The Cybersecurity and Infrastructure Security Agency (CISA) has published a new five-step 5G Security Evaluation Process to help companies improve their security posture before deploying new 5G applications.
More specifically, the new guidelines include information about relevant threat frameworks, 5G security standards, industry security specifications, federal security guidance documents, and methodologies to conduct cybersecurity assessments of 5G systems.
“5G networks are designed to be more secure than 4G,” read the report. “However, the complexity of 5G networks – with new features, services and an anticipated massive increase in the number and types of devices they will serve […] expands the threat surface and can make defining the system boundary challenging.”
Additionally, the report highlights how federal enterprises planning to implement 5G-enabled systems may not be aware of how the inclusion of 5G technologies impacts the system risk assessment/authorization to operate (ATO) process.
This is particularly true, CISA wrote, considering that the level of effort and resources required by enterprises to fully assess a 5G network and accompanying system elements varies based on several factors.
“This document presents examples of common 5G subsystems and components to highlight the efficiencies gained during each of the five steps of the proposed 5G Security Evaluation Process.”
The report also presents a set of potential 5G ‘starter’ projects “beyond the commercial mobile broadband offerings currently offered by national and regional MNOs for federal agencies.”
CISA called upon agencies and organizations to review the new report before June 27, 2022, saying the feedback will be utilized to assess the need for further security recommendations and guidance publications for federal agency adoptions of 5G technologies.
The report is the result of a collaboration between CISA, the Department of Homeland Security’s Science and Technology Directorate, and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E).
You can also read this: CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability