Nokia: 5G network slicing could be a boon for security
According to Nokia's Kevin McNamee, the rise of 5G will mean more danger of IoT botnets, but also more options to secure those devices -- including using network slicing for segmentation.
One aspect of 5G that could have a major impact on security is network slicing, which will allow wireless carriers to essentially create multiple independent virtual networks in order to separate users, devices and applications from one another.
Kevin McNamee, director of Nokia's threat intelligence lab, analyzes threats and develops rules for Nokia's network-based malware detection system. This network system is deployed in carriers around the world, giving Nokia visibility into the types of malware active on mobile endpoints and IoT devices.
McNamee has been studying the planned rollout of 5G technology, which will take place over the next few years, and how it will affect network security. According to McNamee, network slicing could provide security benefits, especially with efforts to secure IoT devices, but there is also a potential downside to this new feature of 5G networks.
Editor's note: This interview has been edited for length and clarity.
What will network slicing mean in terms of carrier control and network security?
Kevin McNamee: Network slicing brings two things. On the positive side, it introduces network segmentation. Anyone on the security side of the business realizes that if you break your network into segments that are for specific purposes, then you can provide specific security to different slices.
By segmenting the network into different areas, it can restrict access to those slices to only specific people and specific devices. Reducing the access and being able to apply specific security policies to the various slices is a real pro; that's a real benefit that the slicing will bring. A network slice that's used by the healthcare segment to communicate information about patient information requires a lot more security than, for example, a network slice that's being used by a gaming company to provide access to their customers.
On the downside, the slicing does provide targets for attack. If people learn what the slices are used for, it does provide a focus for any targeted attacks on those particular slices, those particular enterprises that are using those slices.
Where is the balance between carrier control and the security issues that come from malicious devices getting on a 5G network?
McNamee: That's an area that I've actually been looking at very closely over the past, specifically in the 4G networks today. I've got some concerns about 5G going forward. One of the things that 5G brings is it's going to enable more network access for the IoT devices and devices in that classification. These are devices that basically function on their own; there's no human looking after them, and they're just sort of out there. And what we've noticed with 4G is that the rogue IoT devices are a major problem, and they're specifically a major problem because those devices are visible from the internet. And if those devices have a vulnerability, we find that they're going to be hacked literally in a matter of minutes.
IoT botnet activity makes up a very large proportion of the malware detection events we see in these carrier networks today. But the reason for this is because their basic architecture is that any device that's infected immediately starts to scan the network looking for additional victims, and it tries to enlarge the botnet. Oftentimes, these devices are unmanaged. There's going to be more bandwidth available, easier access for these devices, and the potential for doing damage becomes larger.
Also, the devices should be managed. There's going to have to be a way to provide security patches and provide some sort of protection to these IoT devices that are out there. And monitoring the network for rogue devices is pretty critical for the carriers. The carriers have to start doing that. They have to recognize if one of these devices goes rogue [or] starts misbehaving, they have to have a way of detecting that and taking the appropriate action, which might be either reflash the device, reinstall the software or take the device off the network -- at least until it's properly fixed.
So, carriers might end up being in competition with traditional security companies in some ways once 5G is fully rolled out?
McNamee: The carriers are going to have to provide some sort of security for those aspects of their network. But, typically, they will tend to leverage what's available from the security vendors for those things. The security vendors will be stepping up to the plate to assist them with that.
Specifically within the Nokia security business, we're actively looking to get the certificate lifetime management systems that are going to be put in place to make sure that all of these devices have to require secure communications, particularly near the edge. [Managing] the lifecycle of those digital certificates can become a disaster when certificates for all these millions of new devices start expiring and then causing network issues.
There's going to have to be firewalling and some stuff between the slices. I mentioned monitoring IoT devices for anomalous behavior. Certainly, the [intrusion detection system] technology, [deep packet inspection] technology can be leveraged for these purposes.
Can you speak to how edge computing with 5G is going to change security?
McNamee: Technically, for most of the edge computing and also for the 5G core, they're going to be sort of using a cloud-based technology to provide those systems. Both the edge and in the core, there's going to be an edge cloud and a core cloud. It's a very dynamic environment. We have to solve that problem from a security perspective. The idea of orchestrating security in the cloud is the key to that.
When you bring up a service, that service has to be brought up with the appropriate security rules in place. The security policy comes as part of the service. You get away from the physical firewalls of the past, and now you're more into a micro-perimeter around the actual service itself. And this can be implemented either through virtual firewalling capability or through whole service-based firewalling built right in, and I tend to favor the latter. The latter is built right into the hypervisors, where these things have been built and spun up. Securing the cloud is going to be part of the 5G security both at the edge and also in the core of the network.
So, overall security with 5G should be tighter, but there will be issues that are going to be sorted out on an application-by-application basis?
McNamee: Yes, but I think there are some major areas of concern that I've got.
Another concern [besides IoT devices] is the fact that those unmanaged, unprotected devices that are going to be introduced, when they do go rogue, with 5G, they're going to have a lot more resources to be able to do damage with. One of the major uses of these current IoT bots is to launch DDoS [distributed denial-of-service] attacks against network infrastructure or against people's web services. Given the increased bandwidth that's available to them, they can do a lot more damage.
But carriers could shut that down more directly with network slicing and keeping IoT devices less visible?
McNamee: Yes. If the devices are not visible from the internet, they can't be hacked directly from the internet. It greatly reduces the attack surface. And that's something that slicing can bring. For example, the carrier can put all the smart traffic lights into a specific slice, and then they make sure to get that slice locked down so people can't break into it. That's a real plus.