Another major accident breaks out. How to solve the 5G network security dilemma?

The frequent outbreaks of cybersecurity incidents have caused significant losses to enterprises and society, and have also made cybersecurity issues increasingly important. The rise of 5G has brought new cybersecurity challenges, especially in industrial Internet applications. Once security problems arise, the consequences are very serious and may even deal a fatal blow to corporate production.

[[355982]]

1. Network security is more severe in the 5G era

On November 24, according to foreign media reports, Vodafone stated that its mobile communication network in Germany was disconnected for more than three hours due to a control equipment failure. More than 100,000 mobile phone users accessed the network wirelessly. The disconnected areas included Berlin, Hamburg, Munich, Cologne, Frankfurt and other cities. The situation was very serious, but fortunately it has now returned to normal.

Currently, major security incidents are occurring frequently around the world, and the frequency is increasing. From 2020 to now alone, more than a dozen major cybersecurity incidents have occurred.

In February 2020, a natural gas company in the United States was attacked by ransomware, affecting both IT and OT assets. Facilities were forced to shut down and natural gas supply was forced to stop.

In May 2020, Taiwan’s two largest refineries were hit by ransomware attacks within two days of each other, shutting down computer systems and preventing customers from using electronic payments at gas stations.

In July 2020, X-FAB, a world-leading German wafer manufacturer, was attacked by a virus. Its IT system immediately stopped operating and its six production bases were forced to close.

In September 2020, Israeli chip giant TowerJazz was suddenly attacked by a cyber attack, and some system servers and manufacturing departments stopped operating.

In October 2020, an Indian COVID-19 vaccine manufacturer suffered a cyber attack, and some of its factories around the world were forced to close.

The frequent outbreaks of cybersecurity incidents have caused significant losses to enterprises and society, and have also made cybersecurity issues increasingly important. The rise of 5G has brought new cybersecurity challenges, especially in industrial Internet applications. Once security problems arise, the consequences are very serious and may even deal a fatal blow to corporate production.

"With the deep integration of 5G and the industrial Internet, the security challenges faced by the industrial Internet are more severe, because traditional factories are closed. After the advent of the 5G era, closed factories have been opened," said Qi Xiangdong, chairman of Qi'anxin Group.

Huawei's rotating chairman Hu Houkun also said that in the 5G+Industrial Internet era, security scenarios will become more complex. Compared with traditional models, the system security exposure will be greater. Once a system interruption or data leakage occurs, it will cause great harm to society and the public.

"At present, with the popularization of information services, a large amount of basic information has been collected on the Internet, and a large number of devices have been connected to the industrial Internet. With the development in the future, device access will be everywhere. The security protection capabilities of access devices are uneven, which will bring great security risks." He further pointed out.

What are the challenges of 5G+Industrial Internet network security?

Data shows that in a survey of 415 network executives who plan to adopt 5G in Q1 2021, 56% of companies expressed concerns about the security of 5G.

What are the specific challenges of 5G network security in the field of industrial Internet? Qi Xiangdong summarized four major challenges:

1. There are many vulnerabilities, they are of high level and pose great risks.

Data shows that in the first half of 2020, a total of 946 vulnerabilities were found in networked industrial control equipment, including 385 high-risk vulnerabilities and 472 medium-risk vulnerabilities, accounting for 91%. Nearly 20 types of vulnerabilities were found, mainly buffer heap overflow, design defects, illegal authorization, and cross-site scripting, accounting for 63.2% of the total number of vulnerabilities. "Some vulnerabilities still have public exploit codes, and attackers can easily gain control of the device through the code, which poses a great risk.

In August 2020, three serious vulnerabilities were exposed in Mitsubishi Electric's factory automation products, which could cause remote code execution, confidential file leakage, file tampering, and denial of service. Mitsubishi Electric responded promptly and provided fixes and updates for some of the products affected by the vulnerabilities.

2. Data is highly open and fluid, which increases the risk of leakage.

The 5G edge computing center is open to third-party applications through the APT interface. Industrial Internet data is shared among different applications. The flow direction and path are complex and difficult to control, which greatly increases the risk of secure data transmission and storage.

