Excerpt from Jen's presentation at ISSA Cyber Executive Forum
Last month, I delivered a whirlwind of a presentation hitting on today's and tomorrow's top network security trends CISOs should know about. The full content covered security trends in 3 areas: 1) Wireless, 2) Secure Edge, and 3) Operations. Today we're looking at the high level wireless security topics, and I'm just going to cover three so this doesn't turn in to a novel.
1. WiFi WPA3
WiFi Protected Access (WPA) 3 is the latest evolution of security for 802.11 wireless LANs (the normal wireless standard we use daily). It's the first major security enhancement in over a decade, which is stunningly embarrassing in an industry where vulnerabilities and new attacks emerge daily. With the updates, we'll see enhanced cryptography protocols (including the addition of elliptic curve), much better downgrade attack protection, support for unauthenticated encryption (meaning encrypting guest portals and such), as well as an upgrade to the operation of what's currently known as pre-shared key (PSK), via a new protocol called simultaneous authentication of equals (SAE).
There's a lot to know when planning a WPA3-enabled network so we'll dive in to this more at a later date. For now, know that this is out, it's available, it's supported in your enterprise WiFi infrastructure, and your organization should be ensuring new endpoints (especially headless/IoT devices) support this.
- For the network and WiFi architects, we'll be providing additional guidance on how to properly architect with these new features for the greatest security benefit and to meet compliance requirements.
2. WiFi 6E
Usually referred to as WiFi 6 "extended" or "enhanced" (not a real name, just a pet name we gave it), WiFi 6E is WiFi 6th generation (802.11ax technology) over the newly-opened 6GHz spectrum. We can barely keep up with all the WiFi terms, so I'm not going to assume any knowledge here. To put it in perspective, for decades, we've been using WiFi over 2.4GHz and 5GHz spectrum. The road to opening additional spectrum (in this case 6GHz) for unlicensed use has been a multi-year escapade for the WiFi industry and the FCC. Radio frequency changes in our WiFi infrastructure and endpoints are hardware (not software) changes. The benefit will be more security (through force), support for higher density of devices, and ultimately the ability to increase throughput.
Even though WiFi 6E is an 'extension' of WiFi 6, there will be mandatory security features and removal of support for many deprecated features commonly used today in WiFi 6 (802.11ax) networks.
Because it's a hardware upgrade, organizations interested in this technology should be sure to procure WiFi infrastructure and endpoints with radios that support 6GHz. If you're not sure if WiFi 6E is something you should be looking at, drop us a note and we can help.
Our tools for monitoring and securing WiFi over the air will also need an upgrade, so set aside budget for re-tooling and training for your teams.
And to further complicate things, use of the new spectrum and additional radios will also mean organizations should be investing in edge switching products that support the latest power over Ethernet standards (these puppies will need the juice) as well as multi-gig Ethernet ports (the higher data throughput supported will oversubscribe 1Gbps edge ports).
3. CBRS and Private LTE/Private 5G
This is a pretty cool one, because of the myriad use cases that can help organizations of all sizes and industries. Private LTE/5G is simply the use of cellular RF technology for private use. So, it would be like having a cellular network that's used and managed just like your regular WiFi - except with added security. Your data doesn't traverse a carrier (unless that's your chosen egress) and you own and manage the hardware, typically through a coordinated cloud platform.
CBRS is probably exactly what you think it is - Citizen Broadband Radio Service. It's just that in the Private LTE world here in the U.S. that's the radio spectrum we chose to use. We refer to it as band 48, and it's in the 3+GHz range between our traditional WiFi of 2.4 and 5GHz. Private LTE technology gives users a WiFi-like user experience with the benefits of cellular-- specifically enhanced security through SIM/eSIM, coverage over much longer distances, support for higher density, and a much greater resiliency of signal (virtually no interference as we have with WiFi).
CBRS/Private LTE/5G should be on every CIO's/CISO's radar because of the volume of use cases and problems it can solve in today's digital transformation projects and the enhanced security it can provide for IoT.
This technology has several real-world case studies from connectivity for critical devices in hospitals, to sensitive OT devices, public venues, municipal wireless in rural communities (by towns and schools), and the list goes on.
A lot of devices come with Private LTE support. In addition to mobile phones and tablets, many handheld scanners, OT and IoT devices and sensors and even laptops support Private LTE. And that list is growing.