At Ericsson, we see 5G as the most resilient telecommunication system for business and mission-critical services. 5G delivers an enhanced focus on security, privacy, robustness and resiliency. In this blog post, we explore how network operations can play an important role in making 5G system as resilient as it can be.
We often hear news about cyberattacks and security vulnerabilities affecting governments and enterprise networks. These attacks can be state sponsored and organized, or the work of criminal individuals and groups. With governments around the world identifying mobile networks as being one of their national strategic infrastructures, there is an enhanced focus on making these systems more resilient against adverse attacks and other disruptions.
In addition, large enterprises are keen on leveraging technologies like 5G private networks, and their enhanced security framework for mission and business-critical activities such as industrial automation, mission-critical communication, identity management, remote monitoring of assets and so on.
At Ericsson, we believe that a resilient 5G system must provide:
Strong security, from design to deployment and operations
- Strong privacy protection
Why are resilient 5G systems more important than ever?
There are many reasons that make resiliency one of the most important aspects of 5G systems. As we’ve seen during the last decade, the number of attacks on networks of importance have grown significantly, with threat actors increasingly targeting critical infrastructure. With 5G becoming the default communication network for industries, enterprises, and critical government infrastructures, the demand for robustness and the ability to fend off most attacks form part of a set of essential requirements. These requirements go beyond what was expected from 3G and LTE networks, even if their robustness was already an important characteristic. The stakes are much higher today, with 5G enabling a much wider, and critical set of use cases.
The other driver for enhanced security and resiliency capabilities is the very nature of 5G network technologies: the acceleration of the adoption of IT principles, platforms, and technologies – normally seen in an enterprise setting. That transformation started with the advent of 4G constructs, with 5G leveraging it even further.
There is a push towards the virtualization of mobile networks, moving away from proprietary vendor-based hardware with the adoption of general computing platforms mostly based on x86 GPU hardware. The interest with Open RAN brings the possibility of having traditional RAN components like Radio Unit (RU), Distributed Unit (DU), Central Unit (CU) come from different vendors, some of which are traditional non-telecom. Open RAN will leverage existing IT technologies and protocols, bringing the “open” aspect of it to the forefront. This shift opens a whole new plethora of challenges for CSPs to safeguard networks from potential vulnerabilities which come with open interfaces, different vendor products and GPU hardware.
In addition, 5G is much less reliant on the telecommunication protocols used in earlier mobile communication systems, for example, Diameter. A 5G network can be thought of as a network with TCP and HTTP-2 as its core underlying protocols. 5G includes a service-based architecture for the diverse network functions, which uses HTTP-2 for the service-based interfaces and TCP as the underlying transmission protocol. Hence, all resiliency requirements which are essential for managing an IT network become a minimum set of requirements for maintaining the resiliency of 5G networks.
Many parts of a mobile network system already implement various tenets of security and privacy, which makes it more resilient to attacks and other threat vectors. Different network nodes – be it in RAN or core networks, even UE via means of standardization, for example, 3gpp or ETSI – already employ integrity, ciphering and security procedures. This can be referred to as resiliency by design. However, this covers just a few of the requirements for making the network more resilient.
There is more to network resiliency, with operations playing a bigger role in contributing to its growth. With security operations (SecOps) in place, alongside and tightly integrated with the more traditional network operations, network operators can ensure that the network is protected as it should be, and in the same way enterprise networks are. It is increasingly important for telco networks to be the subject of the same security scrutiny as enterprise networks. A similar set of practices must be deployed by CSPs to protect the public network and meet the needs and demands for resiliency. It is clear that operations are central to CSPs’ success regarding deploying 5G solutions, with security operations contributing to the delivery of a good customer experience.
Resilient 5G networks and role of operations
Secure network operation has a big role to play in making mobile networks robust and resilient. Let’s have a look at how secure network operations can make our mobile network infrastructure more resilient than ever.
Availability: Service availability/uptime is the single most important characteristic for mobile networks. Generally, for all mission and business-critical services, five nines (99.999 percent) KPIs are the norm. Ensuring 99.999 percent availability for network is no mean task. Whenever a network node, site or cell goes down unplanned, there are huge consequences for both the CSP, and the vendor involved.
