The National Cybersecurity Center of Excellence within the National Institute of Standards and Technology is soliciting public comments on a draft of its initial recommendations providing guidance on securing 5G networks.
NCCoE is developing the 5G Cybersecurity Practice Guide in collaboration with communications and cybersecurity partners, NIST said Tuesday. The deadline for submitting comments on the guidance draft is on April 15.
The center’s initial recommendations are contained in a 10-page draft executive summary with two key proposed guidance based on the center’s observations using NIST’s testbed on current 5G standards and cybersecurity practices.
Communication systems developer COMSovereign is one of the institute’s 5G cybersecurity guide-setting partners under a 2021 cooperative research and development agreement.
Cloud Technology Stacks’ Design
The first recommendation in the draft guide focuses on integrating cybersecurity and privacy principles in 5G systems’ cloud technology stacks. One approach the draft cited is the inclusion of trustworthy design elements to help ensure configuration integrity in the stacks’ hardware, firmware and software. Such safeguards in support infrastructure will help ensure 5G networks’ protection against advanced cyberattacks, according to the NCCoE document.
The second recommendation in the center’s draft guidance calls for enabling cybersecurity and privacy capabilities specified under the 3rd Generation Partnership Project established in 1998 for 3G mobile standards development. Regardless of variations in their technical implementation, all 5G networks have many cybersecurity and privacy protection features available to users, NIST noted.
The institute said NCCoE is documenting a second NIST Cybersecurity Practice Guide Volume B for additional 5G guidance. A white paper series is also in the pipeline for further details on 5G cybersecurity and privacy capabilities, NIST added.
