LTE and new radio (NR) evolution is a fundamental component in MNOs’ ability to deliver upon the promise of 5G and growth. It is fundamental for 5G’s cornerstone capabilities: high bandwidth (eMBB), massive scale (mMTC), high reliability and low latency (uRLLC).
Evolving LTE and 5G RAN technologies and architectures also enable these mobile network operators to expand their customer segment from consumers to enterprises and industries – enabling new markets and growth engines.
But at the same time, these 4G and 5G radio access infrastructures not only introduce complexity, but also increase the potential attack surface and risk presented. And this risk must be addressed through appropriate security controls designed to support and protect the delivery of business and industry use cases across the Radio Access Network (RAN) and elsewhere in the telco cloud.
RAN evolution, current and future target market segments, and use cases enabled by 4G/5G technologies and infrastructures, all have a strong impact on the growing need for RAN security:
To enable the growing scalability delivered by LTE-A, and especially 5G, the deployment of a growing network of small cells is required. Many of these femtocells, picocells, and microcells eNobeBs (eNB) and gNodeBs (gNB) will be located in the public domain and in other non-secure locations. These will also be, in most cases, connected to the MNO network via an untrusted backhaul. These factors represent a growing risk, contributing to an increase in the overall attack surface as well as risk for traffic tampering, misuse, and manipulation.
The ongoing evolution of 4G, and the introduction of 5G, are gradually enabling the implementation of business and vertical use cases that provide value beyond plain wireless connectivity. However, they also place a growing importance on the integrity and continuity of user plane traffic in the RAN, as well as onto the core. This user plane has now become one of the primary components of the MNOs’ ability to provide value added services (VAS) such as infotainment, IoT services, and AR services, to name a few.
This, in turn, drives the need for greater security, integrity, and continuity of user plane data which is also likely to experience significant growth.
The need for better and higher RAN performance, agility, scalability, flexibility, and cost-effectiveness have led to its gradual evolution in LTE, and ultimately, onto 5G NR. As a result, MNOs will be operating a hybrid RAN environment composed of different centralized, distributed, and virtualized/cloud eNB/gNB architectures.
These architectures will also depend on specific use case requirements per market segment or network slice. In such a hybrid environment, maintaining security, integrity, and visibility for control, user planes, and O&M requires using a common set of security tools flexible enough to adapt to the RAN’s different architectures, requirements, and constraints.
LTE-A and mostly 5G provide the ability to support critical use cases and innovation in different industries, including healthcare, energy, and transportation. Unlike the previous mobile generation, mobile infrastructure technology “standardization” and the growing reliance on its services for some critical use cases will increase the cybercrime community’s interest in the mobile infrastructure as an attack vector and target, and will further drive the growing need for RAN security.
These are some of the main forces driving MNOs to modernize and strengthen their existing RAN security. Failure to provide confidentiality, integrity, and service continuity for all communication planes (control, user, and O&M) may result in different types of attacks:
Any one of the above attacks has the potential to disrupt the RAN, the core network, and overall service continuity. They can also expose and modify user data, impacting both customers and telco cloud applications and services, and overall jeopardize the MNO’s ability to comply with data privacy and security regulation.
The Fortinet solution for RAN security utilizes the FortiGate platform in different form factors (physical and virtual network functions – PNF and VNF) to provide advanced Secure Gateway (SecGW) and a state-of-the-art Next Generation Firewall (NGFW) capabilities. These are designed to meet the security needs of different LTE and 5G NR architectures. The FortiGate provides three key security functions for the RAN:
This unique combination of form factors and functionalities delivers a powerful tool with a rich set of versatile capabilities suitable for the largest Tier-1 4G and 5G RAN deployments:
Securing the RAN mandates a new kind of SecGW infrastructure, one is the agile and hybrid, and yet capable of supporting the mixed architectures and different performance, scalability and QoS requirements that LTE-A and 5G bring to bear. Fortinet’s FortiGate unique capabilities and performance provides a truly secure LTE-A and 5G NR infrastructure enabling mobile network operators to securely deliver current and new services and use cases.
Learn more about Fortinet’s LTE and 5G new radio security solutions.
Download Whitepaper to explore considerations and requirements for 4G and 5G Radio Access Network (RAN) Security.