Key federal agencies have released the first in a series of reports detailing their expectations for providers of fifth-generation networking equipment and services which they see increasingly serving as a vector for cyberattacks if theyre not properly secured.
Addressing cloud providers and mobile operators, the National Security Agency and theCybersecurity and Infrastructure Security Agency said, 5G networks should assign unique identities to all elements (and preferably to each interface) that will communicate to other elements in the 5G network, for example.
The report released Thursday focuses on preventing and detecting lateral movement so that if one cloud resource is affected the entire network doesnt become compromised. Lateral movement has been a major concern amid recent attacks including those by the hackers believed to be behind SolarWinds.
Fifth-generation networking is inherently cloud-based and the recommended mitigations go far beyond the implementation of multifactor authentication to validate user identity. As the SolarWinds hackers demonstrated, emerging network architectures presented ways to bypass MFA.
5G cloud deployments will introduce more opportunities to move laterally in this manner because they support new implementations such as Service-Based Architecture (SBA), containers, and [virtual machines] that result in more element-to-element communications than in previous networks that utilized physical appliances and point-to-point interfaces, the report reads.
But overcoming confusion around the shared responsibility model for cloud security has been part of the challenge. Cloud providers and mobile network operators may share security responsibilities in a manner that requires the operators to take responsibility to secure their tenancy in the cloud, as the report puts it.
The report emerged from the Enduring Security Framework, which is a Critical Infrastructure Partnership Advisory Council on threats and risks to national security systems. CIPACs are groups organized at the Department of Homeland Security to bring government and industry representatives together under exemption from the Federal Advisory Committee Act, which requires providing the opportunity for public participation and reporting.
The administration has been emphasizing an evolving public-private partnership, particularly through the Joint Cybersecurity Defense Collaborative at CISA. Many of the plank-bearing companies of the JCDCcloud providers like Microsoft and mobile operators like Verizonare the ones that the recommendations in the report series will apply to.
The report is the first of four the Enduring Security Framework group plans to publish on the issue after hosting two months of study sessions this summer with relevant representatives from government and industry. The next installment will focus on securely isolating network resources and the third and fourth will address data protectionin transit, in use and at restand infrastructure integrity, respectively.
Together the publications aim to document 5G cloud security challenges, threats, and potential mitigations, to include guidance, standards, and analytics, according to the first report which includes recommendations for service providers and the system integrators building and configuring 5G cloud infrastructures, as well as the customers such as government agencies. Throughout the series the reports will specify whether recommendations are meant for core network equipment vendors, cloud service providers, mobile network operators or integrators, which the study group said should provide a layered approach to building hardened 5G cloud deployments.
This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry, NSA Cybersecurity Director Rob Joyce said in a press release Thursday. Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.
- Rebranded Ransomware Group Sabbath Hitting Hospitals and Schools - JD Supra - December 3rd, 2021
- This 10TB cloud storage is cheaper than buying a Starbucks but it ends today - TechRadar - December 3rd, 2021
- Crypto Promoter Charged With Scamming Investors Out of Millions | Chief Investment Officer - Chief Investment Officer - December 3rd, 2021
- Coevolve announces important new hires and expansion in the European market - EnterpriseTalk - December 3rd, 2021
- Top trends in tech transformation - Lexology - December 3rd, 2021
- Verint Announces Strong Third Quarter Results, Raises Guidance and Three-Year Targets - marketscreener.com - December 3rd, 2021
