5G players tout progress toward ZTA, but more work ahead

'5G is specified with many features of a ZTA [zero-trust architecture] but it does not embody a full implementation of a ZTA,' says trade association ATIS.

Mike Dano, Editorial Director, 5G & Mobile Strategies

August 22, 2023

3 Min Read
5G players tout progress toward ZTA, but more work ahead
(Source: NicoElNino/Alamy Stock Photo)

Security experts agree that zero trust architecture (ZTA) is critical to securing communications networks. While many companies argue that they have made progress adding the technology into their 5G operations, a new report from ATIS says more needs to be done.

"5G is the most secure generation of standardized mobile technology available commercially today," the trade association wrote in a 48-page report. "5G is specified with many features of a ZTA but it does not embody a full implementation of a ZTA."

ATIS is a North American partner to 3GPP, the global standards body for 5G. ATIS argued that 3GPP needs to look at ways to insert ZTA into 5G devices and radio access networks (RANs), rather than just the 5G core.

That's one of the many action items outlined in its report, which is noteworthy considering the group has previously addressed issues including secure supply chains, robocalls and hearing aid compatibility for cellphones. It launched its Next G Alliance effort – targeting 6G – in 2020.

Implementing zero trust

A zero-trust network architecture is based on the notion that each network element needs to be individually protected from attack.

"By starting from the assumption that the attacker is already inside the network, the zero trust model enhances security by both blocking unauthorized access to network resources and preventing internal lateral movement by an attacker," 5G equipment vendor Ericsson wrote two years ago.

As ATIS notes in its report, zero trust is also the security framework recommended by most US government agencies. For example, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) both support the ZTA implementation from the US National Institute of Standards and Technology (NIST) for 5G.

But ATIS notes that this is no small task. "Creating a ZTA for 5G requires careful consideration of the 5G architecture's unique aspects," the association wrote. It explained that security must be addressed from a variety of angles across different traffic planes (user, control and management) and domains including core network, RAN and user equipment like smartphones.

According to ATIS, 3GPP has been working to implement zero trust broadly, but only in the Service Based Interface (SBI) and not in other aspects of the 5G network like the RAN.

The O-RAN Alliance also has been working to implement ZTA in its open RAN specifications. Security has been a hot topic in the early discussions around open RAN.

ZTA across the ecosystem

The interest in ZTA doesn't come as a surprise to 5G equipment vendors and network operators.

"Nokia's products and services support a zero-trust approach to network security – the premise that trust cannot be assumed and must continually be validated," the company told the NTIA earlier this year.

Indeed, Nokia said its focus on security extends to its new ASTaR (Advanced Security Testing and Research) lab in Dallas, Texas. The company and the lab will serve as a lead technology provider and collaborator for NIST's National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity Project.

Mavenir told the NTIA earlier this year that it has "already qualified its open RAN product offerings through the NESAS qualification process, which includes development and supply of products on a zero-trust basis."

The Network Equipment Security Assurance Scheme (NESAS) is a program from the global GSMA trade association to provide "one universal and global security assurance framework."

Finally, operators ranging from Verizon to Dish Network have discussed the technology.

"Verizon's Zero Trust Dynamic Access provides a zero trust cloud security solution for secure access to the open Internet, cloud applications, private applications and data and public cloud services," the company wrote on its Verizon Business website. "That helps you defend your business."

And Dish has made ZTA a core part of its early 5G sales story. Indeed, the company touted its zero trust approach to 5G deployment as part of Hughes Network Systems' work with the US military.

Related posts:

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

About the Author

Mike Dano

Editorial Director, 5G & Mobile Strategies, Light Reading

Mike Dano is Light Reading's Editorial Director, 5G & Mobile Strategies. Mike can be reached at [email protected], @mikeddano or on LinkedIn.

Based in Denver, Mike has covered the wireless industry as a journalist for almost two decades, first at RCR Wireless News and then at FierceWireless and recalls once writing a story about the transition from black and white to color screens on cell phones.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like