Security Aspects of 5G for Industrial Networks
5G is an enabler of both telecommunications and industrial use cases. The security requirements of telecommunications networks are well defined and have been widely published. This white paper concentrates on the security needs of industrial networks. Drawing on the use cases and network deployment models already developed within 5G-ACIA and other organizations,
The paper focuses on the security requirements of operational technology (OT) companies, the current OT security frameworks and standards utilized and how 5G security features would complement the existing OT security toolbox.
The paper concludes with an outlook that security requires a holistic approach where industrial network security is achieved through secure deployment and operation of networks as much as their secure specification and implementation. Hence, benefiting from the ongoing cooperation between OT companies and ICT companies, as exemplified through the work of 5G-ACIA.
Insight and Vision
Security requirements of public mobile telecommunication networks (public land mobile networks, PLMNs) have been extensively worked on, and the associated security features and functions have been specified by 3GPP as part of its standardization process for 5G and its predecessors…
- OT networks are traditionally physically isolated
- Strict perimeter protection and access control are used
- Confidentiality of processes, operational data, users and equipment are paramount
- Data flows to the outside are restricted (usually, only for maintenance)
- Sensitivity to physical layer jamming
- Within a single perimeter, a single trust domain of users, processes, data and equipment is maintained and 5G telco operator would not be part of this trust domain
- Higher layer, E2E encryption & integrity protection is used
- State-of-the-art authentication mechanisms, as well as secure hardware components for credentials storage & processing generally not used
- Regulatory compliance and associated certifications are major business imperatives
- Brown-field OT networks: equipment and processes with long lifecycles, brings the need to maintain interoperability between legacy OT and 5G security mechanisms.
A 3GPP defined, highly isolated, 5G Standalone NPN (SNPN), with trust domains similar to legacy OT deployments, flexible authentication methods and credentials management as well as low effort for OT network regulatory compliance, would be a close match to isolated, legacy OT networks.
In addition to the 3GPP-defined 5G security toolbox, establishment of implementation guidelines, best practices and security profiles play a key role in building operational security in industrial 5G networks.
Presentation by the experts during the Hannover Fair 2021
Retrospect and Outlook
3GPP 5G security features generally provide robust support for OT network deployments. These security features together form a toolbox that allows OT companies to address the varying security risks of the multiple OT 5G deployment scenarios described in this paper.
The OT domain is characterized by the interdependence of companies with various industry roles, such as manufacturers, integrators and operators.
The 5G security toolbox may be used differently by each of these. Additionally, as much as technology specifications and requirements, the OT field is characterized by operational and implementation-related requirements specific to each field deployment. IEC 62443 standards and OPC-UA framework provide a good basis for 5G security features to integrate with. It has been demonstrated that 5G security features form a toolbox that both OT and PLMN operators can use to manage the risks in the OT networks of the future.
We have awoken your interest?
Do you want to learn more about this future-oriented topic? Please download or share the 5G-ACIA white paper as a PDF file.