Updated on 2022-12-15: 5G network slicing guidance
CISA and the NSA have released new guidance this week for 5G network operators as part of a larger series they started earlier this week. This new one [PDF] touches on how mobile networks can best set up and defend 5G networks that have been split into smaller parts—an architecture known as 5G network slicing.
Updated on 2022-12-14
The NSA, the CISA, and the ODNI issued a joint report highlighting the potential threats and risks associated with 5G network slicing implementations and offering mitigation strategies. Read more: NSA shares tips on mitigating 5G network slicing threats
Overview: 5G Network Slicing Security Risks Report
The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) have published a joint report on potential threats to 5G network slicing. According to the report, “a network slice is an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs. Although multiple network slices run on a single physical network, network slice users are authenticated for only one network area, enabling data and security isolation.”
Note
- In essence, VLANs/SDN for 5G. (And so much more.) The biggest identified risks are DOS, MITM and configuration attacks. So, controls need to be there, only allow the devices/services intended, and not leak data. If you’ve ever configured devices or offices connected by cellular service, this virtualization raises the bar on isolating your traffic, with increased bandwidth, with flexibility and affordability we never saw with leased lines. If you’re going down this path, ask your provider how they are responding to the identified risks and how they verify they are mitigated.
- Every shared media network technology (including satellite and fiber) has had this same sort of vulnerability, where isolation was in the specifications but the early implementations, not so much. State actors used to find and exploit these vulnerabilities for long periods of time, so it is good to see NSA putting a warning out vs. hoarding the information. But, this is not just a 5G issue, which seems to have been politicized. Make sure any plans to reduce communications costs include validated security in the evaluation process.
- This is mischaracterized as a threat; threats have both sources and rates, not potential. Rather it is a risk. Slices are analogous to connections in POTS and VPNs in the Internet. Those who set up and rely upon these routes should exercise due caution.
Read more in
