Peter A Clarke

The National Institute of Standards and Technology has released a preliminary draft guide on ensuring the transference from 4G to 5G is managed properly managed, in particular dealing with adequate cyber and cloud security and privacy protections.

As to be expected, this 83 page document is highly technical however it is a valuable asset for those practising in the privacy and cyber security space.

The Abstract provides:

Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and usage lack standards and guidance, making it more challenging for 5G network operators and users to know what needs to be done and how it can be accomplished. To address these challenges, the NCCoE is collaborating with technology providers to develop example solution approaches for securing 5G networks. This NIST Cybersecurity Practice Guide explains how a combination of 5G security features and third-party security controls can be used to implement the security capabilities organizations need to safeguard their 5G network usage.

It defies easy summation.

In the broad the proposed solution is:

• the first phase will involve demonstrating a 5G standalone (SA) network deployment that operates on and leverages a trusted and secure cloud-native hosting.  This  will demonstrate how cloud technologies can provide foundational security features outside the scope of the 3^rd Generation Partnership Project, show how 5G security features can be utilized to address known security challenges found in previous generations of cellular networks such as Long-Term Evolution (LTE) and demonstrate how commercial products can leverage cybersecurity standards and recommended practices for different 5G use
• this project is focused on the security characteristics of 5G SA Telecom carriers have started or are planning to incorporate 5G SA.
• The solution will be designed around two focus areas:
  • Infrastructure Security Focus Area.   This concentrates on the trusted and secure cloud resources required to operate a modern mobile network, specifically the supporting infrastructure’s cybersecurity. The objective is to provide a trusted infrastructure to support the 5G Core Network functions, radio access network (RAN) components, and associated Since security for the underlying infrastructure is not within the scope of 3GPP specifications, this focus area is included in the project to provide a trusted platform and holistic security reference architecture for a complete 5G.
  • The 5G Standalone Security Focus Area. This deploys a 5G SA network to enable the foundational configuration of the 5G Core’s security features in a manner that demonstrates the cybersecurity capabilities available in a 5G SA. It will demonstrate how security capabilities can be used for continuous monitoring of 5G traffic on both signaling and data layers to detect and prevent cybersecurity attacks.
• The initial deployment will include classical RAN components, potentially leveraging virtualized and desegregated RAN components in the future depending on the availability of commercial technology and collaborator contributions.

The touted benefits are:

• The components of the 5G network will be less susceptible to cyber attacks and will provide better attack visibility, detection, and control, which will reduce risk, lower the likelihood of an incident occurring, and expedite
• The 5G network’s supporting infrastructure will be more resistant to compromise and provide more visibility into the trust status of the underlying
• The contents of 5G communications will be safeguarded from eavesdropping and tampering, and the privacy of 5G users will also be
• The demonstrated practices can play an important role as your organization embarks on a journey to zero