CTIA Announces 5G Security Test Bed for Commercial 5G Networks
CTIA today announced the launch of its 5G Security Test Bed (STB), a security testing and validation initiative dedicated to commercial 5G networks. CTIA created the STB in partnership with organizations across wireless, tech, and academia to test 5G security recommendations across real-world conditions using commercial-grade equipment and facilities.
The 5G Security Test Bed’s founding members—AT&T, Ericsson, T-Mobile, UScellular, MITRE, and the University of Maryland (UMD)—contribute invaluable industry expertise that strengthens the STB’s ability to enhance the wireless security ecosystem and ensure strong protections on 5G networks.
There are no ITU standards for 5G security, which requires a 5G SA Core network. Rather, there are 3GPP 5G Security technical specifications (TS 23.501 – 23.503) with ALL features required to be implemented by vendors, but none of them mandatory for 5G network operators. IEEE Techblog articles and tutorials for 5G security are here.
The STB was created to build on 5G security (presumably from the referenced 3GPP technical specs), testing use cases, making recommendations, and further bolstering 5G’s security to benefit consumers, enterprises, and government.
Governed by industry leaders, guided by government priorities, and managed by CTIA, the test-bed is the latest in a series of steps the industry has taken to make 5G the most secure network ever. Its founding members developed the initiative through their participation in CTIA’s Cybersecurity Working Group, which convenes the world’s leading telecom and tech companies to assess and address the present and future of cybersecurity.
The STB primarily focuses on verifying the Federal Communications Commission’s (FCC) Communications Security Reliability and Interoperability Council (CSRIC) VII recommendations for 5G networks. The FCC announced the working group members of the council last month. There are six CSRIC VIII working groups:
-Working Group 1 is centered on 5G signalling protocols security and is co-chaired by Brian Daly of AT&T and Travis Russell of Oracle.
-Working Group 2 focuses on promoting the security, reliability, and interoperability of Open RAN equipment. It is co-chaired by Mike Barnes of Mavenir and George Woodward of the Rural Wireless Association.
-Working Group 3 focuses on using virtualization to promote security and reliability in 5G, co-chaired by Micaela Giuhat of Microsoft and John Roese of Dell
-Working Group 4 is centered on 911 service over Wi-Fi and is co-chaired by Mary Boyd of Intrado and Mark Reddish of APCO.
-Working Group 5’s area of focus is on managing software and cloud services supply chain security for communications infrastructure; the group is chaired by Rittwik Jana of VMWare.
-Working Group 6 will work on issues surrounding the use of mobile device applications and firmware for wireless emergency alerts. It is co-chaired by Farrokh Khatibi of Qualcomm and Francisco Sanchez of Harris County, Texas’ OHSEM.
The STB will also serve as a valuable industry resource for CSRIC VIII, focused on 5G security, which launched in June, and includes CTIA SVP and CTO Tom Sawanobori among its members.
“This initiative will complement and bolster the FCC’s 5G security efforts, validate its recommendations, and demonstrate 5G security features, with cross-industry groups working collaboratively to test use cases and products on an actual 5G network using real-world hardware and software,” said Sawanobori.
The test bed’s first configuration, built with Ericsson equipment, mirrors the initial setup for most 5G networks—a 5G radio access network is connected to a 4G core to create a 5G non-standalone (NSA) network. In 2022, the STB’s configuration will shift to a 5G standalone (SA) network using a 5G core, which will enable testing of 5G SA use cases.
The STB is located at a secure lab facility at the University of Maryland, leveraging personnel with extensive experience in wireless security. The wireless core network is hosted in Northern Virginia by MITRE, a not-for-profit research and development company.
The 5G Security Test Bed’s evaluations and recommendations cover issue areas that will help transform cities, government, and industries. Applications include autonomous vehicles, immersive augmented reality and virtual reality, automated factory operations, private 5G networks for enterprises, and much more.
5G STB Member Quotes:
“We are excited to have a network dedicated to testing security, which is paramount for the success of 5G. This effort builds on the work underway in standards setting bodies, such as 3GPP, and will enable the industry to demonstrate 5G security in a real-word setting for consumers, enterprise businesses and government.” — Chris Boyer, VP, Global Security and Technology Policy, AT&T
“Ericsson has worked closely with operators to provide the latest equipment to expand secure 5G networks and devices across the nation. We are pleased to play a major role in this next critical step in ensuring robust 5G security for all users. Critical Infrastructure, in particular, must have secure and resilient communication end to end, while maintaining the trust and integrity of its supply chain. Ericsson is proud to be such a trusted supplier, as we provide much of that next-gen equipment from our 5G Smart Factory in Lewisville, TX and services from across the U.S.” —Jason Boswell, VP and Head of End-to-End Security, Ericsson North America
“5G is the most secure generation of wireless networks to date, and we are dedicated to enhancing those protections even further. We’re thrilled that the 5G Security Test Bed will provide an environment to assess potential threats to 5G security raised by security researchers.” — Drew Morin, Director, Federal Cyber Security Technology and Engineering Programs, T-Mobile
“The work being done by this collaborative group to evaluate and validate assumptions is important for protecting the integrity and security of 5G data. We’re looking forward to contributing to the security of 5G for consumers, business and government, now and as the technology continues to evolve.” — Narothum Saxena, Vice President of Technology Strategy & Architecture, UScellular
“Securing 5G networks is whole-of-nation problem with significant implications for our economic and national security that requires collaboration across industry and government. Ensuring the next generation of wireless networks is secure and reflective of democratic values will provide an invaluable foundation for further innovation.” — Charles Clancy, Senior Vice President, General Manager, and Chief Futurist, MITRE Labs
“At UMD, we pride ourselves on training the next generation of engineering leaders and conducting research that advances network and device performance and security. This industry collaboration greatly enhances our ability to meet those objectives.” — Wayne Phoel, Ph.D., Visiting Research Engineer, Institute for Systems Research, University of Maryland
Additional information about the 5G Security Test Bed and how to participate is available at www.5GSecurityTestBed.com.
About CTIA:
CTIA® (www.ctia.org) represents the U.S. wireless communications industry and the companies throughout the mobile ecosystem that enable Americans to lead a 21st century connected life. The association’s members include wireless carriers, device manufacturers, suppliers as well as apps and content companies. CTIA vigorously advocates at all levels of government for policies that foster continued wireless innovation and investment. The association also coordinates the industry’s voluntary best practices, hosts educational events that promote the wireless industry and co-produces the industry’s leading wireless tradeshow. CTIA was founded in 1984 and is based in Washington, D.C.
References:
https://techblog.comsoc.org/category/5g-security/
One thought on “CTIA Announces 5G Security Test Bed for Commercial 5G Networks”
Comments are closed.
Cyberattacks are becoming more frequent and more expensive. Tal Liani of BofA Global Research highlights trends such as digitalization, hybrid work, and the transition to public cloud which have increased the attack vector across organizations’ networks. This year, 83% of organizations have experienced multiple breaches, and the average remediation cost was $9.4mn in 1H22, a 4% y/y increase on top of the 13% seen in 2020.