U.S. government warns on 5G network-slicing security

The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently published a document that provides a detailed look at network slicing and the security threats the technology may face in the future.

“This guidance – created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA – presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice,” according to the agencies. The NSA and the CISA represent some of the top US agencies focused on cybersecurity.

“CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions,” the agencies wrote in the 49-page document titled “5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance.”

The document explains that 5G network slicing “is poised to become a key technology feature within 5G, so it is imperative we understand potential security threats to 5G network slicing. Hence, it is important to recognize industry-recognized best-practices of how 5G network slicing can be implemented, designed, deployed, operated, maintained, potentially hardened, and mitigated as they affect QoS [quality of service] and confidentiality, integrity, and availability triad SLAs [service level agreements].”

The agencies added: “The goal is to promote collaboration amongst MNOs [mobile network operators], hardware manufacturers, software developers, other non-MNOs, systems integrators, and network slice customers, in order to facilitate increased resiliency and security hardening within 5G network slicing.”

The document provides a detailed outline of how network slicing might work in a 5G network, including one running open radio access network (RAN) specifications. (The open RAN concept is supported by a variety of US federal agencies, including the US military.) The new report also outlines the various security issues that need to be considered in a network slice, including in user devices, in core and transport networks, and in any networking software that might be used.

The document recommends specific steps for operators to take. “Employ cloud tenant separation mechanisms (e.g., ‘virtual private cloud’) to ensure separation between the 5G system and other workloads within the supporting cloud platform,” reads one suggestion in the document’s “cloud and virtualization” section.

To read the complete article, visit Light Reading.