Most 5G Security Features Should Be Options, CSRIC Recommends
The FCC Communications Security, Reliability and Interoperability Council approved a report Wednesday with recommendations on optional security features that could make 5G non-stand-alone networks more secure. The report, by the Managing Security Risk in the Transition to 5G Working Group, was the only one approved during the virtual meeting. March is the final meeting for this iteration of CSRIC.
The WG said 4G risks carry over to 5G non-stand-alone deployments (see 2006100062) in its first report, said subpanel Chair Kathy Whitbeck, Nsight director-Network Management Center. “The team did not find that the introduction of a 5G new radio to the LTE core changes or degrades those fundamentals” and “that was good news,” she said. Whitbeck noted a second WG is looking at security in new stand-alone 5G networks.
“In essence, the industry in a lot of ways is pre-positioning 5G assets with their advanced security features into the network,” Whitbeck said. “We have to make sure we don't break what is out there today as we make that migration.” The report's proposals present options because all networks don’t have the same requirements, she said: As networks evolve, options will become requirements.
“Standards bodies at a global level need to accommodate conflicting national and regional needs,” Whitbeck said: “Some nations, some regions, require the ability to individually determine if they will support the security capability.” Providers need the ability to “turn off” 3rd Generation Partnership Project standards in some nations, she said. Some problems are solving themselves, Whitbeck said. The WG identified a problem with control radio links in cellular IoT, but found 3GPP was addressing it, she said. The report stresses best practices over new regulation, she said.
The Managing Security Risk in Emerging 5G WG is scheduled to complete its second report in March, on optional features in 3GPP standards for stand-alone networks, said Chair Farrokh Khatibi, Qualcomm director-engineering. “We are right on the edge of the technology discussion in 3GPP to the point that sometimes the discussion is, ‘All right, are we getting ahead of 3GPP.’” The WG released its initial document in September.
A final report by the 911 Security Vulnerabilities WG looks at cybersecurity threats to 911 networks and costs of preventing them, said Chair Mary Boyd, West Safety Services vice president-government and regulatory affairs. It will also be ready in March. “We are looking at what can be implemented, particularly when you see the role that government has to play,” she said. The report looks at the costs and “the consideration that we may have agencies that cannot afford to do some of these things,” she said. CSRIC reports are here.