Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

US Government Agencies Issue Guidance on Threats to 5G Network Slicing

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.

The document explains that “a network slice is an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs” and that it can run on the same physical network with other slices, albeit users are authenticated for a network area only.

Spanning physical components of a network – including computing, storage, and infrastructure – network slicing provides component virtualization and enables data and security isolation by restricting user authentication to specific network areas.

“It is important to note that network slicing components can span multiple operators, so interoperability, security, and robustness become important challenges to address. From a security standpoint, the resources of one network slice should be isolated from other network slices to ensure confidentiality, integrity, and availability,” the guidance reads.

The architecture relies on a network-as-a-service (NaaS) model, where infrastructure-as-a-service is combined with network and security services, to improve the efficiency and resilience of 5G infrastructure. Mobile network operators need to use management and network orchestration (MANO) systems to create end-to-end network slices and operate them, the three agencies say.

According to the Enduring Security Framework (ESF), network slicing adds complexity to the network and improper management of network slices could allow threat actors to access data in other network slices or deny access to it.

The NSA, CISA, and ODNI mention denial-of-service (DoS), man-in-the-middle (MitM), and configuration attacks as representing three high-severity risks to network slicing, as they can impact the availability, confidentiality, and integrity of a network slice.

The agencies also note that one potential risk to network slicing is Network Function Virtualization (NFV), which is in fact fundamental to network slicing, as it eliminates the need for purpose-built hardware – allowing the use of cloud-based servers instead. NFV also moves network functions out into the cloud, optimizes performance, and increases monitoring and logging options.

Medium-severity risks include saturation attacks, user identity theft, penetration attacks, TCP level attacks, IP spoofing, session replay attacks, International Mobile Subscriber Identity (IMSI) caching attacks, NAS signaling storms, and traffic bursts by IoT.

Expected to play a pivotal role in autonomous vehicles and other emerging technologies, network slicing is prone to IMSI caching attacks, where threat actors could expose an autonomous vehicle’s geolocation, along with information about the cargo and traffic routes.

“From here, the actor can launch a DoS attack on the network signaling plane to cause disruptions between the autonomous vehicle and its authorized controller. Assuming the malicious actor has access to the subscriber identity, the actor can also separately launch a configuration attack to tamper with the security features and virtual network function (VNF) policies,” the three agencies note.

Proper management and continuous monitoring, the NSA, CISA, and ODNI say, are essential to network slice security and should both be applied at four logical layers, namely Network Slice Subnet Management Function (NSSMF), Network Slice Management Function (NSMF), Communication Service Management Function (CSMF), and the Capability Exposure Platform, which offers standard application programming interfaces and a self-management portal.

“In addition to proper network slice management, continual monitoring is crucial in detecting malicious activity. Mobile network monitoring and security tools often focus on network performance, fraud detection, revenue assurance, or device behavior that impacts network performance and not on detecting adversarial malicious activity,” the guidance reads.

More advanced mitigations include the adoption of a zero trust architecture, multi-layer security, cross-domain solutions, post-quantum cryptography, and isolation, including multi-factor authentication, access control, advanced encryption, sandboxes, virtual machines, or hardware and physical isolation.

“Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper, DoS, MitM attacks, and configuration attacks,” the NSA, CISA, and ODNI note.

Related: NSA Publishes Guidance on Mitigating Software Memory Safety Issues

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: NSA, CISA Release 5G Cloud Security Guidance

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.