5G Cybersecurity for Policymakers Training Workshop

5G Cybersecurity for Policymakers Training Workshop

It’s a commonly held belief that policymakers need to heed the charge for more effective 5G cybersecurity.

In fact, late last year, the Government Accountability Office (GAO), a federal watchdog agency, recommended that policymakers consider creating cybersecurity standards to ensure a safer continued rollout of 5G wireless networks across the nation.

The agency detailed “capabilities and challenges” involved in the buildout of 5G networks, making a number of recommendations aimed at scaling up cybersecurity, spectrum availability, and consumer data privacy, along with addressing potential consumer health concerns stemming from 5G radio waves.

According to cybersecurity professionals, 5G protection needs to be edge to edge from the Internet of Things side across the core enterprise network and out to branch offices and multiple public clouds.

To accomplish this, everything connected to the enterprise ecosystem needs identification and to have its state of security or vulnerability identified. Following this, all requests for access to network resources should also be verified, validated and authenticated to ensure an effective security defense.

This is not a simple solution. However, for it to work, MNOs will need to cooperate even more closely with their IT departments to ensure 5G networks and software has built-in, end-to-end security upfront.

Code-based attacks on civilian and military infrastructures pose one of the great new challenges for security policy. Political decision-makers, the security industry and media pundits are increasingly warning of a “cyberwar” that could throw the economy and society into unpredictable turmoil.

Many cybersecurity professionals believe we need to rethink our security culture. For governments, the greatest challenge lies in helping private network operators, businesses and banks to secure their networks – if necessary, by introducing appropriate legislation. In general, decisions concerning the security of civilian networks should not be left primarily to the military and intelligence agencies.

It’s vital for policymakers to understand that cybersecurity issues arise because of three factors taken together:

• The presence of malevolent actors in cyberspace
• Societal reliance on IT for many important functions
• The inevitable presence of vulnerabilities in IT systems that malevolent actors can take advantage of

5G Cybersecurity for Policymakers Training Workshop by Tonex

5G Cybersecurity for Policymakers Training Workshop is a 2-day training workshop on 5G cybersecurity and Cyber threats for policymakers and non-technical professionals and officers. 5G will have a tremendous economic impact on global economy and expected to enable $13.2 trillion in economic output by 2035 according to Qualcomm.

Quote
“ From my perspective, 5G is the single biggest critical infrastructure build that the globe has seen in the last 25 years and, coupled with the growth of cloud computing, automation, and future of artificial intelligence, demands focused attention today to secure tomorrow.”
Christopher Krebs
Director, CISA
CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY

Policymakers must understand 5G’s potential and its pitfalls. 5G use cases are projected to generate significant economic growth due to increased speed, capacity, functionality, and enabling next generation data-enabled innovations such as the Internet of Things (IoT), artificial intelligence (AI), autonomous driving, industrial automation and more.

Increased network capacity, new network slices, new network capabilities and speed coupled with more connected devices and mission critical  will create more potential opportunities for compromise. Emerging threats will pose a danger to connected ecosystem players, critical infrastructure and services like energy, manufacturing, utilities, transportation and other industry sectors connected via 5G. Government policymakers are prioritizing the security of 5G networks and should consider cybersecurity policy and guidelines.

Participants in 5G Cybersecurity for Policymakers Training Workshop will learn about 5G networks, 5G network and system vulnerabilities, security threats, mitigation and policy principles for  5G deployment and cybersecurity policies.

The 5G cybersecurity workshop discusses analysis and development of 5G policies and standards to serve as the foundation for securing 5G services and infrastructure. Participants will learn how to facilitate secure deployment and commercialization of 5G technologies to prevent attempts by threat actors to influence the design, architecture and implementation of 5G networks.

5G Cybersecurity Bootcamp is a combination of theoretical lectures and practical insight that helps participants gain in-depth knowledge about current and future state of 5G mobile technology, architecture, protocols and 5G cybersecurity.

Who Should Attend?

5G Cybersecurity for Policymakers Training Workshop program is for non-technical policymakers, officers, leaders, program and project managers, and executives  looking to build an action plan for a more cyber resilient 5G program.

• Government Officials
• Cybersecurity Professionals
• Telecommunication Industry Representatives
• Legal Experts
• Academics and Researchers
• International Organizations
• Critical Infrastructure Protection Professionals
• Law Enforcement Officials
• Corporate Executives
• Non-Governmental Organizations (NGOs)

Pre-Requisite:

There are no technical prerequisites for this program.

Learning Objectives  

Upon the completion of 5G Cybersecurity for Policymakers Training Workshop training, participants will:

• Learn the fundamental concepts of 5G network
• List and discuss various 5G use cases
• Discuss end-to-end 5G network architecture, vulnerabilities and security issues
• Describe 5G NR, 5GC: 5G core functions, architecture, AMF, Network Slicing, NG-RAN, SBA, SMF, UPF, SDN/VFN, Network Slicing, MEC, LTE-M, 5G/NB-IoT
• Identify 5G operational scenarios, D2D, and signaling
• Discuss security architecture and procedures for 5G systems
• Explain 5G security issues, attacks and mitigation
• Describe 5G cybersecurity frameworks that provide a strategic view of 5G cybersecurity risk management, both quantitative and qualitative
• Develop the vocabulary of 5G and 5G cybersecurity to support policy discussions and analysis
• Identify the leading approaches to managing 5G cybersecurity, including ‘defense in depth’ and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, National Cybersecurity Center of Excellence (NCCoE)  5G Cybersecurity: Preparing a Secure Evolution and ENISA’s (European Union Agency for Cybersecurity) threat landscape for 5G Networks
• Generate a practical interpretation of the tradeoffs between security and privacy, and a method for understanding policies and priorities
• Learn how decisions made by technologists may affect the policy landscape

