Lattice Blog


Building a Secure 5G+ Future Through Collaboration and Trust Requirements

Building a Secure 5G+ Future Through Collaboration and Trust Requirements
Posted 07/14/2023 by Eric Sivertson, VP of Security Business and Mamta Gupta, Director of Marketing Security & Comms Segment

Posted in

5G is the fastest-growing mobile technology of all time and due to its rapid growth, we’re experiencing a major paradigm shift in in the way telecom networks are designed and implemented for addressing use cases such as robotics, connected cars, smart factories and cities, and Metaverse experiences.

Lattice hosted its quarterly security seminar with ADI and NXP to discuss the challenges, opportunities, and latest hardware security solutions for the global telecommunications industry, as the industry shifts away from the classic citadel model of security - where everything outside the perimeter is bad, and everything on the inside is safe, and access is controlled by trusted humans and strong authentication protocols – towards open and disaggregated network architecture driven by Open Radio Access Network (ORAN). This new model is more flexible and open, but due to its nature of highly decentralized and distributed networks, it’s also more exposed, vulnerable, and easy to exploit. This means there is a greater attack surface, which demands enhanced cyber resiliency to protect, detect, and recover in real time. Due to this need for enhanced security, we’re seeing more governing bodies in the U.S. and in Europe step in to provide regulations and requirements that ensure data and information is safe and secure.

A New Regulatory Environment

With more threats leading to a greater need for security, telecom infrastructure has become a larger part of critical infrastructure. Governing bodies – like the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) in the U.S. and the European Union Agency for Cybersecurity (ENISA) in Europe – are more involved than ever to protect national security and safeguard citizens. They are enshrining strict security requirements in executive orders and legislations – like the EO14208 in the U.S. and Cyber Security Act in Europe.

Several aspects are seeing increased consideration and requirements around:

  • Cyber Resilience & Zero Trust Security: As the citadel model breaks down and 5G continues to grow, anyone can be a bad actor and perimeters are no longer safe. Cyber resilient technologies employing Zero Trust security is becoming more integral to protecting networks, ensuring that identities are checked at every point in the process.
  • Supply Chain Regulations: As third parties continue to introduce Trojan Horse Viruses into companies in the supply chain, it’s more important than ever that we define and implement supply chain resilience regulations to protect critical infrastructure from being impacted.
  • Confidentiality and Integrity Security: Since data passes through a variety of control and user planes, establishing Root of Trust (RoT) hardware to guarantee devices are trusted and secure is paramount.
  • Quantum Computers and Post-Quantum Cryptography (PQC): Quantum computers are not generations away but, rather, just a few years down the line. Since they will compromise the traditional asymmetric cryptography, they pose a major security threat. It’s necessary for developers to think seriously about their impact and the new PQC requirements that are emerging now. The concept of ‘Steal Now, Decrypt Later’ is very real and putting pressure on the need for PQC solutions today. In fact, the Commercial National Security Algorithm (CSNA) timeline of upgrading PQ solutions for telecom infrastructure has a short runway left—making it the strictest regulation, with a clear timeline that is driving action in the market.
  • Implementation Regulations: While legislative bodies have previously stayed away from specifying regulations for security in the infrastructure, now they’re playing a bigger role. Implementation regulations, like Zero Trust security are becoming more common and better enforced.

These regulations, while they may seem daunting, will drive the much-needed adoption of cybersecurity and will enhance cyber resiliency.

Collaboration is the Key to Building a Secure Future

As these regulations and standards are changing quickly, collaboration fosters greater flexibility and agility. In the past, business leaders questioned the cost of security, but now there’s a huge convergence and buy-in since companies and government organizations recognize that a robust and secure infrastructure is critical for the well-being of businesses and nations.

More importantly, collaboration is key to ensuring all perspectives are heard and common interfaces and protocols are integrated into solutions. Cross-company alliances are a great way to help interpret and define requirements, and ensure that you’re not inadvertently creating incompatibilities as various pieces of the network come together.

For example, in previous generations, ORAN Distributed Unit (ODU) and ORAN Radio Unit (ORUs) were in one location together and would have a joint security measure in a controlled environment. Now, ODUs can connect to multiple ORUs, regardless of location. Due to this decentralization, it’s imperative that there are standalone security architectures in place that authenticate communication between ODUs and ORUs.

Further, cross company collaboration ensures that functionality, interfaces, and authentication work together in a standard and cohesive way. Industry ecosystems are bringing together various individuals to ensure security is being implemented without creating “fault lines” at the interfaces in major ways. Through collaboration, they’re able to standardize what needs to be protected at a high level while also outlining aspects of implementation and testing that are most important to create a secure system. O-RAN, 3GPP, and TIP are all engaged in defining these requirements and standards for the secure telecommunication networks and for complying with the regulations coming from various government agencies.

Developers are encouraged to build with RoT and Zero Trust models as they’re the preferred security methods, and they should also stay tuned in to PQC to keep up with the changing environment. Additionally, companies should tap into collaboration to drive success in this ever-changing and complex environment.

That’s why FPGAs (Field Programmable Gate Arrays) are such an important part of so many of these types of immensely complex efforts. Their inherent ability to be programmed and re-programmed to provide certain key functions makes them uniquely suited to fit the specific and demanding needs that so many advanced technologies require.

To learn more about the growing need for secure solutions in the telecommunication industry and the Lattice ORAN solution stack, reach out to the team at Lattice.