5G Cybersecurity (Preliminary Draft)

Bartock, Michael; Cichonski, Jeffrey; Souppaya, Murugiah; Scarfone, Karen

SP 1800-33 (Draft)

5G Cybersecurity (Preliminary Draft)

Date Published: February 2021
Comments Due: March 4, 2021 (public comment period is CLOSED)
Email Questions to: 5G-security@nist.gov

Author(s)

Michael Bartock (NIST), Jeffrey Cichonski (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a preliminary draft—the first of three volumes of an upcoming practice guide on 5G cybersecurity. This practice guide can benefit organizations operating or using 5G networks, as well as network operators and equipment vendors, and may be of particular interest to the telecommunications and public safety communities. By releasing each volume of the practice guide as a preliminary draft, we can share the progress made to date, use the feedback received to shape future volumes of the practice guide, and feature the latest 5G technologies and practices that organizations can use as they transition to 5G.

Abstract

Fifth generation technology for broadband cellular networks – or 5G will significantly improve how humans and machines communicate, operate, and interact in the physical and virtual world. 5G brings with it increased bandwidth and capacity, and low latency, which will benefit organizations in all sectors as well as home consumers. As 5G rolls out, cybersecurity professionals are focused on safeguarding this new technology while 5G development, deployment, and usage are still evolving.

This project, which is currently in an early stage of designing and building a solution, will demonstrate how operators and users of 5G networks can mitigate 5G cybersecurity risks. This is accomplished by strengthening the system’s architectural components, providing a secure cloud-based supporting infrastructure, and enabling the security features introduced in the 5G standards. These measures support common use cases and meet industry sectors’ recommended cybersecurity practices and compliance requirements. As the project progresses, this preliminary draft will be updated, and additional volumes will also be released for comment.