Building a secure 5G+ future with collaboration and trust

Posted 07/14/2023 by Eric Sivertson, VP of Security Business and Mamta Gupta, Director of Marketing Security & Comms Segment

5G is the fastest growing mobile technology in history. As 5G rapidly develops, we are experiencing a major shift in the design and implementation of telecommunications networks to support new applications such as robots, connected cars, smart factories and cities, and metaverse experiences.

Lattice holds security seminars with ADI and NXP every quarter to discuss the challenges, opportunities and latest hardware security solutions facing the global telecommunications industry. The telecommunications industry is moving from the traditional castle security model (there are threats outside the castle, but everything inside the castle is safe, and the entry to the castle is controlled by trusted personnel and strong authentication protocols) to an open and disaggregated network architecture based on ORAN. This new model is more flexible and open, but the nature of this highly decentralized and distributed network is also more exposed to threats, more vulnerable and exploited. This also means a wider attack surface, requiring stronger network resilience mechanisms to protect, detect and recover in real time. Given this need for enhanced security, we see more and more regulatory agencies in the United States and Europe stepping in to formulate regulations and requirements to ensure the security of data and information.

New regulatory environment

The more security threats there are, the higher the security requirements are. Telecommunications infrastructure has become an important part of critical infrastructure. Today, management agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the U.S. National Institute of Standards and Technology (NIST), and the European Union Cybersecurity Agency (ENISA) in Europe are stepping up their efforts to protect national and citizen security. They have set strict security requirements in executive orders and legislation, such as EO14208 in the United States and the European Cybersecurity Act.

There are more and more considerations and requirements around the following aspects:

• Network resilience and zero-trust security mechanisms: With the disintegration of the castle model and the continuous development of 5G, anyone can create dangers and the perimeter is no longer safe. Network resilience technology using zero-trust security is becoming an integral part of protecting the network, ensuring identity authentication at every node in the process.

• Supply Chain Regulations: Because third parties can introduce Trojans into businesses in the supply chain, it is more important than ever to define and implement supply chain resiliency regulations to protect critical infrastructure from impacts.

• Confidentiality and integrity: As data passes through various control and user planes, it is critical to establish a root of trust (RoT) hardware to ensure that the device is trusted and secure.

• Quantum computers and post-quantum cryptography (PQC): Quantum computers are likely to become a reality in a few years. They will significantly impact traditional asymmetric cryptography and therefore could pose a significant security threat. Developers need to carefully consider their impact and emerging PQC requirements. The “steal now, decrypt later” approach is already imminent, and PQC solutions are urgently needed. In fact, the Commercial National Security Algorithm (CSNA) has a clear timeline for upgrading telecommunications infrastructure to PQ solutions, and it has also become the most stringent regulatory regulation, which will help drive market action.

• Implementing regulations: While legislatures did not previously enact infrastructure security regulations, they are now playing a larger role. Implementing regulations, such as zero-trust security, are becoming more common and better enforced.

While these regulations may seem daunting, they will drive adoption of much-needed cybersecurity initiatives and enhance cyber resilience.

Collaboration is key to building a secure future

Because these regulations and standards change quickly, collaboration is needed to increase flexibility and agility. In the past, business leaders would question the cost of security, but now they are showing great understanding and support as companies and government organizations recognize that a strong and secure infrastructure is critical to the health of businesses and countries.

More importantly, collaboration is key to ensuring that all perspectives are heard and common interfaces and protocols are integrated into the solution. Cross-company alliances are a great way to help explain and define requirements, ensuring that the various parts of the network are integrated together without causing incompatibilities.

For example, in previous generations, the ORAN Distributed Unit (ODU) and ORAN Radio Unit (ORU) were co-located and shared security measures in a controlled environment. Now, the ODU can be connected to multiple ORUs regardless of their location. It is precisely because of this decentralization that an independent security architecture must be in place to verify the communication between the ODU and ORU.

Additionally, cross-company collaboration ensures that features, interfaces, and authentication work together in a standard and cohesive way. Industry ecosystems are bringing together various companies to ensure that security solutions are implemented without causing "fault lines" at the interface. By collaborating, they are able to standardize what needs to be protected while abstracting the most important implementation and testing aspects of creating a secure system. Organizations such as O-RAN, 3GPP, and TIP are all working to define these requirements and standards for secure telecom networks and comply with regulations from various government agencies.

Enterprises encourage developers to develop using RoT and zero-trust models because they are the preferred security approaches. They should also continue to focus on PQC and constantly adapt to the changing environment. In addition, companies should give full play to collaboration to succeed in a changing and complex environment.

That’s why FPGAs are an essential component of such complex solutions. Their inherent ability to be programmed and reprogrammed provides certain key functions that make them uniquely suited to meet the specific and demanding requirements required by many advanced technologies.

To learn more about the growing need for security solutions in the telecommunications industry and the Lattice ORAN solution set, please contact the Lattice team.