Course Agenda

Overview of 5G Network and System Architecture

• 5G Architectural Components
• Architectures Defined by Function
• 5G System Functions
• 5G Design
• Platforms for Terminal (Chips, OS, MMI, etc.)
• Transmission (coding, modulations, etc.)
• Design considerations
• Capabilities and limitations
• Product development process
• Autonomous 5G Control
• Network Management
• Principles of 5G Core (5GC)
• Principles of 5G New Radio (5G NR)
• NR, gNB, NG-RAN and 5GC

Introductioon to 5G Security

• 5G communications systems architecture
• Security Issues and Challenges in 5G Communications Systems
• Mobile Malware Attacks Targeting UE
• Direct and D2D Communication Security
• IoT Security
• NFV Security
• Software Defined Networking (SDN) Security
• Cloud and Virtualization Security
• C-RAN Security
• V2V Security
• Securing 5G Automation
• 5G Monitoring and Security Operations
• Cloud Security applied to 5G
• 5G Forensics Analysis
• Advanced 5G  Forensics, Incident Response, and Threat Hunting
• 5G Cyber Threat Intelligence
• Advanced 5G Forensics: Applied to IoT, V2V and Autonomous Things
• Reverse-Engineering 5G Analysis Tools and Techniques
• 5G Cyber Security Risk Management
• 5G Security Automation, Incident Response Team Management
• Secure DevOps
• 5G Data Security and Investigations
• Physical 5G Penetration Testing
• Physical Wireless Access Control Systems Elements of Design, Offense/Defense
• 5G Mobile Botnets
• Bot-masters and Bot-proxies
• 5G UE Location Tracking

5G Networks and System Cybersecurity Assessment and Best Practices

• 5G Systems Attacks
• Uniquely Network Concerns
• Reliability and Security
• Role of Obscurity
• Threat Assessment
• Attackers and Assets
• Attack Surface
• Attack Trees
• Security Policy
• 5G System Vulnerabilities
• Backdoors
• Denial of Service (DOS)
• Defensive Architectures
• Combating Complexity
• Defensive Hardware Interfaces
• Public Key Cryptography (PKI)
• Protecting Data In Motion
• Secure Software Process

5G System Vulnerability Analysis

• 5G System and Network Attacks
• Exploiting 5G Systems and Devices
• The Stages of System Exploitation
• Initial Reconnaissance
• Exploitation
• Firmware Unpacking and Modification
• Detecting
• Extracting
• Analysis
• Modification and Creation of new firmware
• Hacking/exploitation techniques, tools and entry points
• Defensive technologies

Cybersecurity Attacks and Best Mitigation Practices for 5G Systems

• Non-Invasive Hardware Reverse Engineering
• Component identification
• Interface Analysis
• Communications Protocols Sniffing
• Decoding and Deciphering Captured Bits
• Critical Data Identification and Detection
• Component Removal and Replacement
• Electronics and Circuit analysis
• Security Measures

5G Security Requirements and Features

• 3GPP General security requirements
• Requirements on the UE
• Requirements on the gNB
• Requirements on the ng-eNB
• Requirements on the AMF
• Requirements on the SEAF
• Requirements on the UDM
• Core network security
• Trust boundaries
• Visibility and configurability
• Requirements for algorithms, and algorithm selection

5G Cyberecurity Mitigation Strategies and Recommendations

• Key Issues
• Embedded SIM Security
• mmWave Security Issues
• 5G Autonomous Driving Security Solutions
• Critical 5G Security Controls Planning, Implementing and Auditing
• Top 5G Mitigation Strategies Implementing and Auditing
• Advanced 5G Security Principles
• 5G Intrusion Detection
• 5G Wireless Hacker Tools, Techniques, Exploits and Incident Handling
• Issues with Access Network Flash Network Traffic
• Radio interface key management
• User plane integrity
• Security measures
• DOS Attacks Against Network Infrastructure
• Overload of the signaling plane security issues
• Bulk configuration security issues
• Overview of Risk Management Framework (RMF)
• DoD RMF Templates
• 5G cybersecurity patching

Tonex 5G Cybersecurity Policy Workshop and Recommendations

• 5G Cybersecurity Policy and Strategy Guidelines
• Risks from 5G Deployment
• Supply Chain Risks
• Deployment Risks
• Risks to 5G Infrastructure
• Network Security
• Measures to Mitigate 5G Risk
• The Role of Governments in 5G Cyber Security
• Role in 5G Adoption
• Developing 5G policy, best practices, and standards
• Tools and methods to prevent attempts by threat actors to influence the design and architecture of 5G networks
• Educating stakeholders on 5G supply chain risk
• Strengthening and securing existing infrastructure to support future 5G deployments
• Assessing risk mitigation techniques on 5G use cases
• Frameworks that provide a strategic view of cybersecurity risk management
• Improving 5G Defenses with Systems and Technology
• Organizing Cyber Management Priorities
• Measuring 5G Risk Exposure through Threat and Attack Simulations
• 5G Strategic Initiatives
• National Institute of Standards and Technology (NIST) 5G Cybersecurity Framework,
• National Cybersecurity Center of Excellence (NCCoE)  5G Cybersecurity Strategy
• ENISA’s (European Union Agency for Cybersecurity) threat landscape for 5G Networks

5G Cybersecurity for Policymakers Training Workshop