The Enduring Security Framework (ESF) hosted a 5G study group comprised of government and industry experts to explore potential threat vectors and vulnerabilities inherent to 5G infrastructures. The experts then recommended identifying and assessing threats posed to 5G, determining what standards and implementations can achieve a higher baseline of 5G security; and identifying risks inherent to the cloud that affect 5G security.
In support of this task, The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published cybersecurity guidance to securely build and configure cloud infrastructures in support of 5G. “Security Guidance for 5G Cloud Infrastructures”: Prevent and Detect Lateral Movement is the first of a four-part series created by the ESF.
This series provides key cybersecurity guidance to configure 5G cloud infrastructure. Our team examined priority risks so that we could provide useful guidance, disseminated in an actionable way to help implementers protect their infrastructure.
– Natalie Pittore, Chief of ESF in NSA’s Cybersecurity Collaboration Centre
The series builds on the ESF Potential Threat Vectors to 5G Infrastructure analysis paper, which focused specifically on threats, vulnerabilities, and mitigations that apply to the deployment of 5G infrastructures. Based on preliminary analysis and threat assessment, the top 5G cloud infrastructure security challenges were identified by ESF and a four-part series of instructional documents covering those challenges will be released over the next few weeks. Topics include securely isolating network resources; protecting data in transit, in use, and at rest; and ensuring the integrity of the network infrastructure.
Part I focuses on detecting malicious cyber actor activity in 5G clouds to prevent the malicious cyberattack of a single cloud resource from compromising the entire network. The guidance provides recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain the initial access into a 5G cloud system.
This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry. Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.
– Rob Joyce, NSA Cybersecurity Director
Strong and vibrant partnerships are critical to the overall effort to reduce cyber risk. Along with the public and private partners in the ESF, CISA is proud to partner with NSA to present the Security Guidance series for 5G Infrastructure. Protecting 5G cloud infrastructure is a shared responsibility and we encourage 5G providers, operators and customers to review the new guidance.
5G cloud providers, integrators, and network operators share the responsibility to detect and mitigate lateral movement attempts within their 5G cloud infrastructure. This document provides best practices to secure the 5G cloud from specific cyber threats of lateral movement that could compromise a network.
As reported by OpenGov Asia, CISA is asking researchers and entrepreneurs for information on developing a ubiquitous and robust 5G/ Internet-of-Things (IoT) Situational Awareness System (5i SAS). The system must enhance situational awareness of current platforms and identify potentially dangerous 5G components and internet-of-things devices.
Without a way to distinguish normal 5G and IoT conditions from suspicious environments, exploits on personnel or systems could go undetected and cyberattacks would be untraceable. As the introduction of 5G will enable billions of devices connected to the network with direct communication to one another, the development of a 5i SAS capability essential
Although the request for the technology has been made on behalf of CISA, other federal and state, local, tribal and territorial governments may need to use it. If enough 5i SAS devices are issued, they could not only detect unhealthy/insecure situations, they could also triangulate the physical location of suspicious IoT and 5G devices, or jamming sources or anomalous network behaviour.