NSA and CISA Share Guidance on Securing 5G Cloud Infrastructure

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.

The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

The guidance, released as a four-part series, builds on a white paper released in May 2021 by the Enduring Security Framework (ESF) following the 5G study group, which explored potential threat vectors and vulnerabilities inherent to 5G networks.

Also Read: Got A Notice of Data Breach? Don’t Panic!

It’s also the direct result of engaging with experts across government and industry to identify risks impacting 5G security.

Blocking lateral movement in 5G cloud networks

“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” the joint advisory says.

“To counter this threat, it is imperative that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. “

The first part of the guidance, published today, focuses on mitigating lateral movement attempts by threat actors who have breached a 5G cloud system.

CISA and the NSA said that 5G service providers and system integrators could implement the following measures to block and detect lateral movement in the 5G cloud:

• Implement secure identity and access management (IdAM) in the 5G cloud
• Keep 5G cloud software up-to-date and free from known vulnerabilities
• Securely configure networking within 5G cloud
• Lock down communications among isolated network functions
• Monitor for indications of adversarial lateral movement
• Develop and deploy analytics to detect sophisticated adversarial presence

Additional info on potential threat vectors to 5G infrastructure can be found in this whitepaper released by CISA, in coordination with the NSA, and the Office of the Director of National Intelligence, as part of the ESF cross-sector public-private working group in May.

Also Read: A Review of PDPC Undertakings July 2021 Cases

The whitepaper provides an overview of 5G threat vectors and detailed information on policy and standards threat scenarios, supply chain threat scenarios, and 5G systems architecture threat scenarios.

“Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation,” said Rob Joyce, NSA Cybersecurity Director.

The next three parts of security guidance for 5G cloud infrastructure will focus on:

• Part II: Securely Isolate Network Resources: Ensure that there is secure isolation among customer resources with emphasis on securing the container stack that supports the running of virtual network functions. 
• Part III: Protect Data in Transit, In-Use, and at Rest: Ensure that network and customer data is secured during all phases of the data lifecycle (at-rest, in transit, while being processed, upon destruction). 
• Part IV: Ensure Integrity of Infrastructure: Ensure that 5G cloud resources (e.g., container images, templates, configuration) are not modified without authorization.

EU’s assessment of 5G security risks

European Union (EU) member states also published a coordinated risk assessment on the security of 5G networks two years ago, in October 2019.

The report identified the main threats and threats actors, the most sensitive assets, and the principal security vulnerabilities that could be used to compromise them.

The 5G security risk assessment report highlights the hazards behind using a single equipment supplier, with the shortage of equipment and 5G solutions diversity greatly extending the overall vulnerability of 5G infrastructure if a large number of operators use equipment from suppliers presenting a high degree of risk.

Security challenges linked to5G networks are also associated with connections between networks and third-party systems, as well as to the increased access third-party suppliers will have to nations’ 5G networks.

The EU’s report outlined the following security consequences stemming from the roll-out of 5G networks within EU member states:

• Increased exposure to attacks and more potential entry points for attackers.
• Due to new characteristics of the 5G network architecture and new functionalities, certain network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
• Increased exposure to risks related to the reliance of mobile network operators on suppliers which willlead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks.
• In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
• Increased risks from major dependencies on suppliers: a major dependence on a single supplier increases the exposure to a potential supply interruption, resulting, for instance, from a commercial failure and its consequences.
• Threats to the availability and integrity of networks will become major security concerns.

Additional information is available in EU member states’ joint report on 5G cybersecurity risks, including details on vulnerabilities, risk scenarios, and mitigating measures/security baseline.