5G, Cybersecurity

CISA’s National Strategy to Secure 5G


In March 2020, the White House announced its decision to develop the National Strategy to Secure 5G in hopes of expanding modern technological use in the federal government.[1] However, the process has been difficult for companies to follow, as 5G introduces challenges like an increased surface area, software weaknesses, and decreased visibility. The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that aims to understand, manage, and secure cyber and physical infrastructure, has introduced a five-step 5G implementation process. With its partners from the Department of Homeland Security’s Science and Technology (S&T) Directorate, as well as the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), CISA offers federal agencies a blueprint to initiating and navigating the risk management process for authorizing 5G systems.[1]

Carahsoft CISA National Strategy to Secure 5G Blog Embedded Image 2022 5G has become a priority because it is a wireless technology that combines ubiquitous connectivity and computing. By using more bandwidth and higher frequencies, 5G succeeds in carrying more data quickly and efficiently. This type of network will be critical for projects in fields such as transportation, national defense and industrial production. The technology differs from most in that it allows users to specialize coverage to specific Internet of Things (IoT) or smart devices.[2]

Hurdles to Implementation

The first hurdle agencies have faced is an increased attack surface after installing 5G. Since connecting to the IoT would mean working in a space where security is not built in, there would be a wider range of vulnerabilities for attackers to find. Secondly, connecting to a wider network would increase the surface of the network, supply chain and software weaknesses, opening it up to more areas of attack. Finally, adding 5G can decrease the network visibility, and companies who do not utilize additional network visibility software may not gain network traffic viewership to identify abnormalities.[2]

Benefits of 5G

Despite potential setbacks, 5G has a variety of extremely useful features that will aid federal agencies’ technology use in innovative ways. Through the technology’s low, middle and high band radio spectrum, network slicing and edge computing, 5G will provide the public sector with new features, capabilities and services.[3] Security enhancements include:

  • Shield and Encryption identification that protect information from rogue devices
  • Data routing through virtual hubs that cannot be easily changed or moved that allows device compatibility with intelligent software and virtual hardware
  • A stronger encryption algorithm that disincentivizes hackers from decrypting your private information
  • High band radio spectrum that creates a more secure connection at quicker speeds[4]
  • A consistent user experience across network alternatives
  • Effortless network securement in remote locations, which can allow users to safely conduct business remotely
  • Safe network access on mobile devices that impact productivity and quick remediation capabilities[2]

To combat security risks, CISA has put forth a strategic initiative plan for federal agencies to follow.

There are five main steps in adapting 5G technology:

  1. Define the federal 5G use case
  2. Identify the assessment boundary
  3. Identify security requirements
  4. Outline security requirements to match federal guidance
  5. Assess security guidance gaps and alternatives[3]

One of the main goals of this process is to help agencies fill potential security gaps if they had applied 5G on their own. Agencies should utilize this initiative to identify important threat frameworks, 5G system security considerations, industry security specifications, federal security guidance documents and relevant methodologies to conduct cybersecurity assessments of 5G systems.[3] The standards provide a uniform and flexible approach to 5G and help federal agencies better evaluate, understand and address security and resilience to inspire future innovation.

A Positive Future

While every new technological advancement comes potential weaknesses, they provide greater potential for ensuring the security of the nation and the economy. As a result, CISA helps users add 5G to their networks in a uniform and flexible manner, and encourages agencies and organizations to provide feedback on the 5G Security Evaluation Process. These comments will be taken into consideration for adapting the strategy and guaranteeing that the guidelines will assist every government agency in their journey to safely adapt 5G.

 

Carahsoft and its vendors bring together a vast variety of security experts. With our aid and solutions, we can help you gain the knowledge and software needed to implement and evaluate 5G and keep your network secure. For more information regarding the evaluation process for 5G in federal government, visit our website.

 

[1] “5G Security and Resilience,” Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/5g

[2] “What is 5G Security? Explaining the Security Benefits and Vulnerabilities of 5G Architecture,” AT&T Cybersecurity. https://cybersecurity.att.com/blogs/security-essentials/what-is-5g-security

[3] “5G Security Evaluation Process Investigation Version 1,” Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/sites/default/files/publications/5G_Security_Evaluation_Process_Investigation_508c.pdf

[4] “What is 5G an Why Does it Matter,” Verizon. https://www.verizon.com/about/our-company/5g/what-5g

Related Articles