- Network monitoring makes the cloud Connection | Daily News - IBC365 - December 2nd, 2021
- Let's Talk About IT Ep. 23 The Transformation of the DOD in the Cloud - FedScoop - December 2nd, 2021
- Key features of the newly launched Virto Commerce Cloud - AppleMagazine - December 2nd, 2021
- Cloudbazaar 2021 Brings Together Internet Leaders To Discuss The Future Of E-commerce - Yahoo Finance - December 2nd, 2021
- gotomyerp Co-founder And CEO, Robert Eppele, Has Been Named One of the 10 Best Inspiring Leaders of the Year 2021 by CIO Bulletin - PR Web - December 2nd, 2021
- Brighton and Hove News Brighton tech business wins national award - Brighton and Hove News - December 2nd, 2021
- Qatar among the biggest adopters of cloud in region - The Peninsula - December 2nd, 2021
- Lost SEO traffic in 2021? Here are 3 potential reasons why (and how to recover your rankings heading into 2022) - Search Engine Land - December 2nd, 2021
- $3.98 for 10TB online is what the best Cyber Monday cloud storage costs and it's exclusive to TechRadar - TechRadar - December 2nd, 2021
- Explore cloud-native vs. cloud-based vs. cloud-enabled apps - TechTarget - November 28th, 2021
- Clevelands vision for Blockland has stalled. Could Northeast Ohio still be a hub for blockchain? - cleveland.com - November 28th, 2021
- gotomyerp Has Been Listed As One Of The Top 50 Best Companies Of 2021 By The CEO Views - Longview News-Journal - November 28th, 2021
- Lumberjacks honor McPhail with jersey retirement - and 15th-straight win - St. Cloud Times - November 28th, 2021
- Accenture to Drive Organon's ERP Transformation with SAP on AWS - Inside SAP Magazine - November 28th, 2021
- FlashDrive Automates The Process Of Hosting Apps for Businesses in A Revolutionary Way - Yahoo Finance - November 24th, 2021
- The cloud complexity storm & changing organizational dynamics of IT Highlights from VotE: Cloud, Hosting & Managed Services - S&P Global - November 24th, 2021
- Adobe : How to send documents and information with enhanced security - marketscreener.com - November 24th, 2021
- Axtria to Lead Several Events on the Future of Digital Transformation, Product Design, and Product Leadership Opportunities for Women at NASSCOM... - November 24th, 2021
- HEALTHCARE TRIANGLE, INC. Management's discussion and analysis of financial condition and results of operations. (form 10-Q) - marketscreener.com - November 24th, 2021
- Great Tips For Web Optimization That Can Also Help In Mobile Application Development - WhaTech - WhaTech - November 24th, 2021
- Udacity to host international STEM Forward with Women conference featuring industry leaders from Microsoft, Saudi Telecom, HSBC, Sky, KPMG & more... - November 24th, 2021
- How to Preserve and Share Grandma's Recipes - WIRED - November 24th, 2021
- Google Cloud partially fixes load balancer SNAFU that hit Discord, Spotify, others today - The Register - November 20th, 2021
- TI will splash out up to $30B on wafer fabs - The Register - November 20th, 2021
- Intel audio drivers give Windows 11 the blues and Microsoft Installer borked following security update - The Register - November 20th, 2021
- Ubuntu desktop team teases 'proof of concept' systemd on Windows Subsystem for Linux - The Register - November 20th, 2021
- Netlify acquires OneGraph: One API to rule them all? - The Register - November 20th, 2021
- Boffins find way to use a standard smartphone to find hidden spy cams - The Register - November 20th, 2021
- Thousands of Firefox users accidentally commit login cookies on GitHub - The Register - November 20th, 2021
- America, when you're done hitting us with the ban hammer, see these on-prem Zoom vulns, says Positive - The Register - November 20th, 2021
- VMware pulls vSphere update that only made things worse - The Register - November 20th, 2021
- Everything but the catch: '90s pop act or a successful mission for Rocket Lab? - The Register - November 20th, 2021
- Ready, player anyone? China's gaming ban left cloud providers looking for someone to play with - The Register - November 20th, 2021
- Riverbed Technologies files for Chapter 11 bankruptcy protection following pandemic 'headwinds' - The Register - November 20th, 2021
- AWS adds Linux app streaming alongside Windows to 'greatly lower' cost - The Register - November 20th, 2021
- Korea gives Google and Apple another kick for requiring their own payment systems - The Register - November 20th, 2021
- Citrix initiates 'Restructuring Program' jobs and facilities to go - The Register - November 20th, 2021
