NIST https://www.nist.gov has issued a request for public comment on their draft guidance for 5G Cybersecurity. As wireless networks transition to 5G technology new cybersecurity demands will be placed on industry.
The draft guidance is designed to help network operators navigate those demands. The draft publication “5G Cybersecurity Volume B: Approach, Architecture and Security Characteristics” describes the cybersecurity capabilities that their 5G network will enable. The publication also provides a risk analysis for the security capabilities that the network will demonstrate.
One potential issue is that the current lack of 5G standards that are needed have to specify how to deploy cybersecurity protections onto the underlying components that support and operate the 5G system.
The publication is intended primarily for commercial mobile network and private 5G network operators, as well as for organizations using and managing 5G-enabled technology.
The publication will offer several benefits to organizations that implement a 5G network, to include reduced susceptibility of a 5G network to cyberattack, better protection of 5G communications against eavesdropping and tampering, and increased privacy protections for 5G users.
Another difference between 5G and previous generation cellular networks is 5G’s use of cloud-based technology which is similar to that used for many internet applications. 5G systems can leverage the robust security features available in cloud computing architectures to protect 5G data and communications.
According to Jeff Cichonski, a NIST Information Technology Specialist, “As these features may be unfamiliar to some in the industry, the draft publication is designed to help clarify how the cloud infrastructure focused security capabilities can help secure a 5G network.”
He explained, “The first phase of the project will also showcase how 5G can help address known security challenges that have existed in previous-generation networks. If we identify gaps in 5G cybersecurity standards, we will let standards development organizations know what we learn. We are hoping this project will help the entire wireless security community.”
The authors want to know if the guide accurately describes technical security capabilities and related threats and vulnerabilities so the authors wants the community to let them know what should be added to make the information more relevant to their organizations.
Go to https://www.nccoe.nist.gov/sites/default/files/2022-04/nist-5G-sp1800-33b-preliminary-draft.pdf for the draft publication.
Go to 5g-security@nist.gov to submit comments on the preliminary draft publication. The deadline is June 27, 2022.