The option of Private 5G lets private companies and local governments have their own telecom infrastructures. However, the "democratization of communications" entails its own risks that have not yet been made clear. To identify these risks, Trend Micro performed tests using an environment modeled after a steelworks with 5G equipment. In this fourth and final installment, we discuss the essential security measures for user companies with Private 5G infrastructure.

In the previous article, we looked at the potential penetration routes that arise when migrating to an open Private 5G system. We also discussed the possibility for an attacker to physically damage a manufacturing site by infiltrating the user plane that deals with user data and then performing a man-in-the-middle attack. In light of this, system administrators and security officers should take action at their organizations to address the security risks in CT (Communication Technology) identified in this test, on top of conventional IT and OT security.

Looking at things from the attacker's perspective

When thinking about defense, it is vital to think from the attacker's perspective. In other words, effective measures can be designed by understanding why an attacker would make the effort of targeting the core network. As we have discussed earlier, the core network is the foundation that handles information and that has a direct impact on the confidentiality, integrity, and availability of manufacturing processes (Fig. 1). As such, this system provides many attack options for malicious actors, such as stealing information or causing damage.

Attachments

  • Original document
  • Permalink

Disclaimer

Trend Micro Inc. published this content on 12 November 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 15 November 2021 21:38:51 UTC.