Challenges for 5G operators
To help deliver the full 5G promise to enterprises and users, trust is increasingly perceived as a pervasive transversal factor added to a mandatory trust-by-design virtualized 5G architecture.
But a certain number of legal and security concerns arise:
- User privacy management is nowadays increasingly seen as crucial in a digitalized society. This reality hurts mobile operators most dear to them concerning their relationship with their users: reputation and, thus, trust. In particular, mobile subscriber identity is at stake (i.e., International Mobile Subscriber Identity, aka IMSI, used to identify the user of a mobile network and a unique identification associated with all mobile networks): thanks to IMSI catcher equipment, IMSIs can be easily misused to locate, trace individuals and collect data. → Definition: An IMSI catcher (or Stingray) is an intrusive technology that acts as a false base station to locate and track all mobile phones switched on in a particular area. It does this by ‘pretending’ to be a mobile phone tower – tricking your phone into connecting to the IMSI catcher and then revealing your personal details without your knowledge. Source: Privacy International.The complete anonymization of the end-to-end subscriber identity is required (i.e., from mobile equipment to core network): it can be imposed on mobile operators by stringent regulations (e.g., GDPR, ePrivacy Regulation, aka ePR) or implemented by mobile operators as part of their own security policy or strategy.
- On November 6, 2020, the GSMA and ETNO (European Telecommunications Network Operators’ Association) issued a joint telecoms industry letter on the ePrivacy Regulation. Sent to EU national ministries and the Member States’ Permanent Representations to the EU, it aims to reaffirm the importance of such a regulation, mainly supporting the pseudonymized metadata process.
- Current mobile security architectures mainly rely on the secrecy of mobile operators’ network authentication elements (i.e., the operator’s network access authentication algorithm and long-term secret-key credentials used for mutual authentication of users onto their mobile networks). Such information can be unexpectedly exposed via hacking attacks (e.g., state intelligence agencies or other actors) or accidental breaches during exchanges between mobile operators and their providers. This vulnerability can sometimes lead to communication spying, SIM cloning, and other unwanted activities. Should the mobile operator believe this sensitive data is compromised or is suspected of being compromised, it can be forced to change its network authentication algorithm and physically replace end-users SIM cards. Such actions are damaging to the user experience. They result in SIM card renewal costs, eventually leading to a loss of trust and the mobile operator’s reputation. Hence mobile operators must maintain a cyber-resilient environment in case of an attack by restoring a trusted security level over the entire SIM lifecycle.
- Enterprises are meant to be the primary beneficiaries of 5G. Mobile operators will leverage 5G virtualization and network slicing to provide tailored connectivity Service Level Requirements to enterprises. But in a post-COVID-19 era, companies’ data integrity and confidentiality are increasingly at threat – and thus must be ensured.
Then 5G roaming is on the agenda too.
While travelling abroad, 5G users -particularly the early 5G adopters- logically expect to continue to roam on other 5G networks.
They would not understand that they could be connected to a 3G or 4G network while roaming, thus losing the 5G enhanced mobile experience.
Mobile operators must ensure that their roaming policy across 5G / 4G and 3G is correctly applied in any country.