Security Aspects of 5G for Industrial Networks

5G security as an integral part of secure industrial operations.

Intro

Executive Summary

5G is an enabler of both telecommunications and industrial use cases. The security requirements of telecommunications networks are well defined and have been widely published. This white paper concentrates on the security needs of industrial networks. Drawing on the use cases and network deployment models already developed within 5G-ACIA and other organizations,

The paper focuses on the security requirements of operational technology (OT) companies, the current OT security frameworks and standards utilized and how 5G security features would complement the existing OT security toolbox.

The paper concludes with an outlook that security requires a holistic approach where industrial network security is achieved through secure deployment and operation of networks as much as their secure specification and  implementation. Hence, benefiting from the ongoing cooperation between OT companies and ICT companies, as exemplified through the work of 5G-ACIA.

Key messages

Insight and Vision

Security requirements of public mobile telecommunication networks (public land mobile networks, PLMNs) have been extensively worked on, and the associated security features and functions have been specified by 3GPP as part of its standardization process for 5G and its predecessors…

  • OT networks are traditionally physically isolated
  • Strict perimeter protection and access control are used
  • Confidentiality of processes, operational data, users and equipment are paramount
  • Data flows to the outside are restricted (usually, only for maintenance)
  • Sensitivity to physical layer jamming
  • Within a single perimeter, a single trust domain of users, processes, data and equipment is maintained and 5G telco operator would not be part of this trust domain
  • Higher layer, E2E encryption & integrity protection is used
  • State-of-the-art authentication mechanisms, as well as secure hardware components for credentials storage & processing generally not used
  • Regulatory compliance and associated certifications are major business imperatives
  • Brown-field OT networks: equipment and processes with long lifecycles, brings the need to maintain interoperability between legacy OT and 5G security mechanisms.

OPC-UA Framework (IEC 62541) provides E2E security, agnostic to the underlying communication system and includes cryptographic protocols, certificate management, transport & application layer security. It helps establish defense-in-depth as an OT strategy where security features from 5G and other networking technologies would integrate with.

A 3GPP defined, highly isolated, 5G Standalone NPN (SNPN), with trust domains similar to legacy OT deployments, flexible authentication methods and credentials management as well as low effort for OT network regulatory compliance, would be a close match to isolated, legacy OT networks.
In addition to the 3GPP-defined 5G security toolbox, establishment of implementation guidelines, best practices and security profiles play a key role in building operational security in industrial 5G networks.

Presentation by the experts during the Hannover Fair 2021

conclusion

Retrospect and Outlook

3GPP 5G security features generally provide robust support for OT network deployments. These security features together form a toolbox that allows OT companies to address the varying security risks of the multiple OT 5G  deployment scenarios described in this paper.

The OT domain is characterized by the interdependence of companies with various industry roles, such as manufacturers, integrators and operators.

The 5G security toolbox may be used differently by each of these. Additionally, as much as technology specifications and requirements, the OT field is characterized by operational and implementation-related requirements specific to each field deployment. IEC 62443 standards and OPC-UA framework provide a good basis for 5G security features to integrate with. It has been demonstrated that 5G security features form a toolbox that both OT and PLMN operators can use to manage the risks in the OT networks of the future.

Download

We have awoken your interest?

Do you want to learn more about this future-oriented topic? Please download or share the 5G-ACIA white paper as a PDF file.

Relevant white papers

5G-ACIA_WP063_IndustrialSidelink_Covervisual_blue_1920x1080
Using 5G sidelink in industrial factory applications
The aim of this 5G-ACIA white paper is to identify and understand uses for 5G sidelink in industrial factory and...
5G-ACIA_Whitepaper_CoverGraphics_Requirements_Blue_1920x1080
Key 5G Use Cases and Requirements
5G-ACIA_Whitepaper_CoverGraphics_TrafficModel_Blue_1920x1080
A 5G Traffic Model for Industrial Use Cases
5G-ACIA_Whitepaper_CoverGraphics_Ethernet_Blue_1920x1080
Integration of Industrial Ethernet Networks with 5G Networks
5G-ACIA_Whitepaper_CoverGraphics_Testing_Blue_1920x1080
Selected Testing and Validation Considerations for Industrial Communication with 5G Technologies
5G-ACIA_Whitepaper_CoverGraphics_NonPublicNetwork_Blue_1920x1080
5G Non-Public Networks for Industrial Scenarios
5G-ACIA_Whitepaper_CoverGraphics_5G_2nd_1920x1080_Blue
5G for Connected Industries and Automation (Second Edition)
WP_Cover_5G_for_Automation_in_Industry
5G for Automation in Industry