Network Defense for a 5G and 6G World Looms
Effective solutions need to address tomorrow’s problems.
The spate of 2021’s high-profile cyber attacks has caused policymakers and practitioners to seriously reevaluate the state of security for U.S. critical infrastructure and key resources. From the unprecedented SolarWinds supply-chain infiltration to the Colonial Pipeline ransomware attack to the most recent allegations of Chinese state actors infiltrating tens of thousands of Microsoft Exchange mail servers, the scale and scope of cyber attacks against public and private U.S. networks are only worsening. As 5G—and eventually 6G—moves to increasingly meshed networks, the challenge of network defense only grows.
Chief information security officers, legislators and administrators appear to be in a lose-lose situation, finding themselves dependent upon inherently insecure networks constantly targeted by threat actors. First among threat actors are advanced persistent threats that exploit networks’ inherent vulnerabilities. Facing such odds, stakeholders must begin thinking differently about network security to continue relying upon networks to service industries such as critical infrastructure, finance and defense.
Until now, most organizations have adopted a datacentric approach to the problem of the inevitable network breach. The datacentric approach requires organizations to prioritize their data and then direct security resources toward top priorities.
Another popular network security method attempts to regulate organizations to conduct basic cyber hygiene using carrots and sticks. According to Kiersten Todt, chief of staff at the Cybersecurity and Infrastructure Security Agency, the Colonial Pipeline attack revealed that companies still fail to do the “bare basics” to secure critical infrastructure. The reality is, however, that regulation can only do so much to compel the companies that control more than 80 percent of the nation’s critical infrastructure. Recognizing this soft underbelly, adversaries understand how to hit where it hurts to incite large-scale panic, as seen in the Colonial Pipeline ransomware incident. And even if every company managing critical infrastructure executed a world-class cybersecurity program, it still only takes one breach to incite mass panic or cause significant financial loss.
A third approach seeks to solve the network security problem using technology. In times past, analysts would monitor network traffic with the help of a security information and event management (SIEM) system. As intrusions became more sophisticated and frequent, SIEMs were unable to keep pace with the volume of network traffic and threats. Solutions such as big data platforms (BDP), machine learning (ML), and security, orchestration, automation and response (SOAR) soon came online, offering the capacity to house large amounts of network traffic and the means to sift through it and operationalize it automatically, at scale and with granularity.
It is such solutions that the Joint Chiefs of Staff is banking on as it adjusts course on its warfighting concept. As described by the Joint Chiefs’ vice chairman, the Pentagon is moving to a fully connected combat cloud. While moving data to the cloud is certainly a step in the right direction, how that data is analyzed and filtered is a question that appears unaddressed.
Moreover, using a BDP, even with technologies like SOAR and ML, will be too inefficient to respond in 5G (and eventually 6G) environments with hyper-connected and ever-changing networks. Even with SOAR’s automatic detection and response measures, its current method is inherently reactive instead of proactive. Automated security responses are good, but they likely will not be good enough for future networks.
As the world moves into 5G, and soon enough 6G, it will be important to recognize that the security challenge revolves not around protecting data but protecting networks. This is a world where true mesh networks are coming into existence, and edge devices, such as the remote terminal units along a critical oil pipeline or the infantryman’s rifle, are all connected.
Carriers moving into the 5G space are taking varied approaches to how they provide 5G services. Some are looking to break new ground using high-band, short-range airwaves. While offering 5G connectivity, devices operating in these frequencies can only operate up to 800 feet from towers or repeaters. This approach necessitates increasing the number of repeaters within a given area, and that data requirement does not stop at 5G.
Samsung predicts 6G must be prepared to support 107 devices per square kilometer, a tenfold increase over 5G. A 5G world means more repeaters. A 6G world means edge devices will not only act as data producers and consumers but as repeaters themselves. Yes, 6G is still mostly just an idea, but now is precisely the time to lay the cybersecurity foundation needed in a 6G world to stand prepared for its debut in 10 years. In the ultra-saturated device and data world 6G is expected to be, networks will function by becoming truly meshed to a degree yet unknown, and this will require novel network security solutions.
The network security game has changed. Datacentric approaches, risk management techniques and technology-based solutions are all important but still fundamentally lacking for today’s and tomorrow’s networks. These challenges require a new solution to address a unique class of cyber threats that move at a speed and scale not yet seen.
A recent HP white paper addresses the situation, introducing the idea of “second-generation” cyber weapons that rely on greater computing power, advanced artificial intelligence (AI) and more thorough cyber-physical integration. The 5G and 6G networks being developed offer everything adversaries need to fuel tomorrow’s cyber weapons. To truly tackle threats, solutions must be identified that don’t just meet the adversary but outpace them.
Current network defense methods are unable to keep pace with threat actors’ speed, scope and complexity. Rather than reactively responding to threats, a proactive defense must operate like the adversary, understand how he shoots, moves and communicates, repackage his techniques and put them to use against him.
This idea sounds great in theory, but how is it functionally accomplished? The enabling technology behind it is generative adversarial networks, or GANs. GANs create entirely new data instances by pitting generator and discriminator algorithms against each other, allowing the discriminator to learn from the generator. This type of ML goes beyond simply correlating data; it creates entirely unique data. Applied to network security, it holds the potential to proactively fight the adversary autonomously as it learns from him and maneuvers at or above pace.
The use of GANs in this manner has already been proposed by Robert Chesney and Danielle Citron to detect deepfake videos. Using competing algorithms, GANs presents a solution for determining whether a video is real or artificially doctored. The same concept can be applied to network security.
If a mesh network is like a veinous system—data are red blood cells, attackers are an infection, and GANs are white blood cells—then securing that network using GANs is like the white blood cells responding to the infection autonomously, precisely and in real time wherever it exists in the network. As the attacker moves and communicates, GANs learn and outpace them, proactively queuing a solution such as SOAR to change firewall settings, close ports and apply patches at a speed and scale enabled by an ML solution such as GANs.
The most significant drawback of GANs use is the problem of training the generator data. Before the “adversarial” part of GANs implementation can occur, the generator must be fed malicious training data. In the case of deepfakes, this training is fairly straightforward because the data pool is focused and concrete—manufactured pixel data in a discrete pixel array. Mimicking this training for attackers maneuvering in a dynamic network is much more complex.
Another drawback is hackers’ use of AI to become hardened against ML-enabled defensive measures. GANs addresses the problem of adversarial AI with its own adoption of a flexible, proactive AI solution. But this solution requires a significant investment in infrastructure to produce the data and response mechanisms needed for an effective defense. To enable its implementation, adopting Samsung’s “native AI” concept is a good place to start.
Security is a relative endeavor, measured not against what the adversary did yesterday but what he is doing now and is preparing to do tomorrow. The network security challenges faced today and in the future require a cognitive adjustment in operationalizing security. Attackers are already outpacing current defensive measures, and their activity only grows in scale and complexity. In true DevSecOps fashion, the research and development for 6G security should be on par with that being conducted for its development. Effective security solutions will be those enmeshed in the network’s design. This means security that extends to the edge, operates in real time and maneuvers autonomously. GANs offers at least a jumping-off point as a solution that meets this demand. Now the choice is whether or not to invest in tomorrow’s security, today.
J.D. Canclini is a consultant with Booz Allen Hamilton and a cyber risk management student at Georgetown University. Previously he served as a Marine officer at the Marine Corps Cyberspace Operations Group.
This article was prepared by the author in his personal capacities. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy, opinion or position of his employer.