Olympic Dreams Bring Security Nightmares to Paris
SUBSCRIBER+ EXCLUSIVE REPORTING — The Olympic torch has landed in France, and begun its 69-day journey to Paris. It’s a milestone for the 33rd Olympiad, […] More
PRIVATE SECTOR PERSPECTIVE — Fifth-generation (5G) mobile technology will completely transform global telecommunications networks. Billions more devices, sensors, and systems will be connected worldwide. Downloads will be much faster, latency will be much lower, and the capacity to connect more devices to the network will skyrocket. For all its performance advantages, however, 5G will abruptly expand the nation’s cyber attack surface—a potential boon for U.S. adversaries. Recently published federal guidance could help cloud providers and mobile network operators manage emerging risks. The first step is embracing a leading cybersecurity mindset: It’s zero hour for zero trust.
The Authors:
Dr. Kristopher Hall is a Senior Lead Technologist at Booz Allen Hamilton where he leads 5G security efforts. He has more than 23 years of experience in software development, cyber security, and telecommunications with an emphasis in mobile networks.
Matthew Edwards is a Lead Technologist at Booz Allen Hamilton where he works on 5G security efforts as a vulnerability analyst, researching 5G protocols and security vulnerabilities. He has more than 11 years of experience in data analysis, scripting, cyber security, and telecommunications systems.
The zero trust model relentlessly questions the premise that users, devices, and network components deserve to be trusted just because they’re in the network. Zero trust has three core principles: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. This mindset is mandated for the federal government in Executive Order 14028. What’s more, it’s woven throughout the new 5G cloud cybersecurity guidance from the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
The CISA/NSA guidance gives practical advice to service providers and system integrators that build and configure 5G cloud infrastructures. For instance, the four-part series covers preventing and detecting lateral movement—detecting threats in 5G clouds and preventing adversaries from using the compromise of one cloud resource to compromise an entire network. It also covers securely isolating network resources, including securing the container stack that supports the running of virtual network functions (VNFs).
Moreover, organizations looking to bring a zero trust mindset into 5G cloud endpoints and growing multi-cloud environments should leverage insights and existing tools. One example is a new report, published by our company, Booz Allen, Building Mission-Driven 5G Security with Zero Trust, which explains the pillars of zero trust—and how to use them, with governance, to understand the strengths and gaps in current capabilities, and to design actionable plans for improved security. Both the CISA/NSA guidance and the report are informed in part by the federal government’s published assessment of 5G threat vectors.
Embracing zero trust for 5G is a continuous process. Here are four complementary steps that organizations can employ on an ongoing basis to realize zero trust for 5G:
In addition, operators of 5G ecosystems need holistic security that includes zero trust architecture, 5G development, security and operations (DevSecOps), and a 5G workforce, as well as vulnerability research and embedded security.
To be sure, no single document provides a total solution for zero trust in 5G. Even the CISA/NSA guidance notes it does not provide a complete template—but it also stresses the best practices therein can enable significant progress.
With a zero trust mindset, the national security community—and the private sector—can protect highly connected devices and methods of network access. We can prepare today to secure emerging 5G-enabled capabilities. It’s time for organizations to take stock of their challenges and risks and set a path toward zero trust for 5G.
Join the new cyber ecosystem of experts across disciplines as we help bring a better understanding of cyber and technology to national security and business security. Subscribe to The Cyber Initiatives Group (CIG), today. Booz Allen is a Knowledge Partner and sponsor of the CIG.
Related Articles
SUBSCRIBER+ EXCLUSIVE REPORTING — The Olympic torch has landed in France, and begun its 69-day journey to Paris. It’s a milestone for the 33rd Olympiad, […] More
SUBSCRIBER+EXCLUSIVE REPORTING — The marvels of artificial intelligence caught the imagination again this month when Frank Kendall, the secretary of the Air Force, took a […] More
SUBSCRIBER+EXCLUSIVE REPORTING — The future of Ukraine may depend on a single word from the United States: “Yes.” That’s the answer Ukraine is seeking from […] More
SUBSCRIBER+EXCLUSIVE REPORTING — Even before the body of Iranian President Ebrahim Raisi was found, Ayatollah Ali Khamenei, Iran’s 85-year-old Supreme Leader, tweeted an exhortation for […] More
EXCLUSIVE SUBSCRIBER+EXPERT INTERVIEW – Iran’s state media said Monday that President Ebrahim Raisi had died in a helicopter crash that also took the lives of […] More
BOTTOM LINE UP FRONT — Russia’s war against Ukraine has – once again – reached a pivotal moment. Russia has launched a new offensive in […] More
Search