<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Book Antiqua";
panose-1:2 4 6 2 5 3 5 3 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:813906776;
mso-list-type:hybrid;
mso-list-template-ids:-509286750 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1924799684;
mso-list-template-ids:2084489896;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal" align="right" style="text-align:right"><b><span style="font-size:12.0pt;line-height:105%;font-family:"Book Antiqua",serif"><img width="100" height="100" style="width:1.0416in;height:1.0416in" id="Picture_x0020_2" src="cid:image005.png@01D7DC62.D09D8990" alt="Logo
Description automatically generated"></span></b><b><span style="font-size:12.0pt;line-height:105%;font-family:"Book Antiqua",serif"><o:p></o:p></span></b></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:12.0pt;line-height:105%;font-family:"Book Antiqua",serif">Enduring Security Framework Releases Part II of Security Guidance for 5G Cloud Infrastructures<span style="color:black">
<i><o:p></o:p></i></span></span></b></p>
<p class="MsoNormal" style="text-align:justify;line-height:150%"><span style="font-family:"Book Antiqua",serif">November 18, 2021
<o:p></o:p></span></p>
<p class="paragraph" style="margin:0in"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Book Antiqua",serif">WASHINGTON<span style="color:black"> </span>– </span></span><span style="font-size:11.0pt;font-family:"Book Antiqua",serif">As
part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published guidance today to mitigate cyber threats within 5G cloud infrastructure.
<i>Securely Isolate Network Resources</i> examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods.<o:p></o:p></span></p>
<p class="paragraph" style="margin:0in"><span style="font-size:11.0pt;font-family:"Book Antiqua",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial of service attacks, and implementing real
time threat detection. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">In Part I of the series, ESF discussed best practices on preventing and detecting malicious cyber actor activity in a 5G cloud infrastructure and recommended mitigations aimed at preventing
cybersecurity incidents. Part II of the series dives into Pod security and preventing a process that runs in a container from escaping the isolation boundaries of its container and gaining access to the underlying host.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">“5G changes the traditional mobile network operations architecture, allowing for the core network to be moved away from proprietary hardware and software to a modular cloud-native infrastructure,”
said Jorge Laurel, NSA Project Director for ESF. “This is more flexible in its development and deployment, but also introduces new cybersecurity implications and risks that need to be mitigated.”
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">"The deployment of 5G is built on an agile, highly configurable network architecture, a foundation of virtualization that can bring a wealth of benefits to our lives and work as well as greater
security risks," said, Matt Hartman, Deputy Executive Assistant Director for Cybersecurity, CISA. "With our partners at NSA and ESF, CISA encourages the 5G community to review this guidance to ensure they achieve the necessary heightened level of Pod security
in 5G cloud.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">Pods are the isolated environments used to execute 5G network functions in a 5G container-centric or hybrid container/virtual network function design and deployment. Pods provide highly configurable,
flexible workloads that can be scaled and orchestrated from a central control plane, while enforcing isolation of each workload. The scale and interoperability requirements of 5G cloud components makes securely configuring Pods a challenging but important
ongoing effort. A strong Pod security posture leverages containerization technology to harden the deployed application, protects interactions between Pods, and detects malicious/anomalous activity within the cluster.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">“5G changes communication capabilities and risks,” said Rob Joyce, NSA Cybersecurity Director. “This guidance document from ESF brings to light the need to secure Pods as an important aspect
of securing 5G cloud environments.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">5G cloud providers, integrators, and network operators share the responsibility to securely configure, deploy, and orchestrate Pods that provide services.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif">This series has been published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.
<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Book Antiqua",serif">Related White Papers:<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst" style="margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo3">
<a href="https://media.defense.gov/2021/May/10/2002637751/-1/-1/0/POTENTIAL%20THREAT%20VECTORS%20TO%205G%20INFRASTRUCTURE.PDF"><i><span style="font-family:"Book Antiqua",serif">Potential Threat Vectors to 5G Infrastructure</span></i></a><i><span style="font-family:"Book Antiqua",serif"><o:p></o:p></span></i></li><li class="MsoListParagraphCxSpMiddle" style="margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo3">
<a href="https://media.defense.gov/2021/Oct/28/2002881720/-1/-1/0/SECURITY_GUIDANCE_FOR_5G_CLOUD_INFRASTRUCTURES_PART_I_20211028.PDF"><span style="font-family:"Book Antiqua",serif">Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement
(Part I)</span></a><span style="font-family:"Book Antiqua",serif"><o:p></o:p></span></li><li class="MsoListParagraphCxSpLast" style="color:#0563C1;margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo3">
<a href="https://media.defense.gov/2021/Nov/18/2002895143/-1/-1/0/SECURITY_GUIDANCE_FOR_5G_CLOUD_INFRASTRUCTURES_PART_II_20211118.PDF"><span style="font-family:"Book Antiqua",serif">Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources
(Part II)</span></a><span class="MsoHyperlink"><o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="font-family:"Book Antiqua",serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_3" src="cid:image003.png@01D7DC67.7F9D81D0"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>