Zero Trust (ZT) is a concept that no digital system or human user, whether external or internal, can be trusted, regardless of ownership and location. Zero Trust Architecture (ZTA) is a plan to implement ZT in a digital system or network of digital systems. ATIS published a paper in July 2023, “Enhanced Zero Trust and 5G,” that focused on broadly implementing a ZTA in 5G. In it, ATIS enumerated 12 required central security controls for a 5G ZTA, along with numerous recommendations to 3rd Generation Partnership Project (3GPP) to align 5G and 6G security specifications with a ZTA.
5G Mobile Network Operators (MNOs) architect and deploy their 5G wireless offerings on fully virtualized or cloud-native platforms and networks. When implementing cloud native networks, the cloud computing platforms host all the various parts of a 5G System,
including the 5G Core Network, Operations and Business Support Systems (OSS and BSS), and Open Radio Access Networks (O-RAN).
At present, there are four dominant cloud models in production use. Two of these models are considered legacy in that they use traditional virtualized and cloud compute architectures, while the other two leverage the cloud services delivered by Hyperscaler Cloud Providers (HCPs). The HCP-based models are gaining momentum in the industry
and driving new investments in the public cloud. The two legacy models are the multivendor stack and the single vendor full stack, which are private cloud implementations. The two public cloud models leverage well-known public cloud offerings from the cloud providers. One is the standard public offering, and the second is private and uses the same
technology stacks but is dedicated specifically for the 5G MNO installed on their physical locations.
5G networks are currently being deployed in a hybrid cloud environment using combinations of the four models of private and public clouds. The 5G MNO must rely on several different Standards Development Organizations (SDOs) for cloud computing architecture and security.
This paper looks at the implementation and operational aspects of implementing a ZTA in the 5G MNO cloud environments that are hosting their 5G services. We will look at the four cloud deployment models in terms of a ZTA in combination with a discussion of the 12 security controls. We will highlight any potential deployment issues relating to these 12 security controls for each of the four models. The development and rollout of the security controls have also been primarily centered in the IT world. For some, there are gaps due to differences from the IT side that must be filled in order to deploy the controls in the 5G realm. This paper highlights these gaps, including threat intelligence feeds. Gaps filled by new threat models such as MITRE’s FiGHT and Groupe Spéciale Mobile Association (GSMA) Mobile Threat Intelligence Framework (MOTIF) are also highlighted.
The ATIS Cloud 5G ZTA study was informed by the work at U.S. Department of Commerce National Institute of Standards and Technology (NIST) and ZT subject matter experts from organizations that are stakeholders in 5G network security. The recommendations
enumerated in Section 5 provide concluding strategic guidance to enhance security and operational resilience in 5G cloud environments through a ZT framework. Recommendations are broken down into sections for each responsible standards bodies, infrastructure vendors, HCPs, and security operations teams.