How to Ensure 5G Networks Are Secure
In an April report, the National Cybersecurity Center of Excellence, a part of NIST, note that 5G is going to be a different kind of wireless network technology.
“In previous evolutions of mobile broadband technology, speed and throughput have been the key drivers, but 5G will become a ubiquitous technology, providing new capabilities tailored to specific use case scenarios stemming from industry verticals such as autonomous vehicles, smart manufacturing, and smart cities,” the report notes.
Additionally, 5G networks have a fundamentally different architecture than previous cellular networks, the report adds. Those differences bring elements of enhanced security to the network infrastructure itself. The NCCoE notes that 5G network cores introduce the notion of service-based architecture in cellular networks.
“This modern design is a fundamental shift in how new services are created and how the individual Network Functions (NFs) cooperate,” the report notes. “Not only is the core network decomposed into smaller functional elements, but the communication between these elements is also expected to be more flexible, routed via a common service bus, and almost completely deployed using virtualization and containerization technologies.”
There are other elements of 5G architecture that enhance network security, including subscriber privacy, user plane integrity protection, Centralized Unit/Distributed Unit splits, enhanced authentication and protections provided by native IP-based security protocols, the report notes.
CISA’s 5G strategy document is more operational and lays out strategic initiatives to help secure 5G networks.
Those include supporting 5G policy and standards development by emphasizing security and resilience and expanding situational awareness of 5G supply chain risks and promoting supply chain security measures.
“High-risk vendors and untested components have the potential to increase the susceptibility of the 5G supply chain to unique and complex risks,” CISA notes. “Management of these risks will require timely and actionable 5G supply chain risk management information sharing.”
To defend against these vulnerabilities, CISA will work with the Information and Communications Technology Supply Chain Risk Management Task Force, a public-private supply chain risk management partnership, “to develop a framework for assessing and communicating risks.”