
Could Trump’s Shocking Plan for Gaza Lead Anywhere?
BOTTOM LINE UP FRONT – As President Donald Trump doubles down on his idea of a U.S. takeover of Gaza, Arab governments are also doubling […] More
PRIVATE SECTOR PERSPECTIVE — Fifth-generation (5G) mobile technology will completely transform global telecommunications networks. Billions more devices, sensors, and systems will be connected worldwide. Downloads will be much faster, latency will be much lower, and the capacity to connect more devices to the network will skyrocket. For all its performance advantages, however, 5G will abruptly expand the nation’s cyber attack surface—a potential boon for U.S. adversaries. Recently published federal guidance could help cloud providers and mobile network operators manage emerging risks. The first step is embracing a leading cybersecurity mindset: It’s zero hour for zero trust.
The Authors:
Dr. Kristopher Hall is a Senior Lead Technologist at Booz Allen Hamilton where he leads 5G security efforts. He has more than 23 years of experience in software development, cyber security, and telecommunications with an emphasis in mobile networks.
Matthew Edwards is a Lead Technologist at Booz Allen Hamilton where he works on 5G security efforts as a vulnerability analyst, researching 5G protocols and security vulnerabilities. He has more than 11 years of experience in data analysis, scripting, cyber security, and telecommunications systems.
The zero trust model relentlessly questions the premise that users, devices, and network components deserve to be trusted just because they’re in the network. Zero trust has three core principles: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. This mindset is mandated for the federal government in Executive Order 14028. What’s more, it’s woven throughout the new 5G cloud cybersecurity guidance from the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
The CISA/NSA guidance gives practical advice to service providers and system integrators that build and configure 5G cloud infrastructures. For instance, the four-part series covers preventing and detecting lateral movement—detecting threats in 5G clouds and preventing adversaries from using the compromise of one cloud resource to compromise an entire network. It also covers securely isolating network resources, including securing the container stack that supports the running of virtual network functions (VNFs).
Moreover, organizations looking to bring a zero trust mindset into 5G cloud endpoints and growing multi-cloud environments should leverage insights and existing tools. One example is a new report, published by our company, Booz Allen, Building Mission-Driven 5G Security with Zero Trust, which explains the pillars of zero trust—and how to use them, with governance, to understand the strengths and gaps in current capabilities, and to design actionable plans for improved security. Both the CISA/NSA guidance and the report are informed in part by the federal government’s published assessment of 5G threat vectors.
Embracing zero trust for 5G is a continuous process. Here are four complementary steps that organizations can employ on an ongoing basis to realize zero trust for 5G:
In addition, operators of 5G ecosystems need holistic security that includes zero trust architecture, 5G development, security and operations (DevSecOps), and a 5G workforce, as well as vulnerability research and embedded security.
To be sure, no single document provides a total solution for zero trust in 5G. Even the CISA/NSA guidance notes it does not provide a complete template—but it also stresses the best practices therein can enable significant progress.
With a zero trust mindset, the national security community—and the private sector—can protect highly connected devices and methods of network access. We can prepare today to secure emerging 5G-enabled capabilities. It’s time for organizations to take stock of their challenges and risks and set a path toward zero trust for 5G.
Join the new cyber ecosystem of experts across disciplines as we help bring a better understanding of cyber and technology to national security and business security. Subscribe to The Cyber Initiatives Group (CIG), today. Booz Allen is a Knowledge Partner and sponsor of the CIG.
Related Articles
BOTTOM LINE UP FRONT – As President Donald Trump doubles down on his idea of a U.S. takeover of Gaza, Arab governments are also doubling […] More
EXPERT INTERVIEW – A report from China about a massive new military command center – a complex that, when completed, is expected to be 10 […] More
As the second Trump Administration took office, it found a Middle East landscape that had been transformed dramatically in the last year alone. Nowhere is […] More
BOTTOM LINE UP FRONT — When word first came last week that China’s AI startup DeepSeek had launched an artificial intelligence (AI) assistant that could compete […] More
BOTTOM LINE UP FRONT — The U.S. is facing an onslaught from adversaries in cyberspace, and while conversations about the response has focused on bolstering cybersecurity […] More
EXPERT INTERVIEWS — While the North Atlantic Treaty Organization (NATO) has long counted the United States among its most generous and loyal members, many NATO nations […] More
Search