The NIST National Cybersecurity Center of Excellence (NCCoE) has launched the Applying 5G Cybersecurity and Privacy Capabilities white paper series.
The white papers target technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators, and organisations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks.
The NCCoE says 5G technology for broadband cellular networks will significantly improve how humans and machines communicate, operate, and interact in the physical and virtual world. 5G provides increased bandwidth and capacity and low latency. However, professionals in fields like technology, cybersecurity, and privacy are faced with safeguarding this technology while its development, deployment, and usage are still evolving.
In the series, NCCoE provides recommended practices and illustrates how to implement them. All of the capabilities featured in the white papers have been implemented in the NCCoE testbed on commercial-grade 5G equipment.
The white paper that introduces the series is titled Applying 5G Cybersecurity and Privacy Capabilities—Introduction to the White Paper Series, and explains what can be expected from each part of the series, namely information, guidance, recommended practices, and research findings for a specific technical cybersecurity or privacy-supporting capability available in 5G systems or their supporting infrastructures.
Simultaneously, NCCoE is also publishing the first technical white paper of the series titled Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI). This publication describes enabling SUCI protection, an optional capability new in 5G, which provides important security and privacy protections for subscribers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to configure SUCI to use a non-null encryption cipher scheme; this provides their customers with the advantages of SUCI’s protections.
The next white paper to be released is called Using Hardware-Based Security to Ensure 5G System Platform Integrity Whitepaper!. The NCCoE welcomes feedback and asks that comments about the two released white papers be submitted by September 16, 2024.