U.S. government proposals spell out 5G security advancements – CSO Online

By
CSO |
Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “[It] was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric Goldstein, executive assistant director for the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said. CISA and its partners from the U.S. Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) developed the evaluation process.
“The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies,” Goldstein said. “As the nation’s cyber defense agency, CISA views a repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations. Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.”
The goal of the evaluation process is to allow the federal government to better understand and prepare for the security and resilience of any 5G network deployment before. Specifically, the agencies seek to get ahead of the curve before any federal office conducts a security assessment to obtain authorization to operate (ATO).
A study group across CISA, the National Institute of Standards and Technology (NIST), and the MITRE Corporation was assembled to “investigate how 5G may introduce unique challenges to the traditional ATO process defined in security assessment processes and frameworks such as [NIST’s] Risk Management Framework (RMF).”
The five steps recommended by the group are:
CISA’s 5G security evaluation process release follows NIST’s National Cybersecurity Center of Excellence (NCCoE) publication of portions of a preliminary draft practice guide, “5G Cybersecurity.” The NCCoE says that its “proposed solution contains approaches that organizations can use to better secure 5G networks through a combination of 5G security features and third-party security controls.” NIST vetted the approaches with a wide range of industry partners in a consortium that included AT&T, Intel, Nokia, T-Mobile, and Palo Alto Networks, among other leading telecom and security contributors.
Like CISA’s Evaluation Process Investigation, the NCCoE publication stresses the challenges inherent in the new and evolving nature of 5G technologies. “5G is at a transition point where the technologies are simultaneously being specified in standards bodies, implemented by equipment vendors, deployed by network operators, and adopted by consumers,” NIST’s preliminary draft practice guide states.
The real challenge from NIST’s perspective is that while prevailing 5G standards address interoperable interfaces between 5G components, they do not address the underlying information technology components that support and operate the 5G system. This absence makes it difficult for organizations that plan to leverage 5G to feel confident in their security approaches.
For this reason, the NCCoE is collaborating with 5G and cybersecurity technology providers to develop an example solution that leverages a trusted and secure cloud-native hosting infrastructure. The project’s first phase will also showcase how 5G security features can address known security challenges found in previous generations of cellular networks such as Long-Term Evolution (LTE).
The NCCoE project focuses on a typical implementation of a secure 5G standalone deployment designed around two focus areas:
Future phases of the project would include “an expanded focus on security for 5G-specific use cases. Possible examples of these focus areas are network slicing security, roaming security, and 5G edge computing.” Both CISA and NIST are inviting public comments on their proposals. The deadline for submitting comments to either agency is June 27.
[ Learn the must-have features in a modern network security architecture and the 7 tenets of zero trust. | Get the latest from CSO by signing up for our newsletters. ]
Copyright © 2022 IDG Communications, Inc.
Copyright © 2022 IDG Communications, Inc.

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported