U.S. government proposals spell out 5G security advancements

A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.

Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “ was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric Goldstein, executive assistant director for the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said. CISA and its partners from the U.S. Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) developed the evaluation process.

“The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies,” Goldstein said. “As the nation’s cyber defense agency, CISA views a repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations. Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.”

The goal of the evaluation process is to allow the federal government to better understand and prepare for the security and resilience of any 5G network deployment before. Specifically, the agencies seek to get ahead of the curve before any federal office conducts a security assessment to obtain authorization to operate (ATO).

A study group across CISA, the National Institute of Standards and Technology (NIST), and the MITRE Corporation was assembled to “investigate how 5G may introduce unique challenges to the traditional ATO process defined in security assessment processes and frameworks such as Risk Management Framework (RMF).”

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by torstensimon from Pixabay





Domestic 5G development at core of US communications security…

lead centered=”no”
New NTIA document outlines White House 5G security goals, which promote home-grown R&D and call for continuous risk assessment and management.

In late March, during the first phase of the coronavirus lockdown, the White House issued a little-noticed document entitled The National Strategy to Secure 5G of the United States, which articulates a “vision for America to lead the development, deployment, and management of secure and reliable 5G communications infrastructure worldwide, arm-in-arm with our closest partners and allies.” The document was the White House’s effort to comply with the Secure 5G and Beyond Act, which required the president to” develop a strategy to ensure the security of next generation mobile telecommunications systems and infrastructure in the United States.”

The Act also required the president to submit within 180 days an implementation plan developed in consultation with a host of government departments and agencies. In May, the Commerce Department’s National Telecommunications and Information Administration (NTIA) began a proceeding to receive comments on how it might implement the vision of the White House Strategy, with the comment period ending on June 25. Early this week, NTIA posted the comments it received from 80 organizations, corporations and interested individuals.

This article appeared in CSO Online. To read the rest of the article please visit here.