US government warns on network slicing security

The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently published a document that provides a detailed look at network slicing and the security threats the technology may face in the future.

"This guidance – created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA – presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice," according to the agencies. The NSA and the CISA represent some of the top US agencies focused on cybersecurity.

"CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions," the agencies wrote in the 49-page document titled "5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance."

The document explains that 5G network slicing "is poised to become a key technology feature within 5G, so it is imperative we understand potential security threats to 5G network slicing. Hence, it is important to recognize industry-recognized best-practices of how 5G network slicing can be implemented, designed, deployed, operated, maintained, potentially hardened, and mitigated as they affect QoS [quality of service] and confidentiality, integrity, and availability triad SLAs [service level agreements]."

The agencies added: "The goal is to promote collaboration amongst MNOs [mobile network operators], hardware manufacturers, software developers, other non-MNOs, systems integrators, and network slice customers, in order to facilitate increased resiliency and security hardening within 5G network slicing."

The document provides a detailed outline of how network slicing might work in a 5G network, including one running open radio access network (RAN) specifications. (The open RAN concept is supported by a variety of US federal agencies, including the US military.) The new report also outlines the various security issues that need to be considered in a network slice, including in user devices, in core and transport networks, and in any networking software that might be used.

The document recommends specific steps for operators to take. "Employ cloud tenant separation mechanisms (e.g., 'virtual private cloud') to ensure separation between the 5G system and other workloads within the supporting cloud platform," reads one suggestion in the document's "cloud and virtualization" section.

"Use mutual authentication for communication between the AAA-S / DN-AAA and the NSSAA and SMF respectively, by means of X.509 certificates that have been issued by a mutually trusted certificate authority. Similarly, use mutual authentications for all communications between the SMF and the DHCP servers over the N6 using X.509v3 certificates," reads another suggestion in the "data networking" section.

Slicing and security

Network slicing has been a big 5G topic for years. The technology promises to allow network operators to separate traffic for specific users and customers and tweak network settings for each.

"For example, utility company smart readers use very little bandwidth, are not latency sensitive, and do not need mobility routing functions as they are in a fixed position attached to homes and do not move. This use case would require fewer network resources," Verizon explained earlier this year. "Alternatively, massive multiplayer online gaming in a mobile environment would benefit from certain upload and download speeds and low latency to work effectively and provide players an immersive experience on a mobile device."

Slicing technology is available only in the standalone (SA) version of 5G, which features a core network capable of handling network slices. Verizon and other operators have been slowly deploying SA 5G.

In 2020, CISA said it would analyze 5G components for security risks. Last year, the agency published part of its results.

The new network slicing security document was expected, and it is just the latest from a government agency addressing 5G. Earlier this year, the US General Services Administration (GSA) published its "Acquisition Guidance for Procuring 5G Technology" to guide federal agencies on how to make use of the next-generation technology.

Related posts:

— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano