Security News > 2021 > October > NSA and CISA share guidance on securing 5G cloud infrastructure
CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.
The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.
The guidance, released as a four-part series, builds on a white paper released in May 2021 by the Enduring Security Framework following the 5G study group, which explored potential threat vectors and vulnerabilities inherent to 5G networks.
Additional info on potential threat vectors to 5G infrastructure can be found in this whitepaper released by CISA, in coordination with the NSA, and the Office of the Director of National Intelligence, as part of the ESF cross-sector public-private working group in May. The whitepaper provides an overview of 5G threat vectors and detailed information on policy and standards threat scenarios, supply chain threat scenarios, and 5G systems architecture threat scenarios.
The 5G security risk assessment report highlights the hazards behind using a single equipment supplier, with the shortage of equipment and 5G solutions diversity greatly extending the overall vulnerability of 5G infrastructure if a large number of operators use equipment from suppliers presenting a high degree of risk.
Security challenges linked to5G networks are also associated with connections between networks and third-party systems, as well as to the increased access third-party suppliers will have to nations' 5G networks.