5G is coming, how do we secure it?

By Fortinet

Emmanuel Miranda, Business Development Director, OT, Critical Infrastructure, Asia Pacific at Fortinet shares how greater connectivity requires the cybersecurity to match.

Whenever consumers hear the term 5G, they can only relate it to mobile data and voice  connectivity on their devices, says Emmanuel Miranda, Business Development Director, OT, Critical Infrastructure at Fortinet. But there is much more to it behind the scenes, he shares.

The ecosystem of 5G technology is made up of end-users, telcos and tech providers.  While this technology brings greater and faster connectivity, the expanding ecosystem also widens the area where cyberattacks can happen.

“Cybersecurity, deployed as a platform, is what is going to glue everything together,” says Miranda. He shares the importance of a cybersecurity platform to ensure that 5G innovations in the public or private sector can be adopted securely.

What 5G holds for the future


5G is the catalyst for a “new industrial revolution because it offers much greater speed and bandwidth than previous networks”, wrote CNBC. Its integration into “smart factories” is expected to contribute trillions of dollars into the global economy, they report.

Fortinet supported a customer’s proof of concept to provide secure connectivity, for controlling robots remotely from a mobile phone. The organisation is looking to use 5G technology to connect the manufacturing floor to the cloud, a particular opportunity during the Covid-19 pandemic, explains Miranda.

With Covid-19 restricting travel, robotics manufacturers are prevented from visiting their machines in person. This remote control system allows them to conduct the initial set-up, preventive maintenance and maintain monitoring from anywhere in the world, he says.

5G’s wider use will be among the public, as it is adopted to bring faster data speeds, low latency and more reliable internet connections, Miranda says. 5G networks will “help spur innovation” and “create exciting business and job opportunities”, agrees Gan Kim Yong, Singapore’s Minister for Trade and Industry in a recent virtual conference.

The role of government


5G has already come to Asia. In May 2021, Singtel said that it would be creating a 5G network, enabling “self-driving cars” and “massive IoT (Internet of Things) connections”, its announcement said.

Government plays a vital role in setting up a cybersecurity framework by making sure that 5G operators keep their services secure, says Miranda. While publicly available 5G can bring innovation, an integrated cybersecurity platform is needed to ensure the “populace is not shut down by attackers”, he continues.

The first step for government is making sure they have effective regulations in place, Miranda emphasises. As the private sector introduces 5G to critical infrastructure like energy production, established rules from government regulators will keep the systems protected, he says.

The challenge is that 5G involves a lot of different stakeholders in the ecosystem. This includes “manufacturers, operators, tech providers up to the hyperscalers” across public and private networks. A cybersecurity platform that seamlessly connects these different groups will ensure that the regulations are met.

“We are still seeing stakeholders adopting the technology without first considering how to incorporate a holistic cybersecurity framework,” observes Miranda. When a mandatory security check comes, “most of the time, they will fail their audit”, he says.

Having the right tools to be secure


Large autonomous machines can be deployed quicker, easier and more affordably thanks to 5G connectivity, Miranda shares. The potential threat is that these interconnected machines increase the attack surface and could potentially become “prime targets for an attack”, he highlights.

Fortinet’s cybersecurity experts are helping private industries to put a plan in place.  Fortinet looks to help organisations grow their business potential by minimising their cybersecurity threats, considering their budget and time limits, says Miranda.

Three strategies to help


Securing OT environments involves applying many cybersecurity strategies such as Segmentation, Network Access Control and Visibility. “Those are really things that need to be implemented as fast as possible,” he emphasises.

Segmentation divides network systems into “physical or virtual secured zones”, says Miranda. Each zone can be given unique requirements for access, keeping out hackers and ensuring only authorised users can access the zones that are relevant to them.

This enables organisations to monitor the data found in the industrial protocols which connect their systems. A major benefit of segmentation is that you stop adversaries moving laterally from one zone to another, preventing them from moving deeper into the network.

Network Access Control, part of Fortinet’s Zero Trust Access solution, requires users to verify themselves before gaining access to sensitive information. Multi-factor authentication can add to this process. This is necessary as more companies are giving access from outside the “secure perimeter”, such as maintenance teams and suppliers, he explains.

Visibility is about identifying devices, such as their type or hardware; as well as their associated vulnerabilities. Security teams also need to limit which devices can be used for specific functions.

In addition, having a centralised monitoring and logging solution to collect alerts and generate reports for fast and efficient response is also key, he says.

Preparing for IoT


Industrial IoT adoption inside the ‘security perimeter’ such as smart sensors, actuators and controllers, is adding new security challenges as these devices are mostly not secured by design, Miranda explains.

With a common set of security solutions applicable to a wide range of architectures and use cases, Fortinet solutions enable network providers to meet security requirements. This is either as part of a 5G private network offering or on top as a set of managed security services.

5G holds the potential to take public connectivity and industrial IoT to new heights never seen before. The potential threats in 5G are yet to be uncovered and are potentially complex, and a reliable cybersecurity platform needs to allow these innovations to flourish.