Laying the Foundations for Secure, Zero Trust 5G Networks: Sponsored Content
Pilot projects show promise of secure wireless networking for military operations.
The global race to roll out fifth-generation, or 5G, wireless networks and supporting technologies is poised to revolutionize commercial communications and networking and offers the U.S. military the potential for secure, high speed ubiquitous networking.
“There are three key reasons driving the commercial rollout of 5G,” says Jeff Verrant, director of Nokia Corporation’s U.S. Defense and National Security, and AFCEA Board member. “The first is capacity —the ability to create faster connections for wireless users. Secondly, 5G will link massive numbers of devices such as the Internet of Things, involving thousands of connections. The final area is low latency for uploading and accessing data, which are especially important for mission-critical applications such as UAVs, industrial automation, self-driving cars and telemedicine,” he says.
The U.S. government and especially the Department of Defense (DoD) are also very interested in 5G. Many of the DoD’s reasons mirror that of commercial users, but speed, massive networking and latency are especially important for military applications. There are several government-funded pilot programs managed by the DoD’s Information Warfare Research Program and the National Spectrum Consortium to determine what 5G can do at a government-scale, Verrant explains.
“In the DoD’s case, 5G networks will allow information to get to decision-makers more quickly to help facilitate the real-time decision-making key to managing future conflicts,” Verrant says. 5G will help connect military networks composed of thousands of battlefield sensors and communications devices, similar to commercial IoT. Collecting and managing these massive data flows to successfully analyze an opponent’s actions and to aid leaders in making decisions will rely on high-capacity networks running on 5G.
Low latency communications will be especially important as hypersonic and cyber weapons proliferate around the world and the ability to successfully detect, react and defend against such threats will be measured in milliseconds.
“Enabling our leaders to collect all this information on a high-capacity network —5G will provide the wireless access to that. We can collect a vast amount of information and process it in a more real-time manner,” Verrant says.
Security is a critically important aspect of 5G that appeals to both commercial and government users. From a DoD perspective, in some cases the military will need to build networks and overlay them on top of commercial 5G networks, Verrant says. He adds that part of the government’s massive current investment in 5G “is to figure out how to do exactly that —while safeguarding critical systems at all times.”
As a part of this government work, Verrant notes that Nokia is looking at unique 5G capabilities such as secure slicing, which is about dynamically creating a virtual network from a user device, all the way through the radio, the mobile core and the transport infrastructure while guaranteeing the appropriate security requirements for the different classification systems. Network slicing allows a single device to access multiple individual slices that operate at predetermined security levels. A device can only access the individual slices of the network that apply to the security levels granted. Essentially with 5G slicing, now the mobile environment responds in much the same way as a secure, private wireline network today.
“Security is really important because most likely, the government or the DoD isn’t going to go out and build a global private 5G network. They’re going to build a network that rides on top of commercial 5G and the security of the underlying network is going to be really important,” Verrant says.
The complexity of commercial and military wireless systems creates additional security concerns, says Scott Robohn, chief technology officer for Nokia Federal Solutions. This includes the radio systems connecting smartphones, the software and hardware connecting mobile devices and military radios to each other and to the services that make mobile communications work.
“There is a weakest link principle here, where the system is not secure if its constituent components are not secure,” Robohn explains.
This means that the DoD must scrutinize all the parts of a mobile network such as the software and hardware pieces connecting network components, internet protocol and optical networks connecting disparate wireless nets. In particular, the DoD is examining those services that make government and commercial mobile communications work that reside in distributed cloud data centers because all the pieces of this environment matter, says Robohn.
Another issue is geopolitical. The DoD and U.S. government are concerned about supply chain security and the reliability of vendors to provide secure products and services. This wasn’t a concern when 4G networks rolled out, but now there is a worry that some national vendors might be providing products with backdoors installed in them, necessitating the concern for security across all parts of the network.
“There are also deployment-specific security concerns about 5G, that are being investigated,” says Marina Thottan, vice president of the Network Automation and Security Research Group at Nokia Bell Labs.
One concern is the assumption that all aspects of the DoD’s disaggregated 5G core will reside on a trusted infrastructure.
