Sunil Lingayat leads the cybersecurity strategy architecture and cybersecurity technology functions for T-Mobile and is responsible for driving next generation cyber strategies and capabilities and positioning products and services into an effective cyber resilience posture. The Big 5G Event team interviewed Sunil ahead of the event to gain a sneak peek of what we can expect at our upcoming conference.

What are the unique security requirements for 5G networks?

At a high level there are two primary reasons that are driving unique security requirements for 5G networks.  First is the use of COTS technologies and open architectures, distributed architectures, disaggregation at various layers of the stack, open service-based architecture (HTTP2/JSON), etc.  Second the exponential growth in number of devices (e.g. IoT), higher business value use cases, need for privacy-by-design, need for Safety, Low latency, order of magnitude higher throughout, etc.  Both of these aspects lead to (a) increased attack surface, (2) susceptible to a broader and established attacks and exploits, and higher tier threat actors, and more importantly (3) traditional security architectures and controls will not work, etc ….all contributing to unique security requirements for 5G in comparison to earlier networks – such as requirement for use case driven security, layered security, security automation, and cyber resilience.

What will be the unique security considerations for specialized 5G use cases?

As per ITU, 5G is expected to support three different families of use cases with somewhat conflicting requirements on a couple of dimensions such as latency, integrity, etc.  These are driving the need for slicing or network of networks architecture.  Within each use case type, there is also the dimension of privacy.  Some use cases requiring very stringent privacy e.g., HIPPA.  Whereas some use cases integrity and latency are critical.  It is important that security controls are geared towards each use case.  One size fits all will not work as it will make services very expensive, fragile, and in effect non-operational.

How can a dynamic security architecture be ensured for each network slice?

Software-defined security (SDS) becomes very important for achieving dynamic security. Security orchestration integrated with service orchestration is essential. Security function virtualization is another approach aligned with the VNF and NFVi architectures. All of this need automation at scale from the very beginning in the architecture.  Machine Learning and AI have to be incorporated and fine-tuned for “whitelist” security model and behaviour monitoring.

How can service providers adequately support NFV/SDN security requirements

Virtualization is not new as a technology.  Much innovation and lessons learned in the cloud industry.  Cyber 2.0 cyber resilience design principles like Autonomic security, least privilege, privilege escalation, dynamic alignment, dynamic positioning, etc have to be designed in. Adoption of de-perimeterized security strategy and architecture is crucial so security is not tied to the perimeter or zone.  Security has to be dynamic.  In fact, SDN/NFV can be effectively used to enhance traditional static (host and network-based) security positively and make 5G services cyber-resilient.

You can come face to face with Sunil Lingayat, Chief of Cyber Strategy and Technology at T-Mobile this year at the Big 5G Event this May 6-8 2019 in Denver, CO.