Back to Blog
How to Secure Private 5G Networks

private5g blog img

A private 5G network is a wireless Local Area Network (LAN) that licenses 5G technologies inaccessible to the public. For organizations  that are ready to take advantage of 5G technology, the option of a private 5G network is particularly attractive because a private network allows for all of the same benefits often touted when discussing 5G at an enhanced level—speed is even faster, bandwidth even greater, and latency even lower because now the ultra-fast data sharing enabled by 5G would not need to be shared over a clogged public network. 

Anyone who has been working from home for the last year probably has the first hand experience of seeing their network connection slowed because suddenly more people are using it. When you consider the billions of devices projected to connect to 5G over the next five years, it makes sense that enterprise organizations are looking to take things private.

How Industry 4.0 benefits from a private network

The adoption of private 5G networks has taken a particular foothold within Industry 4.0, where 5G’s promise of low latency, greater bandwidth, and faster speeds is an attractive asset for manufacturers. Considering the added benefits of taking that network private, it makes sense that smart factories are adopting private 5G networks. On a private network, these benefits are provided on a fully customized and self-controlled infrastructure. This enables organizations to better scale their 5G efforts as new sensors, controllers, and other 5G-equipped devices are easier to connect to a private network.

Of course, the same 5G-related benefits like minimizing production downtime on a more scalable network, increasing flexible manufacturing thanks to reliable high-bandwidth connectivity that reaches across the smart factory, and improving real-time decision-making with edge devices connected to the same network.  However, a private 5G network allows a manufacturer to realize increased cost savings as organizations don’t need to spend money on building wired-smart factories. 

So, as network providers begin to significantly expand their private network offerings, where does cybersecurity come into play?

Security challenges that plague the public 5G network, also impact private networks

On its surface, a private network would seem to only increase cybersecurity for an organization. After all, by its very nature this network is inaccessible to the public, therefore less susceptible to attacks that occur over a network. 

However, depending on the systems and practices an organization chooses to implement, there are various cybersecurity challenges that need to be addressed. For example, if a smart factory does not do all of their edge computing on premise (perhaps some data is shared with a regional data center), that data would need to travel outside the trusted, private network to reach the data center for processing, and then back to the private network and the end system that will use the processed data. 

A private network does not mean inherently private data

Data leaving the smart factory follows an encryption process, both before it leaves the network and before it comes back, wherein the data is signed by the system before being sent to and from to the data center. While this is a standard security practice, it’s when the data is being sent back and forth between systems, when the data is most vulnerable. Once data leaves the comfort and safety of an organization’s private network, it can be intercepted and—depending on the nature of the data—stolen or manipulated to negatively impact the function of the end system. 

Let’s say a smart factory with a private 5G network decides to use a regional data center for all of its AI/ML systems. So, a manufacturing robot, connected to the private network, would collect and send data to the data center. That data is then processed, and a set of instructions is sent back to the manufacturing robot. If the data was secure, all processes would run smoothly and the manufacturing robot would continue on. However, if that data is intercepted in transit, it could be manipulated before being sent back to the manufacturing robot. In an event of a data-oriented attack, any number of scenarios could unfold, including shutting down the manufacturing robot and costing the company money in the form of unplanned downtime. 

Cyber-physical attacks pose real-life threats 

Unfortunately, in the event of an attack, an unplanned shutdown would actually be the best case scenario. Now that we’ve entered an era of cyber-physical attacks, a data-oriented attack on a smart factory using AI could cause significant harm or even loss of life. If the data being sent to a self-driving forklift was subsequently manipulated to tell the forklift to speed up rather than slow down, it’s easy to see how this could pose a threat to anyone working on the factory floor.

Even if all edge computing is done onsite, other security concerns must be taken into consideration. For instance, if an untrusted device, like an employee’s smartphone, connects to the private network, that device could serve as an entry point for attackers to gain access.  Once an attacker has access through one insecure device, they can execute an attack against any of the other systems connected to the same network. 

The bottom line is that a private network does not equate to true data privacy. 

Securing a private 5G network requires a defense-in-depth strategy

In order to provide the security a smart factory requires, a proactive defense-in-depth approach is necessary. A defense-in-depth approach means there are multiple levels of security implemented in order to protect a system. In the case of an organization using a private 5G network, a defense-in-depth strategy would mean having layers of security to protect the private network, like firewalls and anomaly detection. 

 

It would also mean having multiple layers of security at the device or system-level to protect the individual devices connected to the network, in case the attacker gets past the network defenses—which happens more often than you think. Device level security would likely include, compartmentalization, encryption, root-of-trust, and even physical protection. I would also include technologies, like Dover’s CoreGuard solution which prevents the exploitation of software vulnerabilities and immunizing devices against entire classes of network-based attacks. 

 

To learn more about securing a private 5G network with a defense in depth approach, download our white paper: The 5G Cybersecurity Stack: How to Secure 5G with a Defense-in-Depth Approach.  

Share This Post

More from Dover

PublishedJune 08, 2021

In January 2021, a major buffer overflow vulnerability, impacting a large chunk of the Linux ecosystem, was discovered in the sudo application by security auditing firm, Qualys. The vulnerability, known widely as “Baron Samedit,” received a CVE...

CoreGuard Defense-in-Depth