CISA Pushes for Zero Trust in Latest 5G Guidance
Zero trust continues to be a major hallmark of cloud security, which includes 5G networks.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) cited multitenant cloud infrastructures as the primary risk factor for 5G security in new guidance released earlier this month. To mitigate this risk, CISA and the NSA advise a zero trust approach to cloud and 5G security.
The new guidance is the third installment in a series on 5G security. In Part I and Part II of the guidance on 5G security, CISA and the NSA advocated the use of identity, credential and access management (ICAM) solutions to prevent unauthorized access to 5G networks and advised separation of network resources, (i.e., “pod security”), to prevent malicious lateral movement within a network should a breach occur.
Part III continues to emphasize the importance of data protection and zero trust for all cloud-based security efforts, especially as federal agencies like the Defense Department, the Department of Homeland Security and the Department of Veterans Affairs prepare their networks for 5G capabilities.
Multitenancy refers to multiple cloud infrastructure customers sharing a single physical infrastructure, including sharing security responsibilities, which is a common consequence of cloud modernization.
“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” CISA and the NSA said in their joint guidance.
The joint guidance emphasizes data protection and zero trust architectures as the most reliable approaches to securing 5G networks, tracking with the latest federal cybersecurity guidance and comments from federal cyber leaders regarding cloud networks in general.
“Data in a network as vast as 5G cloud infrastructures cannot be secured by a solitary entity,” said Morgan Adamski, chief of NSA’s Cybersecurity Collaboration Center, according to the press release. “It takes the collaboration of government agencies and our industry partners. When we combine our unique perspectives, we can fit together the pieces of the puzzle and solve critical cybersecurity issues.”
NIST IT Specialist Jeff Cichonski said zero trust as a security strategy is “very applicable” to 5G networks in an October CyberCast interview with GovernmentCIO Media & Research. For federal agencies looking to deploy 5G capabilities, focusing on zero trust deployment is a great first step, but 5G security will not be “one size fits all” and will look different from network to network, Cichonski added.
“5G technologies definitely have multiple stakeholders — consumers and service providers,” he said in the interview. “We’re definitely seeing that shift to leveraging cellular networks for day-to-day business. I think it’s really important to take these networks into account, ensuring the risk process is understood … different applications or use cases for 5G will have different security requirements.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
GSA Taps Dovarius Peoples as Deputy CIO
Peoples previously served as CIO of the U.S. Army Corps of Engineers and oversaw the service's cloud migration and data modernization.
1m read -
Acting DOD CIO: Defense Cloud Contract Vehicle is 'Off to the Races'
Leslie Beavers said the Joint Warfighting Cloud Capability vehicle has surpassed $1 billion in task orders.
4m read -
How Protecting Data Builds Cyber Resiliency
Government agencies produce increasing amounts of data each day, with gigabytes of information being transmitted and stored in cloud-based environments.
16m read -
White House Gets New Deputy National Cyber Director
Harry Wingo previously worked as a professor at the National Defense University's College of Information and Cyberspace.
2m read