CISA and NSA Publish New Guidance for Strengthening 5G Network Cuts Against Threats
The US cyber security and intelligence agencies have released a series of recommendations to address security concerns by cutting off 5G’s self-sustaining network and strengthening it against possible threats.
“The threat landscape in 5G is dynamic; therefore, continued monitoring, auditing, and other analytical capabilities are required to meet specific network-cutting service level requirements over time,” the US Cyber and Infrastructure Security Agency (CISA) and National Security Agency (NSA) said. said.
5G is the fifth generation technology standard for broadband mobile networks, offering increased data rates and lower latency. Network slicing is an architectural model that allows mobile service providers to partition their network into independent “slices” to create virtual networks that serve different clients and use cases.
The latest advisor builds on the guide previously issued by the agency in December 2022, warned that network cutting could expose users to multiple threat vectors – denial of service, jamming, identity theft, and adversary-in-the-middle attacks – effectively hindering the confidentiality, integrity, and availability of network services.
Concerns with cutting 5G networks were detailed in a report published by Enea AdaptiveMobile Security in March 2021, which highlighted the potential for brute-force attacks to gain malicious access to slices and orchestrate denial-of-service attacks against other network functions.
Later in May 2021, the US government warned that inadequate implementation of telecommunications standards, supply chain threats and weaknesses in system architecture could pose a major cybersecurity risk to 5G networks, allowing threat actors to exploit loopholes to extract valuable information from victims.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
In the latest guidelines, the authorities cite denial-of-service attacks on signaling aircraft, misconfiguration attacks, and enemy-in-the-middle attacks as three prominent 5G threat vectors, noting that the zero trust architecture (ZTA) can help secure network deployments.
“Most of ZTA can be accomplished using authentication, authorization, and auditing (AAA) techniques,” CISA and NSA said. “Proper implementation of authentication and authorization can also reduce threat vectors originating from misconfiguration attacks.”
The agencies also said it was critical to recognize industry-recognized best practices for how 5G network cuts can be implemented, designed, deployed, operated, maintained, potentially strengthened, and mitigated as they affect Quality of Service (QoS) and Approval Service Tiers (SLAs).
