CISA Pushes for Zero Trust in Latest 5G Guidance
Zero trust continues to be a major hallmark of cloud security, which includes 5G networks.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) cited multitenant cloud infrastructures as the primary risk factor for 5G security in new guidance released earlier this month. To mitigate this risk, CISA and the NSA advise a zero trust approach to cloud and 5G security.
The new guidance is the third installment in a series on 5G security. In Part I and Part II of the guidance on 5G security, CISA and the NSA advocated the use of identity, credential and access management (ICAM) solutions to prevent unauthorized access to 5G networks and advised separation of network resources, (i.e., “pod security”), to prevent malicious lateral movement within a network should a breach occur.
Part III continues to emphasize the importance of data protection and zero trust for all cloud-based security efforts, especially as federal agencies like the Defense Department, the Department of Homeland Security and the Department of Veterans Affairs prepare their networks for 5G capabilities.
Multitenancy refers to multiple cloud infrastructure customers sharing a single physical infrastructure, including sharing security responsibilities, which is a common consequence of cloud modernization.
“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” CISA and the NSA said in their joint guidance.
The joint guidance emphasizes data protection and zero trust architectures as the most reliable approaches to securing 5G networks, tracking with the latest federal cybersecurity guidance and comments from federal cyber leaders regarding cloud networks in general.
“Data in a network as vast as 5G cloud infrastructures cannot be secured by a solitary entity,” said Morgan Adamski, chief of NSA’s Cybersecurity Collaboration Center, according to the press release. “It takes the collaboration of government agencies and our industry partners. When we combine our unique perspectives, we can fit together the pieces of the puzzle and solve critical cybersecurity issues.”
NIST IT Specialist Jeff Cichonski said zero trust as a security strategy is “very applicable” to 5G networks in an October CyberCast interview with GovernmentCIO Media & Research. For federal agencies looking to deploy 5G capabilities, focusing on zero trust deployment is a great first step, but 5G security will not be “one size fits all” and will look different from network to network, Cichonski added.
“5G technologies definitely have multiple stakeholders — consumers and service providers,” he said in the interview. “We’re definitely seeing that shift to leveraging cellular networks for day-to-day business. I think it’s really important to take these networks into account, ensuring the risk process is understood … different applications or use cases for 5G will have different security requirements.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Federal IT Trends in 2024, Outlook for 2025
Federal IT advancements in 2024 showcased the transformative potential of emerging technologies, particularly artificial intelligence.
2m read -
FDA Outlines Future Tech Priorities
FDA is advancing its tech capabilities with quantum computing, zero-trust architecture and modernized data sharing.
6m read -
This Partnership is Tackling Federal Zero Trust, Cloud Security
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
16m watch Partner Content -
How Marines' Project Dynamis is Supporting CJADC2 Data Effort
Col. Jason Quinter delves into the origins of Project Dynamis and how the program builds upon the Pentagon's larger strategy.
5m read