The National Institute of Standards and Technology expects to launch the 5G network it will use to demonstrate security functions to agencies within two months, according to IT security specialist Mike Bartock.
Dubbed the 5G Cybersecurity Project, the effort will ultimately yield a reference architecture for enabling security functions unaddressed by the 3rd Generation Partnership Project’s internationally recognized standards for mobile telecommunications.
“We can show how a network provider could build out this trusted and secure infrastructure, as well as demonstrate to people who consume the 5G networks what sort of optional features they can ask for their providers to turn on,” Bartock said, during the ATARC and FMG Mobile Breakfast Summit on Tuesday. “They can leverage them to make sure that, once their phone connects to the network, they know the security that the whole network is providing.”
NCCoE intends for the 5G network to build agencies’ trust in the underlying infrastructure — which lends itself to cloud technologies like virtualization and containerization — down to the radio access network, he added.
The reference architecture will not only document the network’s design and architecture but map it to the NIST Cyber Framework, 800-53 Controls and relevant telecom standards to help agencies validate their level of security. Mitigations the NCCoE is trying to achieve will be included.
NCCoE is using a hardware root of trust to measure the boot times of all servers that make up the data center, so it can create an allowed list of those still in a trusted state within the environment. That list can be extended to a network function orchestrator, which controls the servers those functions run on.
Additional use cases will be added to the reference architecture in the future like secure slicing, where an agency requests its own 5G network slice — separating traffic from the general offering and customizing security features, Bartock said.
Industry partners participating in the 5G Cybersecurity Project include hardware vendors like Dell, Intel and AMI; telecom vendors like Nokia, AT&T and T-Mobile; and network security vendors like Palo Alto Networks and Cisco.