March 10, 2021
CSRIC: A Crucial Cybersecurity Partnership Protecting Wireless Consumers, and Federal Agencies .
Today, the Communication, Security, Reliability and Interoperability Council (CSRIC) released its fourth report on 5G security in just two years—an unprecedented achievement and an important volume in an extensive resource library.
CSRIC is a key institution for public-private collaboration on cybersecurity, a place where the wireless industry comes together to share their experiences and recommendations with each other and with policymakers, so that the ecosystem as a whole can continue to advance wireless security. It takes constant vigilance, flexibility and innovation to combat cybersecurity threats. The threat landscape is constantly evolving and so must the defenses companies put in place to protect their networks and their customers.
CSRIC is made up of leading subject-matter-experts chosen by the FCC—from government agencies like the FCC, DHS and NIST, as well as from industry, consumer groups and small businesses—to analyze and report recommendations on issues facing the telecommunications sector, including wireless security.
CSRIC is a rare and valuable resource to the nation: a voluntary and collaborative body that provides the FCC, DHS, NIST and Congress with real, on-the-ground expertise on the ins and outs of technology, security and the wireless industry. This is a key input for both policymakers and industry members to inform their work and should be commended and serve as a key building block for future cybersecurity initiatives.
Empowering and Protecting Federal Agencies and Employees.
CSRIC provides government with real-world, tangible cybersecurity benefits and recommendations. For example, CSRIC’s work has been used:
- By federal agencies and the telecom sector to implement the NIST Cybersecurity Framework (CSRIC IV). This seminal report provided recommendations to the FCC on ways to help operators use and adapt the voluntary NIST Cybersecurity Framework. NIST recommends this report to those in the wireless sector as a resource for how to implement their Cybersecurity Framework.
- By the federal government and telecom sector to manage risks associated with GPS (CSRIC V). CSRIC developed an analysis of backup options in the case of GPS outages, which became law as part of the Frank LoBiondo Coast Guard Authorization Act of 2018, authorizing the establishment of a reliable backup to GPS for the benefit of military and civilian use.
Protecting Wireless Consumers.
Critically, CSRIC’s work has a direct impact on the security of consumers and their data. CSRIC’s work has been used:
- By the wireless industry to mitigate threats related to the implementation of SS7 signaling and Diameter protocols in data networks (CSRIC V, WG 10 & CSRIC VI, WG 3). CSRIC recommendations are used across industry to help providers regularly evaluate their service level terms with partners, actively engage in message filtering and utilize the industry best practices and guidelines to secure signaling interconnections for Diameter.
- By wireless providers to protect consumers against botnets (CSRIC III, WG 7). Providers implemented CSRIC recommendations to educate consumers about botnets, enable security features that protect consumers from spoofed websites and implement systems to reduce traffic hijacking.
CSRIC is a leading voice on the next generation of wireless, publishing its first 5G security report in September 2018, making today’s report the fifth on this important topic. These reports facilitate industry and policymaker information sharing on 5G issues and foster cross-industry collaboration on next-gen security. This collaborative approach should be a model for future cyber coordination focused on addressing cyber threats in an agile and timely manner.
Thanks to work done throughout the wireless ecosystem, including CSRIC, 5G security will be the most secure generation of wireless technology. 5G security features include:
- Enhanced encryption technologies and resilient virtual systems. CSRIC has discussed the benefits of these systems and recommended training for employees on such network virtualization technologies so they can better understand and secure them.
- Security that travels with you, protecting you no matter whether you are on Wi-Fi, Bluetooth or another wireless network. CSRIC has explained this function in detail for the benefit of policymakers and industry members and discussed the importance of an Extensible Authentication Protocol (EAP) to carry the authentication information between the device and the authenticating server when deploying this security feature.
- Device-specific security updates and network slices that tailor security to customer requirements. CSRIC recommended many security precautions for successfully implementing network slicing, including the use of standardized (i.e. 3GPP) security measures for access to slices by third parties, AI and machine learning for slice analytics and automated threat intelligence sharing for each slice.
Since it started focusing on cybersecurity, CSRIC has created a comprehensive body of technical threat analysis on 5G networks and the wireless industry, which stands as a resource to partners across government and industry. The U.S. telecom sector—and the wireless industry’s commitment to cybersecurity—is unmatched compared to international counterparts in this effort. The FCC and CSRIC should be commended for avoiding one-size-fits-all and static approaches to 5G security.
It’s critical that policymakers and industry continue to partner together in the days ahead to develop advanced and ever-improving security features like these—secure networks are key for the U.S.’s global competitive advantage in the tech and wireless industries and for the satisfaction and safety of our customers.