At present, it is difficult to remember life before the COVID-19 pandemic, but a key switch that has happened is the large-scale shifting of the population to work at home, as widely documented. Some mobile operators in the UK recently have had a bit of a bumpy ride, with spotty coverage and outages experienced as the current mobile networks adapt to the increased migration of people from office to home. Events like this are only going to intensify calls for increased infrastructure investment in new mobile communication technologies such as 5G after the pandemic has passed.
I have released my latest research paper looking into the security considerations for European industries looking to implement private 5G networks. Large industrial players such as Siemens and Bosch and ports such as Rotterdam and Hanover have been launching pilots with private 5G networks to test out various industrial automation and internet of things (IoT) use cases. Doing this brings new security challenges that are unique to 5G deployments.
Here are some observations based on the research:
- There is more to the 5G security debate than device manufacturer choice. The device manufacturing debate is taking up considerable press attention. While an important debate, it is currently within the preserve of each European country to take their own decision on, based on a range of complex political and nonpolitical factors. However, it is taking attention away from the task of implementing the security capabilities of 5G correctly. Ensuring interoperability of 5G equipment from different manufacturers and consistent implementation of security controls (e.g., integrity checking, authorization and authentication controls, consistent IoT device security, encryption, and segmentation and anomaly detection) needs to be examined more in the current 5G security debate than at present.
- European organizations considering private 5G deployments need to quickly learn about securing virtual network infrastructure. 5G networks fundamentally rely on a far higher proportion of virtualized network infrastructure than prior 4G LTE deployments. Many networking professionals tasked with managing virtualized networking infrastructure will need to get used quickly to working with network function virtualization (NFV) and software-defined networking (SDN) deployments as they move away from physical deployments. Many participants in my research called this out as a key skills and knowledge gap that they saw emerging for private sector organizations looking to implement 5G private networks. European organizations seeking to build a private 5G network need to quickly upskill their networking and security professionals in NFV and SDN technologies and specific security concerns.
- Expect some delay to standards development work for R16 and R17 from 3GPP. Most European operators I spoke to were reasonably comfortable that the next releases of the 5G standards, releases 16 and 17, would be on time. Given the current situation with COVID-19, in-person meetings to discuss and debate technical standards will be deferred or transferred to virtual conferencing; it is likely that we can expect some delay in the next releases of the standards being developed.
Forrester clients, for further insight, see my latest report, “Securing Private 5G At The Edge: Europe Edition.”