Saturday, January 29, 2022
Home5GIt's Zero Hour for Zero Trust

It’s Zero Hour for Zero Trust

PRIVATE SECTOR PERSPECTIVE – Fifth generation (5G) mobile technology will completely transform global telecommunications networks. Billions of additional devices, sensors and systems will be connected around the world. Downloads will be much faster, latency will be much lower, and the ability to connect more devices to the network will skyrocket. Despite all of its performance advantages, 5G will sharply expand the country’s cyberattack surface, a potential boon to US adversaries. Recently released federal guidelines could help cloud providers and mobile network operators manage emerging risks. The first step is to adopt a cutting-edge cybersecurity mindset: zero hours for zero trust.


Dr Kristopher Hall is Senior Technologist at Booz Allen Hamilton, where he leads 5G security efforts. He has over 23 years of experience in software development, cybersecurity and telecommunications, with a particular focus on mobile networks.

Matthew Edwards is a Chief Technologist at Booz Allen Hamilton where he works on 5G security efforts as a Vulnerability Analyst, researching 5G protocols and security vulnerabilities. He has over 11 years of experience in data analytics, scripting, cybersecurity, and telecommunications systems.

The zero trust model continually challenges the principle that users, devices, and network components deserve to be trusted just because they are on the network. Zero trust is based on three basic principles: assume a violation; never trust, always verify; and allow only the least privileged access depending on contextual factors. This state of mind is mandated by the federal government in Executive Decree 14028. In addition, it is woven throughout the new 5G cloud cybersecurity guide of the Cybersecurity and Infrastructure Security Agency and the National Security Agency.

The CISA / NSA guide provides practical advice for service providers and system integrators who build and configure 5G cloud infrastructures. For example, the four-part series covers prevention and detection lateral movement—Detect threats in 5G clouds and prevent adversaries from using compromised cloud resource to compromise an entire network. It also covers secure insulation network resources, including securing the container stack that supports running virtual network functions (VNFs).

Additionally, organizations looking to instill a zero trust mentality in 5G cloud endpoints and growing multi-cloud environments should take advantage of existing information and tools. One example is a new report, released by our company, Booz Allen, Building Mission-Driven 5G Security with Zero Trust, which explains the pillars of zero trust and how to use them, along with governance, to understand strengths and gaps in current capabilities and to design action plans for improved security. The CISA / NSA guidelines and report are based in part on recommendations from the federal government. published assessment of 5G threat vectors.

Embracing zero trust for 5G is an ongoing process. Here are four complementary steps organizations can use on an ongoing basis to achieve zero trust for 5G:

  1. Diagnose: It starts by taking stock of your current capabilities, assessing their maturity and effectiveness against the threats you face, and identifying critical gaps.
  2. Design: Armed with a threat-centric understanding of where you are, set a target for where you need to be to reduce risk and use that target to align your zero trust strategy and roadmap.
  3. Develop: Support strategies with zero-trust technical architecture and designs, and use vendor assessments to identify solutions that are right for your needs.
  4. Deploy: Operationalize your design by configuring and integrating solutions that bridge the critical gaps between the pillars of zero trust.

In addition, operators of 5G ecosystems need holistic security that includes zero trust architecture, 5G development, security and operations (DevSecOps) and 5G workforce, as well as vulnerability scanning. and integrated security.

Certainly, no document provides a total solution for zero trust in 5G. Even the CISA / NSA guide notes that it does not provide a complete model, but it also points out that best practices can lead to significant progress.

With a zero trust mindset, the national security community and the private sector can protect highly connected devices and network access methods. We can prepare today to secure emerging 5G compatible capabilities. It’s time for organizations to take stock of their challenges and risks and chart a course towards zero trust for 5G.

Join the new cyber ecosystem of experts across disciplines as we help better understand cyber and technology for national security and business security. To subscribe to The Cyber ​​Initiatives Group (CIG), today. Booz Allen is a knowledge partner and sponsor of the IGC.




Please enter your comment!
Please enter your name here

Most Popular

Recent Comments