Communications technology

DOD, DHS Developing Security Assessment Methodology for 5G Technologies

The departments of Homeland Security and Defense are developing a new methodology for assessing the security of 5G technologies.

The effort is being led by the DOD’s 5G Initiative program and DHS’ Cybersecurity and Infrastructure Security Agency, which is tasked with leading 5G risk management efforts across the government, Federal News Network reported.

Vincent Sritapan, section chief of CISA’s Cybersecurity Quality Services Management Office, said the methodology will help address security concerns as the DOD deploys 5G networks at military bases nationwide.

He added that the methodology is based on telecommunications standards such as those set forth by the 3rd Generation Partnership Project.

The effort has so far resulted in a five-step process to guide organizations trying to determine their security requirements.

The guidance states that the agency should define the federal 5G use case, identify the assessment boundary, identify security requirements, map security requirements to federal policies in assessment and authorization and assess policy gaps and alternatives.

Agencies may base their security requirements on frameworks endorsed by the National Institute of Standards and Technology.

They may also reference federal policies like the DOD’s Cybersecurity Maturity Model Certification or the Federal Risk and Authorization Management Program.

Sritapan noted that it might be difficult to rigidly define use cases because of the complexities of 5G technologies.

“Who owns what? Is it on the base? Do we own it? Is it the federal government, state, local, tribal, territorial government?” Sritapan said during a conference hosted by Palo Alto Networks.