
Can India and Pakistan be Brought Back from the Brink of War?
EXPERT INTERVIEW – One week after a deadly terror attack, India and Pakistan stand at the precipice of military conflict, and as one scholar and […] More
PRIVATE SECTOR PERSPECTIVE — Fifth-generation (5G) mobile technology will completely transform global telecommunications networks. Billions more devices, sensors, and systems will be connected worldwide. Downloads will be much faster, latency will be much lower, and the capacity to connect more devices to the network will skyrocket. For all its performance advantages, however, 5G will abruptly expand the nation’s cyber attack surface—a potential boon for U.S. adversaries. Recently published federal guidance could help cloud providers and mobile network operators manage emerging risks. The first step is embracing a leading cybersecurity mindset: It’s zero hour for zero trust.
The Authors:
Dr. Kristopher Hall is a Senior Lead Technologist at Booz Allen Hamilton where he leads 5G security efforts. He has more than 23 years of experience in software development, cyber security, and telecommunications with an emphasis in mobile networks.
Matthew Edwards is a Lead Technologist at Booz Allen Hamilton where he works on 5G security efforts as a vulnerability analyst, researching 5G protocols and security vulnerabilities. He has more than 11 years of experience in data analysis, scripting, cyber security, and telecommunications systems.
The zero trust model relentlessly questions the premise that users, devices, and network components deserve to be trusted just because they’re in the network. Zero trust has three core principles: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. This mindset is mandated for the federal government in Executive Order 14028. What’s more, it’s woven throughout the new 5G cloud cybersecurity guidance from the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
The CISA/NSA guidance gives practical advice to service providers and system integrators that build and configure 5G cloud infrastructures. For instance, the four-part series covers preventing and detecting lateral movement—detecting threats in 5G clouds and preventing adversaries from using the compromise of one cloud resource to compromise an entire network. It also covers securely isolating network resources, including securing the container stack that supports the running of virtual network functions (VNFs).
Moreover, organizations looking to bring a zero trust mindset into 5G cloud endpoints and growing multi-cloud environments should leverage insights and existing tools. One example is a new report, published by our company, Booz Allen, Building Mission-Driven 5G Security with Zero Trust, which explains the pillars of zero trust—and how to use them, with governance, to understand the strengths and gaps in current capabilities, and to design actionable plans for improved security. Both the CISA/NSA guidance and the report are informed in part by the federal government’s published assessment of 5G threat vectors.
Embracing zero trust for 5G is a continuous process. Here are four complementary steps that organizations can employ on an ongoing basis to realize zero trust for 5G:
In addition, operators of 5G ecosystems need holistic security that includes zero trust architecture, 5G development, security and operations (DevSecOps), and a 5G workforce, as well as vulnerability research and embedded security.
To be sure, no single document provides a total solution for zero trust in 5G. Even the CISA/NSA guidance notes it does not provide a complete template—but it also stresses the best practices therein can enable significant progress.
With a zero trust mindset, the national security community—and the private sector—can protect highly connected devices and methods of network access. We can prepare today to secure emerging 5G-enabled capabilities. It’s time for organizations to take stock of their challenges and risks and set a path toward zero trust for 5G.
Join the new cyber ecosystem of experts across disciplines as we help bring a better understanding of cyber and technology to national security and business security. Subscribe to The Cyber Initiatives Group (CIG), today. Booz Allen is a Knowledge Partner and sponsor of the CIG.
Related Articles
EXPERT INTERVIEW – One week after a deadly terror attack, India and Pakistan stand at the precipice of military conflict, and as one scholar and […] More
SPECIAL REPORT — Fifty years ago this week, the long U.S. war in Vietnam came to an end. U.S. combat troops had left the country two […] More
EXPERT INTERVIEWS — There is at least one issue involving national security and U.S. manufacturing that enjoys bipartisan support – and at least one Trump administration […] More
EXPERT INTERVIEWS — The arsenals of nuclear powers are growing, the number of nations with nuclear weapons may soon rise as well, and Russia has used […] More
EXPERT INTERVIEWS — The domain of space has become essential to 21st-century life, given the extent to which communications and navigation are now reliant on space-based […] More
CIPHER BRIEF REPORTING — On January 20, the first day of his second term, President Donald Trump formally labeled Mexico’s crime cartels as international terrorists. Last […] More
Search