Industry players have witnessed radical moves in 5G deployments lately.
A network slice—or, in the experts’ words, an independent end-to-end logical network that runs on a shared physical infrastructure—is one of the prominent capabilities that appear to ensure the effective deployment of 5G networks.
Perhaps more remarkably, Jonathan Homa, Senior Director Portfolio Marketing at ECI, explains that:
“5G resonates with network slicing because 5G ‘by definition’ includes distinct service classes for very high bandwidth, ultra-low latency with high availability, and massive IoT. It is hard to see how the 5G services vision is achievable without network slicing.”
While 5G inherently supports a diverse set of use cases, network slicing has the ability to customize the capabilities and functionality offered by a mobile network. Thanks to the logically isolated networks with tailored capabilities, the 5G network will be able to adapt to the external environment and sagaciously fulfill specific end-user needs.
As operators slice up a single physical network to allow for distinct use cases, they can provide differentiated services while being vastly efficient in the utilization of their resources. All the benefits, however, should not blind industry players to the fact that network slicing may be a security nightmare for operators. That’s rarely, if ever, a fair trade.
A Dangerous Moment for Network Slicing
Since each network slice is deftly optimized for specific business requirements, all of them may operate with different functionality or customized security mechanisms.
The security considerations instinctively multiply with the realization that each slice will carry its own risks.
Tailored services lucratively influence market growth and related investments as having different network slices operating over a single 5G infrastructure allows vendors to support niche use cases. But it is also important to acknowledge that although multiple slices share the same infrastructure, not every network slice is innately secure—and if exploited by cybercriminals, the attack can possibly:
- Undermine the integrity of the rest of the infrastructure
- Expose critical data
- Increase operational costs
- Reduce performance and availability
To complicate it all, the lack of security orchestration is a highly ominous possibility. Professionals raise the alarm about the dangers of one-to-many attack vectors and expertly point out that:
“[A] successful attack on a multi-domain network orchestrator could provide entry points into multiple network domains and/or network slices. […] Security orchestration across multiple network domains also becomes important to [ensure] the overall security of individual network slices.”
Providing diverse security policies for different slices is the greatest security challenge facing operators. It is in these moments that the encouraging development in network slicing security publicly revealed by Ericsson breeds hope—hope for swiftly extinguishing cyberattacks:
“As a reaction to threats, we have also studied mechanisms for transferring a device from one slice to another. This, combined with the possibility to dynamically create new slices, allows a security function to isolate devices to a separate slice. For example, once suspicious behavior has been observed, the affected devices could be transferred to a quarantine slice, which may be a replica of the original slice with certain modifications. This slice may be configured with more strict firewalls, restricting traffic to specific destinations, lower bandwidth, firewalls, and/or inspection functions for deeper analysis.”
Even if all of this goes as planned and your security stance is greatly improved, another risk lies ahead: although a slice is optimized for security, Ericsson explains that the suitable level of openness and isolation remains to be discussed.
Grasping the extent of the security problem requires time. A more intelligent network unavoidably gives rise to new attack vectors—and to ensure that each security issue is only a temporary hiccup, operators have to become an avatar of prudence and transparently evolve their security standards.
To Slice or Not to Slice?
A 5G network split into many independent virtual networks is a breakthrough innovation… and quite possibly, a security hazard.
Industry players are pinning their hopes on a set of secure network slicing solutions that are efficiently aligned with 5G networks. Many vendors correctly sensed that now is the time to offer multi-domain tools for corporate customers and focus heavily on addressing potential security issues early in the deployment process.
Fortinet, for example, provides a complete solution to suit several network slicing security requirements. This security leader safeguards network slices with a rich set of security VNFs and services.
The upcoming 5G network slicing technology is maturing expeditiously, but its success is strongly dependent on the security level of each network slice. Operators are already moving in the right direction, but they may still have a long way to go as novel security policy and coordination mechanisms need to be designed, developed, and implemented.
