CISA publishes 5G security assessment process plan



The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new five-step 5G security assessment process to help companies improve their security stance before launching new 5G applications.

More specifically, the new guidelines include information on relevant threat structures, 5G system security standards, industry security specifications, federal security guidelines documents, and procedures for conducting cyber security assessments of 5G systems.

“5G networks are designed to be more secure than 4G,” read the report. “However, the complexity of 5G networks – with new features, services and an expected massive increase in the number and type of devices they will serve. […] Expands the threat surface and can make system delimitation challenging. “

Additionally, the report highlights how federal enterprises may not be aware of how 5G-enabled systems are planned to be implemented, and how the inclusion of 5G technology affects the system risk assessment / approval (ATO) process.

This is especially true, CISA writes, of the efforts and resources required by enterprises to fully evaluate a 5G network and the accompanying system components vary depending on a variety of factors.

“This document presents examples of common 5G subsystems and components to highlight the skills acquired during each of the five steps of the proposed 5G security assessment process.”

The report also presents a set of potential 5G ‘starter’ projects “outside of the commercial mobile broadband offers currently offered by national and regional MNOs for federal agencies.”

CISA called on agencies and agencies to review the new report before June 27, 2022, saying that the response would be used to assess the need for further security recommendations and guidelines for the federal agency’s adoption of 5G technology.

The Report The result of a collaboration between CISA, the Department of Science and Technology of Homeland Security, and the Under Secretary of Defense for Research and Engineering (OUSD R&E) in the Office of the Department of Defense (DoD).

For additional information on the cyber security risks associated with 5G deployments, visit this explanatory article by technology expert Tim Hardwick.


Source link