Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

NSA, CISA Release 5G Cloud Security Guidance

The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure.

The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure.

The guidance comes from the Enduring Security Framework (ESF), a public-private partnership between the NSA, CISA, the Defense Department, the intelligence community, as well as IT, communications, and defense industrial base companies.

The first of the four-part series on securing 5G clouds focuses on preventing and detecting lateral movement.

5G networks rely on cloud infrastructures for agility, resilience and scalability. These networks need to be secure as they will be a tempting target for threat actors looking to cause disruptions or compromise information.

A significant security challenge is related to the use of shared physical infrastructure by multiple mobile network operators. CISA and the NSA highlighted that cloud providers and mobile operators will need to share security responsibilities, with operators being responsible for securing their cloud tenancy.

The agencies pointed out that while defending the perimeter is important, it’s also important to have measures in place to limit lateral movement in case threat actors manage to breach the perimeter.

Recommendations for limiting lateral movement in 5G cloud networks include implementing secure identity and access management, keeping 5G cloud software updated to ensure it’s not affected by known vulnerabilities, securely configuring networking, locking down communications among isolated network functions, monitoring systems for signs of lateral movement, and developing and deploying analytics to detect the presence of sophisticated threat actors.

While these recommendations are mostly for cloud providers and mobile network operators, some also apply to customers.

Advertisement. Scroll to continue reading.

The other three parts of this guidance will focus on isolating network resources, protecting data through all phases of its lifecycle (transit, in use, and at rest), and ensuring the integrity of infrastructure.

“This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry,” said Rob Joyce, cybersecurity director at the NSA. “Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

Related: CISA Details Strategy for Secure 5G Deployment

Related: NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.