Home > News > Top Stories > CTIA Launches 5G Security Test Bed for Commercial 5G Networks

Network Security

CTIA Launches 5G Security Test Bed for Commercial 5G Networks

CTIA Launches 5G Security Test
CTIA announced the launch of its 5G Security Test Bed (STB), a security testing and validation initiative dedicated to commercial 5G networks. CTIA created the STB in partnership with organizations across wireless, tech, and academia to test 5G security recommendations across real-world conditions using commercial-grade equipment and facilities. The 5G Security Test Bed's founding members—AT&T, Ericsson, T-Mobile, UScellular, MITRE, and the University of Maryland (UMD)—contribute invaluable industry expertise that strengthens the STB's ability to enhance the wireless security ecosystem and ensure strong protections on 5G networks.

5G is the most secure generation of wireless technology, with enhanced protections built into it from the ground-up. The STB was created to build on this foundation, testing use cases, making recommendations, and further bolstering 5G's security to benefit consumers, enterprises, and government.

Governed by industry leaders, guided by government priorities, and managed by CTIA, the test bed is the latest in a series of steps the industry has taken to make 5G the most secure network ever. Its founding members developed the initiative through their participation in CTIA's Cybersecurity Working Group, which convenes the world's leading telecom and tech companies to assess and address the present and future of cybersecurity.

The STB primarily focuses on verifying the Federal Communications Commission's (FCC) Communications Security Reliability and Interoperability Council (CSRIC) VII recommendations for 5G networks. The STB will also serve as a valuable industry resource for CSRIC VIII, focused on 5G security, which launched in June, and includes CTIA SVP and CTO Tom Sawanobori among its members.

This initiative will complement and bolster the FCC's 5G security efforts, validate its recommendations, and demonstrate 5G security features, with cross-industry groups working collaboratively to test use cases and products on an actual 5G network using real-world hardware and software, said Sawanobori.

The test bed's first configuration, built with Ericsson equipment, mirrors the initial setup for most 5G networks—a 5G radio access network is connected to a 4G core to create a 5G non-standalone (NSA) network. In 2022, the STB's configuration will shift to a 5G standalone (SA) network using a 5G core, which will enable testing of 5G SA use cases.

The STB is located at a secure lab facility at the University of Maryland, leveraging personnel with extensive experience in wireless security. The wireless core network is hosted in Northern Virginia by MITRE, a not-for-profit research and development company.

The 5G Security Test Bed's evaluations and recommendations cover issue areas that will help transform cities, government, and industries. Applications include autonomous vehicles, immersive augmented reality and virtual reality, automated factory operations, private 5G networks for enterprises, and much more.

5G STB Member Quotes
"We are excited to have a network dedicated to testing security, which is paramount for the success of 5G. This effort builds on the work underway in standards setting bodies, such as 3GPP, and will enable the industry to demonstrate 5G security in a real-word setting for consumers, enterprise businesses and government." — Chris Boyer, VP, Global Security and Technology Policy, AT&T

"Ericsson has worked closely with operators to provide the latest equipment to expand secure 5G networks and devices across the nation. We are pleased to play a major role in this next critical step in ensuring robust 5G security for all users. Critical Infrastructure, in particular, must have secure and resilient communication end to end, while maintaining the trust and integrity of its supply chain.  Ericsson is proud to be such a trusted supplier, as we provide much of that next-gen equipment from our 5G Smart Factory in Lewisville, TX and services from across the U.S."

—Jason Boswell, VP and Head of End-to-End Security, Ericsson North America

5G is the most secure generation of wireless networks to date, and we are dedicated to enhancing those protections even further. We're thrilled that the 5G Security Test Bed will provide an environment to assess potential threats to 5G security raised by security researchers.— Drew Morin, Director, Federal Cyber Security Technology and Engineering Programs, T-Mobile

The work being done by this collaborative group to evaluate and validate assumptions is important for protecting the integrity and security of 5G data. We're looking forward to contributing to the security of 5G for consumers, business and government, now and as the technology continues to evolve. — Narothum Saxena, Vice President of Technology Strategy & Architecture, UScellular

Securing 5G networks is whole-of-nation problem with significant implications for our economic and national security that requires collaboration across industry and government. Ensuring the next generation of wireless networks is secure and reflective of democratic values will provide an invaluable foundation for further innovation. — Charles Clancy, Senior Vice President, General Manager, and Chief Futurist, MITRE Labs

At UMD, we pride ourselves on training the next generation of engineering leaders and conducting research that advances network and device performance and security. This industry collaboration greatly enhances our ability to meet those objectives. — Wayne Phoel, Ph.D., Visiting Research Engineer, Institute for Systems Research, University of Maryland

Additional information about the 5G Security Test Bed and how to participate is available at www.5GSecurityTestBed.com.

About CTIA
CTIA® (www.ctia.org) represents the U.S. wireless communications industry and the companies throughout the mobile ecosystem that enable Americans to lead a 21st century connected life. The association's members include wireless carriers, device manufacturers, suppliers as well as apps and content companies. CTIA vigorously advocates at all levels of government for policies that foster continued wireless innovation and investment. The association also coordinates the industry's voluntary best practices, hosts educational events that promote the wireless industry and co-produces the industry's leading wireless tradeshow. CTIA was founded in 1984 and is based in Washington, D.C.

Spotlight

More featured news

Spotlight

Related News

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

More featured news