In April 2020, Portuguese multinational energy company EDP was blackmailed and 10TB of sensitive data files were encrypted by attackers. The leaked data included EDP's product bidding and quotations, travel information and private conversations, as well as the names, phone numbers and user IDs of all customers and employees.

3. Attacks are becoming industrialized and diversified, and the methods are becoming increasingly mature.

According to a report by the US research organization MITRE, cyber attacks on industrial control systems have formed a complete matrix, which is divided into 11 steps and more than 100 tactics. Attackers can completely control the production system through standardized and process-based operations.

4. There are endless internal traitors, and the defense line can be easily breached from the inside.

A report jointly conducted by the FBI, CSI and other agencies shows that more than 85% of cyber security threats come from within, and the degree of harm far exceeds the losses caused by hacker attacks and viruses.

Wu Hequan mentioned that the industrial Internet needs to adopt strict security prevention technologies, security requires equal emphasis on management and technological development, and the security of enterprises must achieve threat intelligence sharing and coordinated linkage with the security of the industry and society.

He further pointed out that the industrial Internet is always online 24 hours a day, so the security work of the industrial Internet is always on the road. How to achieve co-creation and sharing, network information security companies, government departments, and operators form big data collaboration, obtain real-time threat intelligence and risk notifications and solutions, and use external forces to help companies improve the security defense of the industrial Internet are all core issues that need to be urgently addressed in the industrial Internet.

How to deal with network security issues?

"In the face of new security challenges, we have no choice but to adopt new security technologies. We call new security technologies data-driven intrinsic security." Qi Xiangdong said that the current protection methods of the Industrial Internet are diverse, and it is necessary to find a methodology that keeps pace with the times and a set of effective systems. Therefore, Qi'anxin proposed an intrinsic security system.

Qi Xiangdong said that endogenous security, through the data-driven "one center and five filters" system, gets rid of local and external factors and realizes the endogenous integration of network security capabilities and information environment.

Hu Houkun believes that the security issues of 5G+Industrial Internet require all parties to prepare for the rainy day and pay great attention to it. At this stage, it is necessary to build a security system and accelerate the upgrade of the security architecture of various industries. Through these two aspects, we can strengthen the close cooperation of the industrial chain, clarify the boundaries, break down the barriers, and jointly create the security guarantee of the Industrial Internet.

"The Internet security issue is an international issue that requires strengthening international cooperation to maintain a common global Internet security ecosystem. It is an important proposition that countries, societies, enterprises and even individuals cannot avoid. It requires all fields and every individual to work together to build a large Internet security ecosystem. Developing the network security industry is an urgent task." Wu Hequan elaborated his views from an international perspective.

Specifically, regarding the network security incident of Vodafone a few days ago, it is reported that the network problem was caused by the "failure of control equipment" deployed in Munich, Frankfurt and Berlin. According to the report description, industry insiders inferred that there was a serious failure in the core network control plane.

Regarding how to ensure the reliability of the 5G core network, it is reported that the industry has solutions in terms of network element-level disaster recovery (improving VNF reliability), single data center (DC) content disaster recovery (such as hardware/resource pool/multi-availability zone/etc. IT-level disaster recovery and non-IT-level disaster recovery such as computer room/machine building), and cross-DC disaster recovery. At present, there are still two obvious problems: insufficient software capabilities and insufficient cross-DC disaster recovery.

Industry insiders believe that from the perspective of software capabilities, development towards statelessness, stronger databases, microservices, more robust VNF ​​networking and deployment architecture can achieve elastic scaling and improve the reliability and availability of telecommunications-grade services.

In fact, since 2019, the establishment of a sound cybersecurity system has also been actively promoted. On June 18, the Ministry of Industry and Information Technology announced the "Regulations on Cybersecurity Vulnerability Management (Draft for Comments)"; on June 25, the "Draft Cryptography Law" was also submitted to the Standing Committee of the National People's Congress for initial deliberation.

Recently, Liu Liehong, Vice Minister of the Ministry of Industry and Information Technology, said that China will make a good "14th Five-Year Plan" for the development of the information and communications industry, focus on prominent issues facing security development, speed up the formulation of the "Opinions on Promoting High-Quality Development of Network Security", and issue a number of major policies such as the "5G Security Guidelines" as soon as possible, and implement a number of major projects such as the innovative development of industrial Internet security.