This page is fully or partially automatically translated.
- Network and Application Security
The security of 5G networking is challenging mobile operators and industrial sites to take advantage of the innovations of the new mobile communications.
These technical possibilities and the associated economic interests in the "factory of the future" often cause safety considerations to take a back seat, which can usually lead to high consequential costs if safety gaps are exploited and lead to downtimes in production operations.
For example, IoT end devices such as simple sensors can already exchange status information via signaling mechanisms in favor of energy efficiency, which opens up the possibility of attacks to manipulate the data. To counteract this, authentication requests, especially for inexpensive sensors, should be specially checked and the integrity of simple sensor systems should be guaranteed by an extended security concept.
Also the future integration of many sensors into complex IT systems by mass pre-configuration via eSIM allows cyber attacks by pretending a different identity and the possibility to spread false status information from manipulated end devices to control units. Inverse SIM locks, which link a SIM configuration to a specific predefined and cataloged device, can prevent or even eliminate unnoticed manipulation of end devices.
The IT architecture of a 5G network differs significantly from the IT in previous mobile networks. Cloud-based networks with their modern and efficient technologies create a higher flexibility in the network which also increases the performance as edge clouds at the base station. In the area of security, new risks arise here, both in the operation of applications and in the operation of the computing clusters themselves. For example, it is possible to compromise the entire computing cluster through weak points in virtualization. But also the unauthorized access to data and the corresponding data outflow would be conceivable. These risks can only be prevented with appropriate technical measures, such as monitoring network traffic at the virtualization level.
With service-oriented architecture concepts, the processing units are encapsulated in so-called containers, which provide certain features on demand. A continuous development and integration process (CI/CD process) is particularly advantageous for the developers and operators of the IT platform in order to adapt to new requirements as quickly as possible. Each build process creates a gateway for manipulated or corrupted code snippets, which can enter operational use unnoticed. Information security requirements must be checked for compliance from the very beginning. Efficient vulnerability management (CVE scoring) of the integrated software libraries should be an integral part of every development process. Also in operations, an agile method for evaluating the IT security of the active software must be created to implement an efficient CI/CD process. The necessary close integration of IT security management with software development should be firmly established during the development process.
A document on this subject is available in German. Would you like to read it? Switch to the German view.