Not only do contractual SLAs between the CSP and the vendor come into effect, but also the economic impact of the network not being available. Plus, a negative perception of the CSP among the customers, leading to poor customer experiences. So, the availability of the order of five nines for mobile networks is critical.
Without the use of artificial intelligence (AI) – whereby a node’s future downtime, information about sleeping cells, grid failure at site etc., can be predicted accurately well in advance and planned – it’s impossible to provide five nines level of availability. Therefore, for high availability, operations teams, guided by AI, have a central role to play (apart from the general robustness of network nodes) against failures.
Access to critical infrastructure: There are plenty of secure identities that are built in mobile networks as provided by specifications, as conceived by bodies like 3GPP, ETSI, and so on. It ensures users are authenticated before they access the network, information is ciphered, and air interface is secured. However, despite these innate security mechanisms, rogue actors can try to infiltrate the networks.
Handling identity and access management to network infrastructure, making sure user data is not attacked and compromised is an important step in making our networks resilient and robust. This is a good use case for telecom network operations to safeguard identity and access management to network nodes and huge swathes of network data. For example, the most common security breach in a network is the use of default passwords in network nodes. In a previous blog post, ‘Tired of annoying and unwanted calls: Dial blockchain!’ we’ve proposed identity and access management in telecom networks via blockchain is something that operations teams can explore.
Pre-empting security risks and vulnerabilities: Operations must regularly perform security and vulnerability audits of the processes, tools, E2E information flow and be prepared for future threat landscapes. Instead of operation teams reacting to security, vulnerability, accessibility breaches after they’ve happened, they should focus on anticipating them in advance to minimize downtime and economic loss, which in turn will improve customer experience and reduce churn rate.
This anticipation and the prediction of future issues is not possible without the use of AI and automation in an operations team’s day to day work.
E2E data governance as per required local and global regulations: There has been a lot of focus on data privacy and protection during last few years, with regulations similar to the EU’s General Data Protection Regulation (GDPR) coming up and being discussed across many countries. In the E2E data governance, focus is on what analytics can be made from the available data, how to derive information from data without compromising users’ privacy, how decisions are made on data and how people and processes are meant to behave in relation to data.
In the data-driven operations model, it is essential that all operations on users’ data, be it data storage, data transfer, data mining or data processing, are compliant with the applicable local and global laws. This includes data confidentiality, integrity, and availability protection requirements inside a system. When data is exchanged between systems, they must also be continuously compliant with regulations.
5G resiliency is a business opportunity for operations: Since 5G for enterprises remains one of the important use cases and biggest revenue drivers for CSPs, monitoring millions of IoT devices, sensors, and actuators in real time will be required. Operations teams can build analytics on top of this data from millions of connected devices in the network and optimize their network. The CSP can contribute to E2E resiliency by monitoring IoT traffic from the devices, collecting data from sensors, monitoring network slices in a private network, and understanding traffic patterns to avoid Denial of Service (DoS) attacks. Simply put, this is a business opportunity for CSPs, enabled by network operations.
How can Ericsson Managed Services help CSPs make future networks more resilient?
The resiliency of a 5G system is achieved in part by the combination and application of security, privacy, reliability, and availability principles. This is in addition to the uniform implementation of highly automated processes.
While this is essentially an expression of adopting a security-by-design approach to deliver a resilient network, this is not sufficient, and operations must be part of the equation, including SecOps. Using managed services, with its inherent repeatability and homogeneous nature, accelerates the rate of progression toward achieving that resiliency goal.
The Ericsson Managed Services offering packages the experience and knowledge accumulated over many years of designing, implementing and operating telecommunication networks. Offering a vast portfolio of services for network operations, design and optimization, and security operations specifically engineered for the operation of telecommunication networks, the services help ensure that CSPs’ networks are always resilient.
The accumulation of knowledge and experience with operating networks and delivering on the promise of high resiliency in a consistent and repeatable way is best expressed by Managed Services’ Ericsson Operations Engine (EOE) operating model. The EOE consists of a set of standardized operational functions and processes, many of which are automated and assisted through the use of AI and machine learning to deliver predictable and secure results.
The application of security-by-design and automation reduces the likelihood of errors and vulnerabilities related to running a network, therefore increasing its resiliency. Security by design includes the adoption of industry standards for security and privacy during the development, integration and implementation of the functions and processes. This is done in a repeatable and predictable manner.