NIST is Building a 5G Network to Model Cybersecurity for Operators

The National Institute of Standards and Technology wants to know how it did building a standalone fifth-generation network using commercial-off-the shelf equipment to demonstrate security benefits and practices while using the cloud-based technology.  

The agency is seeking comment through June 27 on Draft Special Publication 1800-33B which describes how NIST addresses security in the emerging computing environments and is aimed at network operators. 

“We’d like to know if the guide accurately describes technical security capabilities and related threats and vulnerabilities,” Jeff Cichonski, a NIST information technology specialist and one of the publication’s authors, said in an April 26 press release. “One major goal is to assist organizations in understanding and managing the cybersecurity capabilities available in 5G and the supporting IT infrastructure, so we want the community to let us know what we can add to make the information more relevant to their organizations.” 

NIST said one of the reasons it expects the publication to be useful is because standards associations have focused more on security at the interface of 5G components, rather than on the components themselves, including the cloud infrastructure that it says is still new to many of its users.  

“As these features may be unfamiliar to some in the industry,” Cichonski said.

“The publication is designed to help clarify how the cloud-infrastructure-focused security capabilities can help secure a 5G network,” NIST said. 

NIST is also planning on publishing how-to-guides for replicating its secure network and “future phases of the project will include an expanded focus on security for 5G-specific use cases,” according to the draft.

“One advantage of 5G will be greater customization of a network to fit its purpose,” the press release reads. “A large company might want its own 5G network for communication at its headquarters building, while a hospital might want one to enable telemedicine. These different use cases might well have varied cybersecurity demands that the network can be configured to provide appropriately—by activating some available security features rather than others, for example.”

Comments submitted to NIST may be used to adjust the agency’s model network and there will be at least one more chance to comment before the document is final. The draft publication is also serving as a call for patent claims in association with a Cooperative Research and Development Agreement the partners have entered into. 

Companies involved in building the network responded with their capabilities to a notice in the Federal Register. They include AT&T, T-Mobile, Cisco, Nokia, Dell, Intel and Palo Alto Networks.