ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing

Enduring Security Framework (ESF) partners the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published an assessment of 5G network slicing. ESF, a public-private cross-sector working group led by NSA and CISA, identifies three keys for keeping this emerging technology secure: Security Consideration for Design, Deployment, and Maintenance.

“This document marks an initial stride in capturing the current, but evolving, landscape of network slicing, and serves as a catalyst for initiating meaningful conversations surrounding the potential use cases for network slicing,” said Lauren Wyble, Technical Director for Network Infrastructure Security at NSA.

5G is a fifth-generation technology standard for broadband cellular networks; it can provide increased data download and upload speeds, lower latency, and allow more devices to connect to the internet at the same time. 5G network slicing is a network architecture which allows mobile service providers to divide their network up into several independent ones in order to create specific virtual networks that cater to different clients and use cases. Today’s release builds upon threat and security considerations previously published by the ESF.

The assessment intends to provide an informed methodology and a mutual understanding with industry for “federal departments and agencies (inclusive of the DoD)” to design, deploy, operate, and maintain “secure network slicing” across private, hybrid, and public networks.

This paper introduces 5G stakeholders to the benefits associated with network slicing, assesses 5G network slicing threat vectors, presents guidance in line with industry best practices, and identifies perceived risks and management strategies that may address those risks.

Although all 5G network stakeholders can benefit from this guidance, the threat and security considerations discussed in this assessment are intended for mobile service providers, hardware manufacturers, software developers, and system integrators that design, deploy, operate, or maintain 5G networks. This document aims to foster communication among these parties, and between them and network slice customers. See the other documents in the ESF 5G series below:

- Potential Threats to 5G Network Slicing
- Potential Threat Vectors to 5G Infrastructure
- Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement (Part I)
- Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources (Part II)
- Security Guidance for 5G Cloud Infrastructures: Data Protection (Part III)
- Security Guidance for 5G Cloud Infrastructures: Ensure Integrity of Cloud Infrastructure (Part IV)
- Open Radio Access Network Security Considerations

ITU Emergency Telecom Roster helps restore connectivity after hurricane hits Nicaragua

A powerful tropical hurricane ripped across Nicaragua earlier this month, with torrential rains triggering life-threatening flash floods and mudslides across the Central American country.

The Category 1 storm forced 13,000 people to evacuate to shelters, according to some reports – many with only the clothes on their backs.

“The river rose one metre in ten minutes,” according to eyewitness José Domingo Enríquez of the interior town El Rama, one of the worst-affected. “It was clear the flood was coming fast, and we had to find a way to evacuate.”

Critical electricity and telecommunications services were cut shortly after the storm made landfall, leaving a million people in the dark and worried about their loved ones’ safety.

Emergency Telecom Roster deploys

To help close connectivity gaps and bolster disaster response efforts in some of the country’s hardest-hit areas, two members of ITU’s Emergency Telecommunications Roster (ETR), a group of staff volunteers from across the organization, were deployed to Nicaragua.

Their mission – the first since the roster was created – was two-fold: deliver 10 Iridium satellite phones and 10 Inmarsat Broadband Global Area Network (BGAN) terminals to help restore connectivity as soon as possible, and to provide training for local teams to use the equipment.

ITU will typically deploy equipment upon request from an ITU Member State following a natural hazard, after which the team aims to respond within 24 to 48 hours.

In Nicaragua’s case, the request came via the telecom regulator, TELCOR, and SINAPRED, the country’s national disaster management agency.

Once on the ground, roster members Mario Castro Grande and Hani Alser met with government officials to deliver the equipment, train Telcor and SINAPRED responders, and assess the damage.

According to Alser, local officials were extremely welcoming and highly appreciative of both the equipment and the expertise provided.

“Having at least one technical person and another that can communicate in the local language and knows the customs is key to a successful ETR mission,” added Castro Grande.

Beyond bringing equipment

Delivering critical emergency telecom equipment is only part of ITU’s work in this domain.

The UN agency for information and communication technologies (ICTs) also supports the development and implementation of National Emergency Telecommunication Plans (NETP) among other regulatory and legal disaster preparedness frameworks.

“Nicaragua had a draft NETP back in 2014, but apparently it was shelved,” explained Castro Grande. “Our mission also served as a timely reminder that they should look at it again, with the objective of finalizing it.”

The ITU team also urged national authorities to implement an early warning system. This was another aspect of the mission, said Castro Grande. “We offered some information on appropriate available systems for developing countries, such as cell broadcasting, and informed them on legislative models they could look at.”

The ability of cell broadcast technology to push messages without being affected by traffic load makes it useful during emergencies when data traffic spikes, and regular SMS and voice calls tend to congest mobile networks.

“About 95 per cent of the global population is covered by a broadband network, with 5.7 billion mobile subscriptions, meaning at least 70 per cent of the world is connected,” Castro Grande pointed out. “Cell broadcasting technology should be used to its fullest potential to warn people ahead of disaster.”

Earlier this year, Secretary-General Antonio Guterres announced the United Nations would “spearhead new action to ensure every person on Earth is protected by early warning systems within five years.” ITU is supporting this initiative, which is led by the World Meteorological Organization (WMO).

Emergency telecommunications preparedness: Return on investments model

In a world increasingly characterized by uncertainty, emergency preparedness is a powerful way to improve the capacity of communities and countries to withstand disasters. Investment in emergency preparedness builds resilience, thereby limiting the loss of life and protecting infrastructure.

The Emergency Telecommunications Cluster (ETC) has developed a model to assess the benefits of investment in emergency telecommunications preparedness. This will build a pool of evidence to promote preparedness, ultimately encouraging stakeholders to build disaster-resilient telecommunications in high-risk countries across the globe.

The new Return on Investment (ROI) model aims to quantify and qualify the benefits of investments in emergency telecommunications preparedness. It can be used by all humanitarian partners engaged in emergency telecommunications preparedness. It is built on the practical emergency preparedness expertise and experiences of the ETC in different countries.