5G networks and security: Risks and methods of protection

The fifth generation of mobile networks, known as 5G, is much more than an evolution and faster internet on our smartphones. It is a technological revolution that has the potential to fundamentally change entire industries and become the bloodstream for the fourth industrial revolution (Industry 4.0). 5G is not one, but three promises: gigabit speeds (eMBB), ultra-low latency near zero (URLLC) and the ability to support millions of devices per square kilometer (mMTC). This is the technology that will open the door to autonomous factories, smart cities, remote-controlled surgery and a truly massive Internet of Things (IoT).

However, this immense power and flexibility comes at a price. The 5G architecture, unlike its predecessors, is largely based on software, virtualization and cloud technologies. It’s a break from the traditional hardware-based model for building telecommunications networks, which, while bringing huge benefits, also creates a whole new, much more complex and dynamic attack surface. Understanding these new risks and building security into the very fabric of a 5G network from the outset is crucial to fully and securely realize its enormous potential.

What is 5G technology and why is it much more than just faster mobile internet?

While previous generations of mobile networks (3G, 4G/LTE) focused primarily on one goal – to provide ever-faster Internet access for humans – 5G was designed from the ground up with three, very different usage scenarios in mind, which together are expected to revolutionize machine and human communications.

eMBB (Enhanced Mobile Broadband): this is the aspect that is most visible to the average user. It represents a huge increase in bandwidth, allowing download speeds of gigabit. This will enable 8K video streaming, virtual and augmented reality (VR/AR) on a massive scale.
URLLC (Ultra-Reliable Low-Latency Communications): This is probably the most revolutionary aspect of 5G. It guarantees extremely low latency (less than 1 millisecond) and very high reliability of the connection. This is crucial for critical applications such as communication between autonomous vehicles (V2X), remote control of industrial robots or telesurgery.
mMTC (Massive Machine-Type Communications): This pillar focuses on the ability to simultaneously support huge numbers (up to a million per km²) of simple, low-power devices. This is the foundation for the massive Internet of Things (IoT) and smart cities (smart cities), where thousands of sensors, meters and other small devices must be constantly connected to the network.

It is the combination of these three capabilities in a single technology that makes 5G a platform for entirely new business models, not just faster internet.

How is the 5G architecture fundamentally different from previous generations (4G/LTE)?

The biggest revolution in 5G is not about antennas or radio waves, but about the heart of the network itself, the so-called core network. The architecture of 4G and older generations was largely monolithic and based on dedicated, specialized and expensive hardware (hardware) from a few dominant manufacturers. Each network function, such as mobility management or routing, was handled by a separate physical “box.”

The architecture of the 5G core is quite different. It is designed based on paradigms familiar from the IT and cloud world. Two key concepts are NFV (Network Functions Virtualization) and SDN (Software-Defined Networking).

NFV means that network functions that used to be performed by physical devices now become software (applications) that can be run on standard commercial off-the-shelf (COTS) servers.
SDN means that the network control layer (the brain) is separated from the data transmission layer (the muscle). This allows the entire network to be centrally and programmatically managed by software.

As a result, the 5G network ceases to be a collection of rigid, hardware-based components and becomes a flexible, virtualized and software-defined platform. It is this flexibility that allows for services as diverse as URLLC and mMTC, but at the same time introduces new and complex security risks.

What new attack vectors and threats are introduced by network functions virtualization (NFV) and software-defined networking (SDN)?

The shift to NFV and SDN-based architectures, while extremely beneficial from a flexibility and cost perspective, opens the door to a whole new class of threats, well known from the IT and cloud worlds, but hitherto foreign to the closed world of telecommunications.

Virtualization (NFV) means that the entire network runs on standard servers and operating systems that have their own vulnerabilities. Rather than trying to breach specialized telecommunications hardware, an attacker can now exploit well-known vulnerabilities in hypervisors (e.g. VMware, KVM), operating systems (Linux) or container management platforms (Kubernetes) to take control of key network functions.

Software-defined networking (SDN) creates one extremely powerful target for attackers – the SDN controller. It is the central “brain” that manages the entire network. Taking control of it gives attackers absolute power – they can redirect traffic at will, eavesdrop on all communications, disable portions of the network or launch man-in-the-middle attacks on a massive scale. Securing the SDN controller and its communications becomes an absolutely critical challenge. Moreover, the sheer complexity and plethora of APIs in this architecture creates new potential entry points for hackers.

What is “network slicing” and what security risks are involved?

Network slicing is one of the most revolutionary capabilities of the 5G architecture. It allows an operator to dynamically create multiple independent, virtual “end-to-end” networks on the basis of a single, shared physical infrastructure. Each such “slice” can be precisely tailored to the requirements of a specific service. For example, one can create:

One slice for eMBB services (smartphones), optimized for maximum throughput.
The second slice for URLLC services (autonomous vehicles), with a guarantee of ultra-low delays.
A third slice for mMTC services (IoT sensors), optimized to support a huge number of connections.

From a security perspective, network slicing is a double-edged sword. On the one hand, isolation between slices is a powerful security mechanism. An incident in one slice (e.g., a massive DDoS attack on IoT devices) should theoretically not affect the operation of another critical slice (e.g., for emergency communications).

On the other hand, there is the risk of “jumping” between slices. If isolation mechanisms (implemented at the virtualization level) prove to be flawed or vulnerable to attack, a hacker who has compromised a less secure slice (e.g., for the guest Internet) may be able to access resources in a much more critical slice. Ensuring robust and verified isolation between virtual networks is one of the biggest challenges in secure 5G deployment.

What are private 5G networks (campus networks) and what security challenges do they pose for companies?

One of the biggest opportunities 5G presents for business is the ability to build private, dedicated 5G networks (often called campus or non-public networks). Instead of relying on a public carrier network, a large factory, port, mine or university campus can deploy its own fully controlled 5G infrastructure to connect its machines, robots, sensors and employees. This guarantees coverage, performance and low latency that are impossible to achieve on public networks.

However, having its own 5G network also means taking full responsibility for its security. The company becomes a de facto small telecom operator. This creates a number of entirely new challenges that traditional IT departments have never had to deal with.

These challenges include:

Security of the core network (5G Core): Need to secure virtualized network components, SDN controllers and orchestration platform.
Radio network security (RAN): Protecting base stations from physical and digital attacks, securing radio interfaces.
SIM/eSIM card security: Lifecycle management and credential (SIM card) security for thousands of devices.
IT/OT network integration: The need to securely connect the new 5G network to existing corporate infrastructure, especially sensitive industrial control (OT) systems.

New Risks and Protective Measures in 5G Architecture
Key Element of 5G Architecture	New Security Risks	Recommended Protective Measures
Virtualization (NFV/SDN).	Attacks on hypervisor, operating systems, containers. Compromising the SDN central controller.	Hardening (hardening) of the virtualization platform, microsegmentation inside the telco cloud, rigorous control of access to the controller.
Network Slicing	Potential “slice hopping” between slices in case of poor insulation.	Use of strong isolation mechanisms at the hypervisor and network level, dedicated security functions per slice.
Mass IoT (mMTC)	Huge attack surface, poorly secured IoT devices, risk of DDoS attacks using IoT botnets.	Secure device onboarding, network segmentation, monitoring for anomalous device behavior, NAC systems.
Private campus networks	The company takes full responsibility for the security of the complex telecommunications infrastructure.	Holistic security strategy, Zero Trust architecture, integration of 5G monitoring with the company’s SOC/SIEM, collaboration with experts.