U.S. government proposals spell out 5G security advancements

A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.

Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “ was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric Goldstein, executive assistant director for the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said. CISA and its partners from the U.S. Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) developed the evaluation process.

“The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies,” Goldstein said. “As the nation’s cyber defense agency, CISA views a repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations. Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.”

The goal of the evaluation process is to allow the federal government to better understand and prepare for the security and resilience of any 5G network deployment before. Specifically, the agencies seek to get ahead of the curve before any federal office conducts a security assessment to obtain authorization to operate (ATO).

A study group across CISA, the National Institute of Standards and Technology (NIST), and the MITRE Corporation was assembled to “investigate how 5G may introduce unique challenges to the traditional ATO process defined in security assessment processes and frameworks such as Risk Management Framework (RMF).”

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by torstensimon from Pixabay