The U.S. Cybersecurity and Infrastructure Agency along with the National Security Agency and Office of the Director of National Intelligence has published a research paper on the potential risks and vulnerabilities associated with 5G networks.
The paper comes after the Trump Administration in March 2020 developed the National Strategy to Secure 5G, which details how the U.S. government will secure 5G domestically and abroad, spurring CISA and other agencies to assess the security of 5G infrastructure and create the 5G Threat Model Working Panel, which developed the paper.
According to the agencies, the paper represents the beginning of the working panel’s work.
The fifth-generation (5G) of wireless technology represents a complete transformation of telecommunication networks, introducing a vast array of new connections, capabilities, and services. These advancements will provide the connection for billions of devices and will pave the way for applications that will enable new innovation, new markets, and economic growth around the world. However, these developments also introduce significant risks that threaten national security, economic security, and impact other national and global interests. Given these threats, 5G networks will be an attractive target for criminals and foreign adversaries to exploit for valuable information and intelligence.
The paper includes an aggregated list of known and potential threats to 5G networks and identifies three threat vector areas: policy and standards, supply chain and 5G systems architecture.
Along with those initial threat vectors are sub-threat vectors that include open standards, optional controls, counterfeit components, inherited components, software and configuration, network security, network slicing, legacy communications infrastructure, multi-access edge computing, spectrum sharing and software defined networking.
The paper also details threat scenarios for each, including nation-state influence on 5G standards, optional 5G security control implantation across a university campus, implementation of counterfeit components, unintentional adoption of untrusted components, inherited vulnerabilities from older networks and firmware vulnerabilities within the multi-access edge compute.
Read the paper for more information.