Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

NSA, CISA Release 5G Cloud Security Guidance

The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure.

The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure.

The guidance comes from the Enduring Security Framework (ESF), a public-private partnership between the NSA, CISA, the Defense Department, the intelligence community, as well as IT, communications, and defense industrial base companies.

The first of the four-part series on securing 5G clouds focuses on preventing and detecting lateral movement.

5G networks rely on cloud infrastructures for agility, resilience and scalability. These networks need to be secure as they will be a tempting target for threat actors looking to cause disruptions or compromise information.

A significant security challenge is related to the use of shared physical infrastructure by multiple mobile network operators. CISA and the NSA highlighted that cloud providers and mobile operators will need to share security responsibilities, with operators being responsible for securing their cloud tenancy.

The agencies pointed out that while defending the perimeter is important, it’s also important to have measures in place to limit lateral movement in case threat actors manage to breach the perimeter.

Recommendations for limiting lateral movement in 5G cloud networks include implementing secure identity and access management, keeping 5G cloud software updated to ensure it’s not affected by known vulnerabilities, securely configuring networking, locking down communications among isolated network functions, monitoring systems for signs of lateral movement, and developing and deploying analytics to detect the presence of sophisticated threat actors.

While these recommendations are mostly for cloud providers and mobile network operators, some also apply to customers.

The other three parts of this guidance will focus on isolating network resources, protecting data through all phases of its lifecycle (transit, in use, and at rest), and ensuring the integrity of infrastructure.

“This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry,” said Rob Joyce, cybersecurity director at the NSA. “Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

Related: CISA Details Strategy for Secure 5G Deployment

Related: NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.