US government warns on network slicing securityUS government warns on network slicing security
The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published their take on network slicing security issues in 5G and are urging mobile operators to take action.
July 20, 2023
The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently published a document that provides a detailed look at network slicing and the security threats the technology may face in the future.
"This guidance – created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA – presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice," according to the agencies. The NSA and the CISA represent some of the top US agencies focused on cybersecurity.
"CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions," the agencies wrote in the 49-page document titled "5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance."
The document explains that 5G network slicing "is poised to become a key technology feature within 5G, so it is imperative we understand potential security threats to 5G network slicing. Hence, it is important to recognize industry-recognized best-practices of how 5G network slicing can be implemented, designed, deployed, operated, maintained, potentially hardened, and mitigated as they affect QoS [quality of service] and confidentiality, integrity, and availability triad SLAs [service level agreements]."
The agencies added: "The goal is to promote collaboration amongst MNOs [mobile network operators], hardware manufacturers, software developers, other non-MNOs, systems integrators, and network slice customers, in order to facilitate increased resiliency and security hardening within 5G network slicing."
The document provides a detailed outline of how network slicing might work in a 5G network, including one running open radio access network (RAN) specifications. (The open RAN concept is supported by a variety of US federal agencies, including the US military.) The new report also outlines the various security issues that need to be considered in a network slice, including in user devices, in core and transport networks, and in any networking software that might be used.
The document recommends specific steps for operators to take. "Employ cloud tenant separation mechanisms (e.g., 'virtual private cloud') to ensure separation between the 5G system and other workloads within the supporting cloud platform," reads one suggestion in the document's "cloud and virtualization" section.
"Use mutual authentication for communication between the AAA-S / DN-AAA and the NSSAA and SMF respectively, by means of X.509 certificates that have been issued by a mutually trusted certificate authority. Similarly, use mutual authentications for all communications between the SMF and the DHCP servers over the N6 using X.509v3 certificates," reads another suggestion in the "data networking" section.
Slicing and security
Network slicing has been a big 5G topic for years. The technology promises to allow network operators to separate traffic for specific users and customers and tweak network settings for each.
"For example, utility company smart readers use very little bandwidth, are not latency sensitive, and do not need mobility routing functions as they are in a fixed position attached to homes and do not move. This use case would require fewer network resources," Verizon explained earlier this year. "Alternatively, massive multiplayer online gaming in a mobile environment would benefit from certain upload and download speeds and low latency to work effectively and provide players an immersive experience on a mobile device."
Slicing technology is available only in the standalone (SA) version of 5G, which features a core network capable of handling network slices. Verizon and other operators have been slowly deploying SA 5G.
The new network slicing security document was expected, and it is just the latest from a government agency addressing 5G. Earlier this year, the US General Services Administration (GSA) published its "Acquisition Guidance for Procuring 5G Technology" to guide federal agencies on how to make use of the next-generation technology.
About the Author(s)
You May Also Like
5G Network Automation and AI at Global Megaevents: A Telco AI-at-scale case study with Ooredoo and EricssonOct 10, 2023
5G Transport & Networking Strategies Digital Symposium.Oct 26, 2023
Improve Service Efficiency in the Call Center and Field with Slack AutomationOct 13, 2023
Open RAN Evolution Digital Symposium Day 1Jul 26, 2023