“The question remains, what if your deployment strategy is to distribute the 5G core functions across multiple cloud infrastructures? Can you leverage public cloud infrastructure? And if you do that, what would be the expectations of how security is maintained for mission-critical applications?” says Thottan, adding that these things aren’t necessarily fully specified within the 5G standards.
“As the DoD implements different sets of applications, it is important to look at the security aspects of each of them,” Thottan explains. What will be important is how mission-critical they are and how the security recommendations from the Third Generation Partnership Project (3GPP) can be implemented in such a deployment setting, she contends.
Optimal cybersecurity will be required to manage it on a per-application basis. “It does require a little bit more careful thought rather than just a one-size-fits-all solution,” notes Thottan.
Enhancing Wireless Security
The DoD is currently investigating all the ways it can use 5G technologies for its communications needs. These include projects by the National Spectrum Consortium and other groups to determine the best uses for 5G.
“Can we use 5G for warehouse automation? Can we use 5G for ship-to-ship and ship-to-shore communications? Many other applications and use cases are being thought about here—it’s a level of activity that was never there for 4G,” says Robohn.
When the DoD considers leveraging commercial technologies, it will need to be enhanced and augmented to meet specific requirements and different types of operations. While there is always a desire to benefit from commercial technologies, Robohn notes that certain things like security must be included from the very beginning.
One way to approach 5G security is to use zero trust architectures, a security design approach based on the notion that anything a device connects to is assumed to be untrustworthy and then building up a network of trusted equipment or software that is then deployed across an enterprise. This concept has worked well in the enterprise segment for the U.S. government and the National Institutes of Standards and Technology (NIST) has extensive documentation and standards set for organizations to deploy zero trust methods for enterprise networks, Thottan explains.
Nokia’s Bell Labs is examining how zero trust architectures applied to current 3GPP definitions for wireless security can be built out in a 5G deployment. “For example, do we have enough interface security? Do we have enough security and trust attestation mechanisms in place to make sure that no matter who develops a particular cloud-native function that is part of the 5G core, it is secure? Can the overall 5G platform components be tested and verified to make sure that it has the right security posture and can be trusted?” says Thottan.
“To improve security for DOD 5G applications, the need for individual devices and applications to trust each other must be reduced.” She notes that protocols and interfaces for 5G tools should inherently support zero trust requirements to allow networks to be built from the ground up in that way.
Another important aspect for securing 5G will be end-to-end security, or rather, validating all the security of all the network connections (radio, core and transport) that constitute an end-to-end 5G service. This is an area Nokia has a lot of expertise in, Thottan says.
Nokia is actively working with multiple standards bodies defining security requirements for Internet Protocol, optical networks, cloud and radio technologies. She notes that compared to previous wireless tech standards, being able to leverage the end-to-end network domain knowledge to provide an end-to-end security definition will be more important for 5G.
Many Pilot Projects
5G deployment pilots are all unique with individual critical and noncritical application aspects to them, Thottan explains. In this area, Bell Labs is working with federal agencies such as the Department of Homeland Security and the DoD to examine their specific use cases and how security can help them with the deployment of 5G systems appropriate for a particular type of operation.
Nokia is also working with MITRE Labs to develop new security definitions for this emerging architecture besides zero trust. Additionally, it is working with NIST through a cooperative research and development agreement where the company is providing radio, backhaul and core elements as part of the NIST 5G testbed infrastructure, Thottan says.
“We’re working on testing all of the different use cases that they’re [NIST] interested in. First at the 5G deployment (infrastructure) level security, but also what are the security requirements for slicing? What is the rubric that you need to come up with for deploying 5G applications on top of the commercial 5G infrastructure?” Thottan says.
One of the goals of the project with NIST is to understand if the specifications from different security standards are sufficient or if there are any gaps created when the components of a 5G network are put together, exposing any potential vulnerabilities.
The pilots point the way to the future, Verrant says, adding that whatever technologies the DoD settles on for its networks will need to support ubiquitous connectivity and high-speed operations. “Secure 5G is one of the things that will take them there,” he says.