Hi All,
The NSA just published POTENTIAL THREAT VECTORS TO 5G INFRASTRUCTURE.
The fifth-generation (5G) of wireless technology represents a complete transformation of telecommunication
networks, introducing a vast array of new connections, capabilities, and services. These advancements will provide
the connection for billions of devices and will pave the way for applications that will enable new innovation, new
markets, and economic growth around the world. However, these developments also introduce significant risks that
threaten national security, economic security, and impact other national and global interests. Given these threats,
5G networks will be an attractive target for criminals and foreign adversaries to exploit for valuable information and
intelligence.
To address these concerns, the United States National Telecommunications and Information Administration (NTIA)
developed the National Strategy to Secure 5G, a strategic document that expands on how the United States
The government will secure 5G infrastructure domestically and abroad. The National Strategy to Secure 5G aligns to
the National Cyber Strategy and establishes four lines of effort: (1) facilitating the rollout of 5G domestically; (2)
assessing the cybersecurity risks to and identifying core security principles of 5G capabilities and infrastructure;
(3) addressing risks to United States economic and national security during development and deployment of 5G
infrastructure worldwide; and (4) promoting responsible global development and deployment of secure and reliable
5G infrastructure.
In alignment with Line of Effort 2 in the National Strategy to Secure 5G, the Enduring Security Framework (ESF) was
identified to assist with assessing risks and vulnerabilities to 5G infrastructure. This included building on existing
capabilities in assessing and managing supply chain risk. As a result, the ESF 5G Threat Model Working Panel was
established.1
The preliminary focus of the 5G Threat Model Working Panel was to explore and prioritize potential threat vectors
that may be associated with the use of 5G non-standalone (NSA) networks. The working panel reviewed existing
bodies of work to identify and generate an aggregated list of known and potential threats to the 5G environment,
determined and developed sample scenarios of where 5G may be adopted, and assessed risks to 5G core
technologies. This analysis paper represents the beginning of the Working Panel's thinking on the types of risks
introduced by 5G adoption in the United States, and not the culmination of it. This product is not an exhaustive risk
summary or technical review of attack methodologies and is derived from the considerable amount of analysis that
already exists on this topic, including public and private research and analysis
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------