Marek’s Take: Network slicing is a security nightmare for operators

Marek's take

Visionaries talk about the transformative nature of 5G and how this next-generation network technology will connect everything from automobiles to factories to energy grids.

To make that vision a reality, carriers need to deploy more sophisticated network technologies like network slicing, which is expected to happen as 5G becomes more prevalent and network footprints become larger. Most experts predict we’ll see network slicing commercially available in some 5G networks in the next two or three years.

Network slicing allows operators to partition the network into segments for certain use cases. Each of those network segments can be customized, but they will likely use some underlying common network infrastructure. That’s what makes network slicing so compelling. Instead of having to deploy multiple networks, an operator can just slice and dice up its existing network to allow for different use cases. For example, a network slice could be used for a mobile virtual network operator (MVNO), or a slice could be used for an enterprise or an Internet of Things application.

RELATED: AT&T and Ericsson use ONAP for network slicing

But making network slicing a reality is no easy task. And making sure every network slice is secure will be even harder.

“Even if you put security to one side, operationalizing network slicing with any kind of agility, at any kind of scale, is going to be very complex. When you then add in the security requirements — as you have to — that adds yet more complexity,” said Patrick Donegan, founder and principal analyst with HardenStance.

And 5G networks alone have more security challenges than 3G and 4G networks. John Wick, senior vice president and general manager of Syniverse’s service provider business group, said that 5G uses a whole new signaling protocol, which means that 5G networks connect to each other in a very different way than 4G networks connect to each other.

For example, in a 5G network the typical “trusted relationship” that happens when one core network connects to another, actually happens with each network function. “The security edge protection proxy (SEPP) is the traffic cop that is aware of all the network functions,” Wick explained. And each network function has a very large number of secured trusted relationships that have to be up and running continuously.

Now imagine that scenario amplified several times for each network slice. Wick said that with network slicing a single network function that is running across a network is now divided up among all the network slices and all of those have to be secure.

Plus, Wick said that each network slice will have to have some type of device authentication so that devices that are intended for one network slice are approved but prevented from running on another slice.

Blurred lines

But it’s unclear which entity will ultimately be responsible for the security of a network slice. Will it be the underlying operator? Or the enterprise/MVNO that is operating the slice?

Wick said that these issues are being discussed right now, but there is no clear answer. And it may differ from one operator to another.

Donegan noted, however, that there are new players entering the space that see network slicing as an opportunity. For example, cloud providers may be able to offer a solution to this complex undertaking. “Oracle is an example of a cloud provider that thinks it can show the telcos a clean pair of heels when it comes to building its own 5G core components and driving 5G network slicing off of that,” Donegan said. “Let’s see if they really can operationalize what the standards bodies are handing down any better than the telcos can themselves.”

But will operators want to hand over something as important as this to a cloud provider? They might not have a choice. Security is critical, and networks are increasingly complex. And as telecom networks start to mesh with enterprises, it may just be the perfect opportunity for these enterprise-focused firms to enter the telecom network fray.