NSA, CISA Identify Potential Cybersecurity Threats to 5G Network Slicing

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) have published Potential Threats to 5G Network Slicing, under the Enduring Security Framework (ESF) cross-sector working group. The guidance addresses both the benefits and security risks associated with 5G network slicing.

As defined within the publication, “A network slice is an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs. Although multiple network slices run on a single physical network, network slice users are authenticated for only one network area, enabling data and security isolation.”

The new guidance relates to at least two of the four lines of effort withing the National Strategy to Secure 5G Implementation Plan which provides a roadmap for 5G innovation while also maintaining security, namely “assessing risks to and identifying core security principles of 5G infrastructure” and “addressing risks to U.S. security in the development of 5G infrastructure.”

The latest publication builds upon the work previously published by the ESF on potential cybersecurity threats to 5G infrastructure, in which the working group identified potential threat vectors to 5G infrastructure spanning three areas: policy and standards, supply chain and system architecture. This new guidance on 5G infrastructure security focuses on the systems architecture element, which is central to addressing threats to network slicing.

5G Network Slicing Risks and Mitigations

According to the working group, the challenges and risks associated with properly developing and implementing network slicing include added network complexity, difficulty managing slices and a lack of clear security specifications for network slicing. The result is the risk that ineffective network slice management may allow malicious actors to access data from different network slices or deny access to prioritized/privileged users.

Within the new guidance the ESF identified 20 network slicing threat vectors and assigned security risk relativity assessments of high, medium, and low for each vector.

Among the 20 threat vectors that were identified, the following three were assessed as having a high level of relativity to network slicing:

• Denial-of-service (DoS) attacks – primarily impact the availability of a network slice, causing communication services to be severely compromised or unavailable
• Man-in-the-Middle (MitM) attacks – an adversary relays and possibly alters the communications between two endpoints, impacting the confidentiality, integrity, and availability of a network slice
• Configuration attacks – when malicious actors exploit configured system controls, including disabling security features or system monitoring services

In addition, Network Function Virtualization (NFV) is another aspect of network slicing that presents increased potential risks because virtualized architectures may increase attack surfaces, complicate monitoring of malicious network traffic, and allow cross-slice access compromises.

To address the risks associated with 5G network slicing the guidance suggests 5G providers adopt more advanced mitigation approaches, such as Zero Trust Architectures (ZTA), Multi-Layer Security (MLS), Cross-Domain Solutions (CDS), Post-Quantum Cryptography (PQC) and Isolation to ensure confidentiality, integrity, and availability for 5G network slicing protection. Several of these approaches are central tenants to the 2021 White House Cybersecurity Executive Order 14028 and subsequent related policy directives, especially around Zero Trust Architectures.

Implications

Threats to 5G network slicing instances have implications for numerous mobile applications, including autonomous vehicles, as the ESF guidance notes. Further, efforts to expand and improve federal agency Customer Experience (CX) capabilities are largely focused on mobile digital services for citizens, so care must be exercised in the development and deployment of these capabilities to ensure security and privacy are maintained. An increasingly dispersed federal workforce leveraging greater mobile capabilities is pushing demand in areas of identity, credentialing, end-user protections and remote management competencies.

All these trends will drive the need for diligence among 5G network services providers and mobility solution developers and integrators as they provide 5G capabilities to their federal customers. The latest ESF guidance provides an opportunity for solutions providers to review and bolster the cybersecurity of their offerings.