- MediaTek's flagship 5G chip for top-of-the-line Android smartphones is coming right up - The Register - November 20th, 2021
- Is mass cloud adoption going to last forever, or is it just a phase? - ITProPortal - November 20th, 2021
- 'We are not people to Mark Zuckerberg, we are the product' rages Ohio's Attorney General in Facebook lawsuit - The Register - November 20th, 2021
- The Rust Foundation gets ready to Rumbul (we're sure new CEO has never, ever heard that joke before) - The Register - November 20th, 2021
- Sage Sessions X3 kicks off in Orlando with focus on empowering customers and partners to thrive - Yahoo Finance - November 15th, 2021
- Telenor taps Google Clouds AI and analytics expertise to target a bigger slice of the digital transformation market - TelecomTV - November 15th, 2021
- New Apprenticeship Hosting Webinar As Part of National Apprenticeship Week To Help Address Tech Talent Gap - Yahoo Finance - November 15th, 2021
- Cybersecurity and OWASP in an Increasingly Digital World - tripwire.com - November 15th, 2021
- Successful CEO Guru Releases New Spin on Business Leadership and Audios of His Entrepreneur How-To Guide and Savvy Disruptive Tech Prediction Books -... - November 15th, 2021
- Domopalooza Returns to Salt Lake City Focusing on Future of Business and Data - Business Wire - November 15th, 2021
- During this pre-Black Friday sale, get an additional 15% off domain names and lifetime web hosting deals - ZDNet - November 8th, 2021
- Valeo Networks Acquires On Time Tech, Further Accelerating National Growth Strategy - PRNewswire - November 8th, 2021
- Huobi is migrating its spot trading business from Seychelles to Gibraltar - The Block Crypto - November 8th, 2021
- Outlook on the Cloud Hosting Service Market to 2026 by Application, End-user and Geography - Northwest Diamond Notes - November 8th, 2021
- Overview of the Different Types of Web Hosting - E/The Environmental Magazine - November 8th, 2021
- Microsoft bags major win over Amazon in cloud battle - TechRadar - November 8th, 2021
- 6 web hosting and domain deals on sale - Mashable - November 8th, 2021
- Managed Hybrid Cloud Hosting Market to Witness Rapid Growth by 2028 | Amazon Web Services (AWS), Microsoft, Tata Communications The Host - The Host - November 8th, 2021
- QuestDB snares $12M Series A with hosted version coming soon - TechCrunch - November 8th, 2021
- Using Open-Source Intelligence for Mergers and Acquisitions - Security Intelligence - November 8th, 2021
- Huawei might have to sell its server division following US sanctions - TechRadar - November 8th, 2021
- Bitdeer Group Showcases Diversity With New Filecoin Mining Option Press release Bitcoin News - Bitcoin News - November 8th, 2021
- Forget Windows 11 hardware requirements, Windows 365 is here to save the day - TechRadar - November 8th, 2021
- Teledata and Sudlows win New Design/Build Data Centre Project of the Year at Prestigious DCS Awards - Business Manchester - November 8th, 2021
- Linda Visnick: Observing the Business World with an Innovative Eye - Analytics Insight - November 8th, 2021
- Southeast Asia Web Hosting Services Market 2021 Size Strong Revenue and Competitive Outlook : Amazon Web Services, AT & T, Google, GoDaddy,... - November 8th, 2021
- Cloud computing in the public sector: a distant dream or the near future? - ComputerWeekly.com - November 1st, 2021
- "wasmCloud allows us to rethink the cloud as just a stop on the way" - JAXenter - November 1st, 2021
- Why should organizations look towards the power of hybrid cloud? - ITProPortal - November 1st, 2021
- How To Choose The Best Website Hosting Platform 2021? Film Daily - Film Daily - November 1st, 2021
- Firstsource Selects NICE WFM Cloud to Unlock the Power of Digital Transformation - Business Wire - November 1st, 2021
- Bare Metal Cloud Service Market Overview and Forecast Report 2021-2026 | Amazon Web Services, Bigstep, Dell Technologies, IBM, CenturyLink, Oracle,... - November 1st, 2021
- The Rise of BGP Hijacking and Why You Need a Response Plan Immediately - Entrepreneur - November 1st, 2021
- Debunking SASE myths: How it has helped productivity - TechRadar - November 1st, 2021
- COVIDSafe total cost was AU$9.2 million to October 4 with AU$2.8 million on hosting - ZDNet - November 1st, 2021
- IT Infrastructure Services Market Is Booming Worldwide | HCL, IBM, Verizon Communications Inc., Accenture, HPE and more The Host - The Host - November 1st, 2021
- Russian cyber spies target CSPs and resellers to abuse delegated access - Reseller News - November 1st, 2021