National Cybersecurity Center of Excellence (NCCoE) announced the selection of a California-based cybersecurity company as a technology partner in the 5G Cybersecurity project. They will work alongside other industry-leading collaborators to identify key 5G use cases and demonstrate how 5G architectures, including cloud-based architectures, can be effectively secured.
NCCoE, a division of The United States National Institute of Standards and Technology (NIST) is a public-private collaborative hub that brings together industry, government and academia to solve government and businesses’ most pressing cybersecurity challenges. NIST’S NCCoE published the Executive Summary (Volume A) of a three-part 5G Security Practice Guide, a significant milestone in ensuring higher cybersecurity standards as the U.S. and the world transition to 5G.
As part of the ongoing effort, the company is providing Next-Generation Firewalls to create an industry-standard reference architecture that demonstrates how organisations can meet the unique cybersecurity requirements of 5G and next-generation networks.
A secure transition to 5G is key to enabling digital transformation across many industries, such as healthcare, business-critical IoT, critical infrastructure, government, financial services and service provider. While 5G networks have the potential to massively transform those industries, with the ability to provide a higher volume of data at faster speeds, their hyper-connected capability can also open the door to new security vulnerabilities and threat vectors.
Existing security practices and legacy solutions won’t meet the needs of the new requirements; this challenge requires enterprise-grade cybersecurity protections. Organisations need confidence that 5G networks and services have enterprise-grade security with granular visibility and control across all layers and at key locations of the network.
To help keep networks, services and endpoints safe against evolving threats, the company also launched the industry’s first 5G-native security offering, with real-time, automated cloud-delivered threat intelligence powered by machine learning. This offering helps detect and correlate real-time attacks, threats and vulnerabilities through automatic and intelligent security enforcements and dynamic 5G slice security.
Considering the significance of 5G architectures to many industries, governments also need to mitigate and calculate its risks. As reported by OpenGov Asia, Cybersecurity and Infrastructure Security Agency (CISA) collaborates with the National Security Agency (NSA) and the Office of the Director of National Intelligence to outline the risks to 5G that threaten national and economic security and could impact other national and global interests. They released a paper titled Potential Threat Vectors to 5G Infrastructure. This paper identifies and assesses risks and vulnerabilities introduced by 5G.
The report identifies three main potential threat vectors to 5G networks: policy and standards, supply chain and 5G systems architecture. The 5G Threat Model Working Panel first reviewed existing work to find and compile an aggregated list of known and potential threats. The panel then identified and developed sample scenarios of where 5G may be adopted, and assessed the associated risks to 5G core technologies.
The foundation of the 5G infrastructure is open, transparent and consensus-driven policies and standards, which will drive the design and architecture of new technologies, such as autonomous vehicles, edge computing and telemedicine. International standards and policies must be open, transparent, and consensus-driven.
Within the threats to policies and standards category are two sub-threat vectors: open standards and optional controls. If standards are not open, they may include unique, untrusted technologies and equipment, and such propriety tech could limit competition and interoperability.
There are also risks associated with the development of standards, where standard bodies may develop optional controls, which are not implemented by operators. By not implementing these subjective security measures, operators could introduce gaps in the network and open the door for malicious threat actors.
The second vector, supply-chain risk refers to efforts by threat actors to exploit information and communications technologies (ICTs) and their related supply chains for purposes of espionage, sabotage, foreign interference, and criminal activity. The 5G supply chain is particularly vulnerable because of the rush to get devices to market and the potential for counterfeit components. Finally, systems architectures are at risk because both legacy and new vulnerabilities may be exploited by malicious actors even though IT and communication firms are enhancing security with 5G.