Based on their structure and components, 4G-LTE and 5G cellular protocols are more secure than Ethernet and Wi-Fi-connected IP networks. But when it comes to security, protocol isn’t everything; organizations deploying these networks need tools to ensure that those protocols are utilized properly for security. And the tools that are available are largely ineffective for private networks built on advanced cellular technology. Unfortunately, many organizations are unprepared to deal with these threats.
CISOs often believe that protecting cellular networks is “easier” than protecting IP networks. And this is somewhat understandable: If private cellular networks are always more secure –because of the features baked into them – then the security tools for the less-secure IP networks will certainly be effective on cellular networks. But that’s a fallacy. Cellular network technology and security are different from IP network technology.
Different Networks, Same Purpose
The super-fast speed and near-zero latency of advanced cellular networks make them perfect for automated production systems, so often enterprises are using them as replacements (or at least additions) to IP networks, managing and controlling operations.
But while the uses – and threats – are similar, the tools available to protect IP networks are mostly not applicable to advanced cellular private networks. The reason for this is simple; while IP network protocols evolved to serve individual and organizational users, cellular protocol evolved to serve the needs of carriers.
Understanding – and planning for – these differences are becoming more crucial. Threats to private LTE/5G networks come in the form of tried and true exploits that hackers have for years used to compromise public cellular networks, providing hackers with the ability to command and control their victims, just as they do on IT networks. But the vulnerabilities and attack methods – and the solutions – can be slightly different in some important ways.
Take, for example, DDoS attacks – a threat to both IP and cellular networks, with the term Signaling Storm used to refer to attacks on the latter. The threat – freezing of all network activities – is the same for both, but the vulnerability for 4G-LTE/5G private networks is much more severe than it is for IT networks. IT network DDoS attacks generally succeed in halting web activity while the attack is ongoing, but most organizations will have backed up their networks to ensure that they don’t lose data.
If the network gets overloaded in a signaling storm attack, the IoT devices that rely on it to get things done go down, too. The method of attack in a Signaling Storm is far different than for an IT network; in the former, bots jam the network with HTTP requests, while cell networks – and the IoT devices that populate them – are subjected to high-bandwidth connections that overwhelm the bandwidth. The method of attack and the network context – cellular vs. IT – is different than for an IT DDoS attack, thus requiring a different security approach.
Another example involves hacking devices themselves. On an IT network, those would be the computers, handheld devices, tablets, and others that are connected at any time. The most common (and successful) form of attack on those networks is phishing, where hackers hope to convince a user to give up their authentication credentials.
On a private 4G-LTE/5G network populated by IoT devices - robots, sensors, and the like - there usually isn’t a human to phish; instead, hackers seek out open ports and standard login/passwords (like “Admin:Admin”) that have not been updated. Here, too, the threat and the vulnerability is the same for IT and cell networks - but the method of attack and network context differ. Thus a different security strategy is required.
When used on a private cellular network, an individual’s smartphone becomes a far more potent danger than when used on a public network. When attacks focused on traditional public networks, hackers were limited in the damage they could do - mostly stealing credit card lists or getting access to devices.
But when cellular networks are used for the same purposes IP networks are used for -productivity, automated production, communications, and more - those devices become vectors for attack, with the risk and potential damage now as great for private cellular networks as they are for IP networks.
Thus, both the networks themselves and the devices on them are vulnerable - providing a “perfect storm” for bad actors who seek to attack enterprises. Attacks like these have already been executed on IoT devices and on private 4G-LTE and 5G private networks - and as these networks become more popular, attacks will grow in size, scope, and complexity. And as attacks increase, more solutions will be offered by more cybersecurity companies. When choosing solutions, the most important thing for security teams is to ensure that those solutions are the ones they really need - and that really address the security issues on their private cell networks, not just reiterations of existing IT security tools.
Liron Ben-Horin is VP of Systems Engineering at OneLayer.