
CISA’s Communications Infrastructure Guidance: Three Steps Every Enterprise Should Take

The recently disclosed Salt Typhoon security incident, which is still sending shockwaves through the telecommunications and government sectors globally, highlights the critical role that mobile networks now play in our critical infrastructure––and the methods that state-sponsored threat actors and other sophisticated adversaries now use to compromise them. New guidance that the Cybersecurity and Infrastructure Security Agency (CISA) shared following the incident disclosure reflects a growing recognition that while 5G and LTE networks have many inherent security protections, the well-established best practices that have been used to protect IP networks for decades must still be applied.
It’s also important to note that while increasing protection for telecom and managed network operators is critical, cellular network threats now extend into many other types of critical infrastructure as well. A growing number of enterprises and government entities now operate private LTE/5G networks that are integral to energy, transportation, and key manufacturing sectors. These networks are vulnerable in many of the same ways any enterprise network is vulnerable, and CISA’s guidance highlights that the same foundational strategies used to secure any network need to be employed for 5G/LTE networks as well.
As I read CISA’s guidance, I can see many people saying to themselves, “of course… there is nothing new here”. However, as I see the implementation of private cellular networks (PCNs) continue to accelerate across many industry verticals, I see a common dynamic playing out. Security teams are included in architecture and operational planning discussions too late, and there is a tendency to put too much trust in the inherent security features of 5G and LTE. Even when potential security gaps are identified, the existing tools and workflows used for enterprise network security aren’t easily extended to PCNs. This forces an uncomfortable trade-off: defer potential risk mitigations or delay critical business initiatives that rely on PCNs due to security concerns.
A key takeaway from CISA’s guidance is this: 5G security is not a standalone security tool or set of technologies. 5G Security is…. Security. No enterprise security team would allow a new network to be set up without the network meeting their minimum security requirements, but too often, the unknowns––and limitations of existing security tools––get in the way when it comes to PCNs.
CISA provided a high-level roadmap and call to action to change this, so let’s explore some practical steps that enterprise operating PCNs can take today to align with their guidance.
1. CISA Guidance: Implementing Advanced Threat Detection
Where to start:
Hold a workshop with your Security Operations team and your internal LTE/5G Network experts. Create the appropriate level of baseline knowledge that will allow these teams to identify any gaps in your current strategy.
Key questions to answer through this effort include:
- Is all the necessary LTE/5G traffic being captured and analyzed by the Security Operations team?
- Is there any context missing in this traffic that hinders the security team’s ability to identify anomalies and respond with the same speed expected across the rest of the enterprise network?
At OneLayer, we collaborate with our ecosystem partners in the cellular infrastructure and enterprise security space to bring the right blend of LTE/5G architecture and enterprise security expertise to the table for these types of workshops. If an introductory conversation about how to bridge your existing enterprise security tools and practices to the PCN would help kick-start your efforts in this area, please feel free to get in touch.
2. CISA Guideline: Prioritizing Vulnerability Management
Where to start:
It is difficult to prioritize vulnerability management with devices you don’t have visibility into. Because cellular devices do not present the same digital identifiers that traditional IP network assets do, you will need a way to give your existing security tools contextual visibility of the assets connected to the network. This can’t be limited to visibility into the SIM cards that are provisioned and active on your network. Since many vulnerabilities are handled at a device level, you will need device-level visibility and context that also includes devices that connect indirectly through intermediary devices like cellular routers or adapters. This will allow you to extend your existing vulnerability management program to cover all assets connecting to your LTE/5G network.
3. CISA Guideline: Harden Network Devices
Where to start:
CISA advocates for employing best practices like zero-trust architecture, enhanced logging, and secure configurations for routers and other devices to deter unauthorized access.
This is, of course, easier said than done, particularly since most organizations don’t have the luxury of purchasing an entirely new security stack to apply compensating controls in the LTE/5G network. Instead, look for ways to extend existing device connectivity management approaches from your existing enterprise network, such as network access control (NAC) platforms and firewalls, to your PCN. Gaps will need to be filled to make this possible, such as device fingerprinting capabilities to create contextual profiles of each device. However, it is possible to extend the use of existing segmentation solutions and access control systems to LTE/5G networks.
Call to Action
As is always the case… The devil is in the details. Engage the experts at OneLayer to take a strategic look at your existing capabilities, current knowledge base and team skillset, and existing security plan. Together, we will ensure you have the people, process, and technology needed to secure your LTE/5G network. Proactively hardening communication networks isn’t just a technical imperative—it’s a strategic necessity.
Contact us today to learn more: https://onelayer.com/contact-us/
For more details on CISA’s recommendations, explore their full guidance on Enhanced Visibility and Hardening for Communications Infrastructure.