Why China is Cyber-Threat #1 – and What To Do About It
SUBSCRIBER+ EXCLUSIVE — When U.S. and British officials filed charges of cyberespionage and imposed sanctions against China Monday, for a campaign which they said had […] More
PRIVATE SECTOR PERSPECTIVE — Fifth-generation (5G) mobile technology will completely transform global telecommunications networks. Billions more devices, sensors, and systems will be connected worldwide. Downloads will be much faster, latency will be much lower, and the capacity to connect more devices to the network will skyrocket. For all its performance advantages, however, 5G will abruptly expand the nation’s cyber attack surface—a potential boon for U.S. adversaries. Recently published federal guidance could help cloud providers and mobile network operators manage emerging risks. The first step is embracing a leading cybersecurity mindset: It’s zero hour for zero trust.
The Authors:
Dr. Kristopher Hall is a Senior Lead Technologist at Booz Allen Hamilton where he leads 5G security efforts. He has more than 23 years of experience in software development, cyber security, and telecommunications with an emphasis in mobile networks.
Matthew Edwards is a Lead Technologist at Booz Allen Hamilton where he works on 5G security efforts as a vulnerability analyst, researching 5G protocols and security vulnerabilities. He has more than 11 years of experience in data analysis, scripting, cyber security, and telecommunications systems.
The zero trust model relentlessly questions the premise that users, devices, and network components deserve to be trusted just because they’re in the network. Zero trust has three core principles: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. This mindset is mandated for the federal government in Executive Order 14028. What’s more, it’s woven throughout the new 5G cloud cybersecurity guidance from the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
The CISA/NSA guidance gives practical advice to service providers and system integrators that build and configure 5G cloud infrastructures. For instance, the four-part series covers preventing and detecting lateral movement—detecting threats in 5G clouds and preventing adversaries from using the compromise of one cloud resource to compromise an entire network. It also covers securely isolating network resources, including securing the container stack that supports the running of virtual network functions (VNFs).
Moreover, organizations looking to bring a zero trust mindset into 5G cloud endpoints and growing multi-cloud environments should leverage insights and existing tools. One example is a new report, published by our company, Booz Allen, Building Mission-Driven 5G Security with Zero Trust, which explains the pillars of zero trust—and how to use them, with governance, to understand the strengths and gaps in current capabilities, and to design actionable plans for improved security. Both the CISA/NSA guidance and the report are informed in part by the federal government’s published assessment of 5G threat vectors.
Embracing zero trust for 5G is a continuous process. Here are four complementary steps that organizations can employ on an ongoing basis to realize zero trust for 5G:
In addition, operators of 5G ecosystems need holistic security that includes zero trust architecture, 5G development, security and operations (DevSecOps), and a 5G workforce, as well as vulnerability research and embedded security.
To be sure, no single document provides a total solution for zero trust in 5G. Even the CISA/NSA guidance notes it does not provide a complete template—but it also stresses the best practices therein can enable significant progress.
With a zero trust mindset, the national security community—and the private sector—can protect highly connected devices and methods of network access. We can prepare today to secure emerging 5G-enabled capabilities. It’s time for organizations to take stock of their challenges and risks and set a path toward zero trust for 5G.
Join the new cyber ecosystem of experts across disciplines as we help bring a better understanding of cyber and technology to national security and business security. Subscribe to The Cyber Initiatives Group (CIG), today. Booz Allen is a Knowledge Partner and sponsor of the CIG.
Related Articles
SUBSCRIBER+ EXCLUSIVE — When U.S. and British officials filed charges of cyberespionage and imposed sanctions against China Monday, for a campaign which they said had […] More
The U.S. intelligence community is relying on artificial intelligence to uncover some of the Chinese intrusions into U.S. critical infrastructure that have alarmed national security […] More
SUBSCRIBER+ EXCLUSIVE REPORTING – As Chinese government hackers have burrowed into U.S. critical infrastructure, they have avoided detection by targeting low-profile devices: obsolete internet routers […] More
SUBSCRIBER+ EXCLUSIVE REPORTING – A Pennsylvania water treatment facility is infiltrated by hackers linked to Iran. Russian hackers breach more than a thousand home office […] More
SUBSCRIBER+ EXCLUSIVE REPORTING – A weaponized drone sinks a Russian warship on the Black Sea. A series of drone attacks strike oil facilities inside Russia. […] More
CIPHER BRIEF REPORTING – As U.S. Government Executives are working to implement the Biden Administration’s new Executive Order on Artificial Intelligence, (AI) they are not […] More
Search