a graduate of the U.S. Air Force Academy with a B.S. in electrical engineering.