Cybersecurity Top of Mind at #MWC22
At this week’s #MWC22, cybersecurity has been a major focus. Several panels were dedicated to exploring timely cybersecurity issues, including new and growing threat vectors; innovative industry advancements in cybersecurity; the operational impacts of longstanding public-private partnerships; the various patchwork of government efforts to guide and regulate cybersecurity practices across federal and private systems and networks; and much more.
@CTIA’s cybersecurity experts from its Cybersecurity Working Group lead panel discussions about Cybersecurity Hot Topics, 5G Security Enhancing the Wireless Security Ecosystem, and the wireless industry’s newly launched 5G Security Test Bed, and panelists included leaders across industry who have been at the cutting edge of operational and policy developments, including thought leaders from @ATT, @TMobile, @Samsung, @Ericsson, @Qualcomm, and @MITREcorp.
Below are the top takeaways we heard from these timely discussions:
- Cybersecurity Is Critical in the Face of Growing and Changing Threats, but There Is No One-Size-Fits All Solution. Panelists discussed the changing cybersecurity threat landscape and agreed on the need for the entire ecosystem to play a role in improving cybersecurity. Panelists made clear, however, that there is not one rigid baseline or solution that offers a “silver bullet.” Instead, any approach must be risk-based, adaptive, and flexible – like the well-established National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
- Industry Welcomes Partnerships with the Federal Government to Address Complex Cyber Challenges, but Fragmentation Is a Real Concern. Industry panelists agreed that there is an important role for the federal government to play in cybersecurity and that they value the federal government as a cybersecurity partner. For example, panelists explained operational partnerships that have been in place with the federal government for decades, which allow government and industry to engage in important information sharing. Panelists also highlighted public-private partnerships that have made valuable contributions to the policy and operational landscape, including the Federal Communications Commission’s (FCC) CSRIC and the Department of Homeland Security’s (DHS) ICT Supply Chain Risk Management Task Force. Panelists also noted the growing trend towards a more regulatory approach from the federal government and cautioned against the negative consequences of fragmentation in federal and international cyber policy. There was agreement that the new Office of the National Cyber Director could be a promising platform to promote public-private partnerships and encourage coherence in a national, risk-based approach to cyber policy.
- Federal Policy Should Be Harmonized. Building on the discussion about fragmentation, panelists highlighted the need for the various cybersecurity efforts across many federal agencies to be harmonized. In particular, there was agreement that the current effort underway at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to develop performance goals for critical infrastructure owners and operators should be closely aligned with NIST CSF, including that it should take a risk-based and flexible approach and not be a prescriptive checklist.
- Incident Reporting and Information Sharing Have Clear Benefits, But Mandates Pose Risks. There was discussion about CISA’s mandate to create new cyber incident reporting rules for critical infrastructure, as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), as well as other incident reporting requirements and proposals at the federal and state levels. Panelists discussed the importance of information sharing to help to understand and share cybersecurity threats and trends but cautioned against a patchwork approach and overly broad reporting requirements that could undermine the goals of cybersecurity policy by diverting resources away from the day-to-day operational work that cyber professionals do to protect systems and networks.
- Zero Trust Is an Emerging Cybersecurity Concept with Great Promise, But It Is Not Yet Ripe for Regulation. Zero trust (ZT) has captured the interest of policymakers at the federal level. Panelists explained what zero trust is and how it can be leveraged to improve cybersecurity, including how ZT principle can be applied to 5G deployments in the cloud. Panelists emphasized that zero trust is not a technical requirement or a single tool but instead is a concept that must be applied flexibly from one network to the next. Panelists agreed that as zero trust concepts are emerging, it is critical to have clarity around a definitional baseline to facilitate a common understanding of key terms. Panelists also emphasized that ZT is still a cybersecurity approach that is emerging and is not yet ripe for regulation.
- While There Are Unique Cybersecurity Challenges in 5G, There Are Also Clear Cybersecurity Enhancements that Industry Is Leveraging to Ensure that Today’s Wireless Networks Are More Secure than Ever Before. One key theme that emerged is that 5G introduces new and different cybersecurity challenges, as well as innovative and important security enhancements. Mobile edge computing, network slicing, and open RAN will all create new vulnerabilities, but also will facilitate new opportunities and solutions. The discussions highlighted that 5G is the most secure wireless standard to date.
- The Wireless Industry Continues to Be on the Cutting Edge of Cybersecurity Advancements. The conference gathered founding members of a new industry-leg 5G security test bed to discuss the test bed’s current work and goals to deliver on the promise of 5G security. The test bed is a collaboration between wireless providers, equipment manufacturers, cybersecurity experts, academia, and government agencies to demonstrate and validate how 5G security will work. A distinguishing feature of the test bed is that it uses real-world commercial equipment in a lab environment to test threats. Panelists shared important tests that are being conducted in the test bed, including validating CSRIC recommendations. Looking ahead, this collaboration – which prioritizes information sharing and using empirical evidence gathered through real world testing to identify and mitigate threats – will be valuable not just to securing 5G, but also to ensuring a secure 6G and beyond future.
Are you at #MWC22 this week? We’d love to catch up! Reach out to anyone in the Wiley delegation: Megan Brown, Scott Delacourt, Josh Turner, Edgar Class, Charles McKee, Kat Scott, Sara Baxenberg, and Steve Conley. Stay tuned to Wiley Connect for more updates from the conference!