5G players tout progress toward ZTA, but more work ahead

Security experts agree that zero trust architecture (ZTA) is critical to securing communications networks. While many companies argue that they have made progress adding the technology into their 5G operations, a new report from ATIS says more needs to be done.

"5G is the most secure generation of standardized mobile technology available commercially today," the trade association wrote in a 48-page report. "5G is specified with many features of a ZTA but it does not embody a full implementation of a ZTA."

ATIS is a North American partner to 3GPP, the global standards body for 5G. ATIS argued that 3GPP needs to look at ways to insert ZTA into 5G devices and radio access networks (RANs), rather than just the 5G core.

That's one of the many action items outlined in its report, which is noteworthy considering the group has previously addressed issues including secure supply chains, robocalls and hearing aid compatibility for cellphones. It launched its Next G Alliance effort – targeting 6G – in 2020.

Implementing zero trust

A zero-trust network architecture is based on the notion that each network element needs to be individually protected from attack.

"By starting from the assumption that the attacker is already inside the network, the zero trust model enhances security by both blocking unauthorized access to network resources and preventing internal lateral movement by an attacker," 5G equipment vendor Ericsson wrote two years ago.

As ATIS notes in its report, zero trust is also the security framework recommended by most US government agencies. For example, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) both support the ZTA implementation from the US National Institute of Standards and Technology (NIST) for 5G.

But ATIS notes that this is no small task. "Creating a ZTA for 5G requires careful consideration of the 5G architecture's unique aspects," the association wrote. It explained that security must be addressed from a variety of angles across different traffic planes (user, control and management) and domains including core network, RAN and user equipment like smartphones.

According to ATIS, 3GPP has been working to implement zero trust broadly, but only in the Service Based Interface (SBI) and not in other aspects of the 5G network like the RAN.

The O-RAN Alliance also has been working to implement ZTA in its open RAN specifications. Security has been a hot topic in the early discussions around open RAN.

ZTA across the ecosystem

The interest in ZTA doesn't come as a surprise to 5G equipment vendors and network operators.

"Nokia's products and services support a zero-trust approach to network security – the premise that trust cannot be assumed and must continually be validated," the company told the NTIA earlier this year.

Indeed, Nokia said its focus on security extends to its new ASTaR (Advanced Security Testing and Research) lab in Dallas, Texas. The company and the lab will serve as a lead technology provider and collaborator for NIST's National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity Project.

Mavenir told the NTIA earlier this year that it has "already qualified its open RAN product offerings through the NESAS qualification process, which includes development and supply of products on a zero-trust basis."

The Network Equipment Security Assurance Scheme (NESAS) is a program from the global GSMA trade association to provide "one universal and global security assurance framework."

Finally, operators ranging from Verizon to Dish Network have discussed the technology.

"Verizon's Zero Trust Dynamic Access provides a zero trust cloud security solution for secure access to the open Internet, cloud applications, private applications and data and public cloud services," the company wrote on its Verizon Business website. "That helps you defend your business."

And Dish has made ZTA a core part of its early 5G sales story. Indeed, the company touted its zero trust approach to 5G deployment as part of Hughes Network Systems' work with the US military.

Related posts:

— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano