What to watch with 5G network security

This audio is generated automatically. Please let us know if you have any comments.

Carriers and 5G vendors have long argued that the latest generation of wireless network architecture offers security improvements over 4G. However, it also introduces new features and services that extend the threat surface to systems previously untouched by wireless networks.

Efforts such as the virtualization of radio access networks and a push toward open interfaces, allowing operators to integrate a wider pool of vendor software and equipment, further complicate risk assessments.

The network architecture also allows carriers to provide network slicing across shared physical infrastructure, private networks, and mobile edge computing.

Three years after the first 5G networks went live, the Cybersecurity and Infrastructure Security Agency in May published a five-step security assessment to address these threats, vulnerabilities and supply chain issues faced by businesses and government agencies.

CISA has provided 5G guidelines and configurations that federal agencies should implement to enhance security. It also placed 5G under the Risk Management Framework, a cybersecurity rating system developed by the National Institute of Standards and Technology.

CISOs, especially those working with government agencies on 5G networks, should heed CISA’s guidance to follow zero-trust architecture principles and implement DevSecOps pipelines that integrate infrastructure as than code capabilities, said Ron Westfall, principal analyst and research director at Futurum Research.

“CISOs must adhere just as rigorously to CISA guidelines and could stand out in helping US government risk managers identify the best security assistance programs and best practice assessment frameworks,” a- he declared by e-mail.

CISA effectively sets the bar high by pinning 5G safety ratings to NIST guidelines and aligning with what is generally considered best practice in any industry.

CISOs should follow them as a basis for their own processes, said Michela Menting, research director at ABI Research.

The proposal marks the start of a long evaluation and response by the US government, and it is expected to be continually revised as 5G technology advances and introduces new services that pose additional risks.

“5G is still a nascent technology and full, common, standalone deployment is still a few years away,” Menting said. Today, most 5G networks are anchored to 4G cores, which limits what carriers can deliver.

Standalone 5G networks, which effectively cut the cord with older systems, have not materialized as quickly as expected.

As this happens, 5G carriers intend to deliver advanced services based on cloud-native technologies and software that will extend the network infrastructure to private enterprise networks and applications running at home. periphery.

How the next wave of 5G will be operated and deployed remains unclear, making it difficult to assess safety and assess risk, Menting said. New market players including hyperscalers, cloud service providers, software and application developers, cybersecurity vendors, resellers and system integrators are offering products and services in the world for the first time. telecommunications space.

“The most prevalent security challenge in 5G infrastructure is the significant expansion of the attack surface compared to pre-5G networks,” Westfall said.

Hardware and software disaggregation and a larger vendor pool introduce new threats to virtual machines and container service platforms embedded in the 5G network architecture. This includes 5G core, radio access networks, mobile edge computing, network slicing, virtualization, orchestration and management.

Potential threats cited by CISA include vulnerabilities and malicious code or systems throughout the supply chain that can arise during the procurement and deployment of software and hardware in 5G networks and services.

Kevin M. Risinger