The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released the first of a series of guidance documents on securing 5G cloud infrastructure on Thursday.
The Enduring Security Framework (ESF) is a public-private cooperation involving the National Security Agency, the Central Intelligence Agency, the Defense Department, the intelligence community, and IT, communications, and defence industrial base corporations.
The first of a four-part series on securing 5G clouds focuses on lateral movement prevention and detection.
For agility, reliability, and scalability, 5G networks rely on cloud infrastructures. These networks must be secure because they will be a tempting target for threat actors attempting to disrupt operations or steal data.
The usage of common physical infrastructure by many mobile network carriers poses a substantial security risk. Cloud providers and mobile operators will need to share security duties, according to CISA and the NSA, with operators being responsible for securing their cloud tenancy.
While defending the perimeter is critical, the agencies also stressed the importance of having mechanisms in place to limit lateral movement in the event that threat actors break the perimeter.
Implementing secure identity and access management, keeping 5G cloud software updated to ensure it is not affected by known vulnerabilities, securely configuring networking, locking down communications among isolated network functions, monitoring systems for signs of lateral movement, and developing and deploying analytics to detect the presence of sophisticated threat actors are all recommendations for limiting lateral movement in 5G cloud networks.
While the majority of these suggestions are aimed towards cloud providers and mobile network operators, several do apply to customers as well.
The last three sections of this guide will concentrate on isolating network resources, securing data at all stages of its lifecycle (transport, use, and rest), and assuring infrastructure integrity.
“This series highlights the national security benefits emerging from the combined work of ESF professionals from CISA, NSA, and business,” said Rob Joyce, the National Security Agency’s cybersecurity director. “By following this guidance, service providers and system integrators that construct and configure 5G cloud infrastructures will help to improve cybersecurity for our country.”