Connect with us

Hi, what are you looking for?



US Government Agencies Issue Guidance on Threats to 5G Network Slicing

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.

The document explains that “a network slice is an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs” and that it can run on the same physical network with other slices, albeit users are authenticated for a network area only.

Spanning physical components of a network – including computing, storage, and infrastructure – network slicing provides component virtualization and enables data and security isolation by restricting user authentication to specific network areas.

“It is important to note that network slicing components can span multiple operators, so interoperability, security, and robustness become important challenges to address. From a security standpoint, the resources of one network slice should be isolated from other network slices to ensure confidentiality, integrity, and availability,” the guidance reads.

The architecture relies on a network-as-a-service (NaaS) model, where infrastructure-as-a-service is combined with network and security services, to improve the efficiency and resilience of 5G infrastructure. Mobile network operators need to use management and network orchestration (MANO) systems to create end-to-end network slices and operate them, the three agencies say.

According to the Enduring Security Framework (ESF), network slicing adds complexity to the network and improper management of network slices could allow threat actors to access data in other network slices or deny access to it.

The NSA, CISA, and ODNI mention denial-of-service (DoS), man-in-the-middle (MitM), and configuration attacks as representing three high-severity risks to network slicing, as they can impact the availability, confidentiality, and integrity of a network slice.

Advertisement. Scroll to continue reading.

The agencies also note that one potential risk to network slicing is Network Function Virtualization (NFV), which is in fact fundamental to network slicing, as it eliminates the need for purpose-built hardware – allowing the use of cloud-based servers instead. NFV also moves network functions out into the cloud, optimizes performance, and increases monitoring and logging options.

Medium-severity risks include saturation attacks, user identity theft, penetration attacks, TCP level attacks, IP spoofing, session replay attacks, International Mobile Subscriber Identity (IMSI) caching attacks, NAS signaling storms, and traffic bursts by IoT.

Expected to play a pivotal role in autonomous vehicles and other emerging technologies, network slicing is prone to IMSI caching attacks, where threat actors could expose an autonomous vehicle’s geolocation, along with information about the cargo and traffic routes.

“From here, the actor can launch a DoS attack on the network signaling plane to cause disruptions between the autonomous vehicle and its authorized controller. Assuming the malicious actor has access to the subscriber identity, the actor can also separately launch a configuration attack to tamper with the security features and virtual network function (VNF) policies,” the three agencies note.

Proper management and continuous monitoring, the NSA, CISA, and ODNI say, are essential to network slice security and should both be applied at four logical layers, namely Network Slice Subnet Management Function (NSSMF), Network Slice Management Function (NSMF), Communication Service Management Function (CSMF), and the Capability Exposure Platform, which offers standard application programming interfaces and a self-management portal.

“In addition to proper network slice management, continual monitoring is crucial in detecting malicious activity. Mobile network monitoring and security tools often focus on network performance, fraud detection, revenue assurance, or device behavior that impacts network performance and not on detecting adversarial malicious activity,” the guidance reads.

More advanced mitigations include the adoption of a zero trust architecture, multi-layer security, cross-domain solutions, post-quantum cryptography, and isolation, including multi-factor authentication, access control, advanced encryption, sandboxes, virtual machines, or hardware and physical isolation.

“Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper, DoS, MitM attacks, and configuration attacks,” the NSA, CISA, and ODNI note.

Related: NSA Publishes Guidance on Mitigating Software Memory Safety Issues

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: NSA, CISA Release 5G Cloud Security Guidance

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...