The National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), published an analysis paper today which identifies and assesses risks and vulnerabilities introduced by 5G adoption. The Potential Threat Vectors to 5G Infrastructure analysis paper informs national 5G stakeholders of these issues to develop a comprehensive approach to solutions.
The analysis paper examined three major threat vectors in 5G: standards, the supply chain, and threats to systems architecture. It includes an aggregated list of known and potential threats to the 5G environment, sample scenarios of where 5G may be adopted, and assessed risks to 5G core technologies. This initial analysis of risks is a result of the partnership and unique expertise from the NSA, ODNI, and CISA, as well as industry representatives from the information technology, communications, and Defense Industrial Base sectors. These experts comprise the Enduring Security Framework (ESF), a cross-sector working group that operates under the auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) to address threats and risks to the security and stability of U.S. national security systems.
The National Strategy to Secure 5G included an initiative directing ESF to assess the cybersecurity risks and identify core security principles of 5G capabilities and infrastructure. As part of this effort, the ESF sought to explore and prioritize potential threat vectors that may be associated with the use of 5G non-standalone networks and established a 5G Threat Model Working Panel. The 5G Threat Model Working Panel developed this paper from the considerable amount of unclassified analysis that already exists on this topic, to include public and private research and analysis.
Defense Industrial Base companies can request more information by contacting the NSA Cybersecurity Collaboration Center firstname.lastname@example.org. Federal partners should contact NSAESF@cyber.nsa.gov.