How 5G supports enterprise-grade security from the ground up.

But as data processing expands and accelerates, so do potential security vulnerabilities. New data flows must be secured as quickly as they’re generated. Millions or even billions of interconnected IoT devices transferring massive amounts of data may introduce new threats. 

What’s more, heightened security risks have surfaced in the wake of the Covid pandemic, many of them distributed workforces and more dispersed digital processes and systems. According to Gartner research, about 60 percent of knowledge workers are remote and at least 18 percent won’t return to the office. “These changes in the way we work, together with greater use of public cloud, highly connected supply chains, and use of cyber-physical systems have exposed new and challenging attack surfaces,” the report warns. In cyber-physical systems, physical infrastructure and computational resources are interconnected.

Business leaders like you need fast and agile network security capabilities to support your digital business priorities—and that’s where 5G shines. 5G also brings improved application response times and an increased ability to collect and process data at the network edge. And 5G is more secure than any previous wireless network technology.

“Security is embedded into 5G from the ground up,” says Todd Gibson, Member of Technical Staff - Cyber Product Security at T-Mobile. “It was created with a risk-based mindset. Standard Wi-Fi networks simply can’t provide the level of security that modern businesses require.”

5G has built-in security features that address many of the vulnerabilities of 4G, 3G, and 2G networks. Those 5G features help ensure data is communicated reliably and that end users’ and service providers’ security needs are met, along with certain regulatory and governance requirements.

“The cybersecurity industry, a collection of global mobile network operators, and cellular equipment manufacturers have purposely built in a plethora of new security specifications in 5G,” says Gibson. 

Some of the 5G security improvements that address weaknesses in earlier-generation network technologies include:

• Encryption of the subscriber’s identity: In 4G and earlier generations, the subscriber’s identity is sent in the clear as mandated by global standards. By sending this identity (e.g., IMSI) in the clear, an attacker could, within RF range of the targeted subscriber, detect the wireless communications and possibly determine whether the targeted subscriber is within a certain area (like a city park, home, or office). To mitigate this threat, 5G now encrypts this identity via a public key infrastructure (PKI) solution so that the subscriber’s identity isn’t sent in the clear.
• Mutual authentication: By using the new 5G PKI solution on a subscriber’s device, the device inherently authenticates the mobile network operator’s 5G core network when the device successfully registers onto the 5G network. This ensures that the subscriber is connecting to the legitimate operator’s network.
  
• Encryption and integrity protections of network control plane messages between the subscriber’s device and the mobile network operator’s 5G core network. When a device is registering to the network and/or using network slicing, the control plane messages that enable these services are encrypted end-to-end versus only being encapsulated as in 4G and earlier generations.
  
• Encryption and integrity protections of the user plane, which carries user data traffic, to further protect wireless communications from man-in-the-middle attacks.
  
• Transport Layer Security authentication and encryption of traffic between network operators.
• Verification of the home network when subscribers are roaming into another operator’s 5G network.
• Anti-bidding down between architectures (ABBA), which guards against an attack method in which network protocols are tricked into operating with lower-quality, more susceptible network protocols.

To address user concerns about privacy and privacy legislation—like the General Data Protection Regulation (GDPR) in the European Union—5G’s data traffic, phone calls, and text messages are protected by state-of-the-art encryption. The devices and the network authenticate each other and use encryption and integrity-protected signaling, making it difficult for an unauthorized party to decrypt, read, and/or manipulate the communicated information.

“5G comes by default with a lot of customer privacy capabilities,” says Gibson. “There’s more privacy for your employee base, so there’s less likelihood that somebody can track your employees at a particular location or network.”

5G’s security protections include the user plane, the part of the network architecture that carries user traffic. At the same time, it’s important for businesses like yours to remember that prioritizing your overall security means paying attention to workloads and applications that may be running over 5G, but are independent of the 5G network itself.

“We can partner with customers,” says Gibson. “But they also have to be somewhat responsible for the security of their applications.” This includes data at rest or in transit that may reside within your own systems and infrastructure before it’s carried over the 5G network.

At-T-Mobile for Business, we often work with customers to ensure that security best practices are applied, avoiding gaps and maintaining currency in the face of evolving threats. “We can provide really talented cyber experts to sit down with customers and do assessments together with them,” adds Gibson. “We can identify where there could be opportunities for improvement, then work with them to do it.”

In other words, security is everyone’s responsibility. And with 5G, we’re collectively in a stronger position to collaborate securely and help you successfully drive new innovation.