NSA, CISA, Add Original Equipment Manufacturers to Audience for 5G Security Guidance

The agencies got specific about who is responsible for what in a four-part series on securing the inherently cloud-based environments.

Mariam BakshDecember 16, 2021

Federal cybersecurity agencies addressed original equipment manufacturers of networking gear and stressed the importance of establishing trust through the hardware level in their latest guidance on securing the largely virtualized computing architectures that are expected to reign in the future.

“Moving up from the hardware device level, ensuring the integrity of the container stack (worker nodes, Kubernetes cluster and containers) is critical for preventing attacks and denying cyber actors the ability to persist,” reads guidance issued by the National Security Agency and the Cybersecurity and Infrastructure Security Agency Thursday.

The document on ensuring the integrity of cloud infrastructure and resources—such as image files referred to as containers because they carry all the code necessary to run an application—is the final installment of a four-part series the agencies produced on 5G security.

Story Continues Below Sponsor Message

Other publications in the series dealt with detecting and preventing lateral movement across networks, effectively isolating network resources and protecting data while in-transit, in-use and at-rest.

Throughout the series, NSA and CISA detail mitigations for complex cloud environments where multiple tenants can share threats and the responsibility for various security procedures can be hazy across end users, application developers, and other service providers.

To address this, “the audience for each set of recommendations will be identified throughout the series, providing a layered approach to building hardened 5G cloud deployments,” the agencies said.

The first three publications recommend actions for cloud providers, mobile network operators, and customers. The fourth document does not address customers, and adds original equipment manufacturers. OEMs include companies like CISCO, and others that are less rarely heard of as they function further down in the supply chain.

But as the last year has shown, adversaries have been pursuing attacks through foundational suppliers given the larger impact they can have. And NSA and CISA are highlighting ways to establish a provable trust chain that starts with firmware—software that comes embedded in hardware.

“Servers, storage, and network devices form the cloud infrastructure platform on which the cloud native 5G core is deployed,” the agencies wrote. “Existing mitigations of threats against the nodes are often rooted in firmware or software, making them vulnerable to the same attack strategies. For example, if the firmware can be successfully exploited, then the firmware-based security controls can most likely be circumvented in the same fashion.”

The guidance points to the National Institute of Standards and Technology’s Special Publication 800-193 as one resource with specific controls describing how to establish “a method where each software module in a system boot process is required to measure the next module before transitioning control,” up through the technology stack, for example.

One key will be to ensure that the firmware is updatable, the agencies said, adding that “network designers and operators should pick devices which provide NIST SP 800-193 guided protection, detection and recovery of all rootkit-able firmware.”

The 5G security series emerged from the Enduring Security Framework. The group includes representatives from the information and communications technology industry as well as defense industrial base companies and the government.

https://www.nextgov.com/cybersecurity/2021/12/nsa-cisa-add-original-equipment-manufacturers-audience-5g-security-guidance/359913/

What does an ex-CIA whistleblower use: Android or iPhone?(Edward Snowden)

Rado MinkovDec 11, 2021, 7:23 AM

Edward Snowden is one of the most well-known names in circles where mass surveillance and the NSA (National Security Agency) in general are often the topics of discussion.

After working with the CIA and at the NSA, in 2013 he fled the US and leaked thousands of classified NSA documents, revealing highly secret government information to the world.

As a high-profile US whistleblower, he's still unable to return to his country, currently living under asylum in Russia, which granted him an unlimited permanent residency as of 2020.

We won't be getting into the details surrounding this fascinating man and his government leaks, but the one detail about him that actually relates to PhoneArena, and for the phone enthusiast is quite interesting to know.

Edward Snowden recommendsGrapheneOS, an Android-based smartphone operating system. (Anons this is weird Graphene)

We've talked about smartphone security and privacy quite a bit this passing year. From giving you a list of the most popular messaging apps ranked by privacy, to going in-depth on whether Apple's newest iPhone 13 really respects your privacy as much as the Cupertino company suggests.

And the NSA does come up in the latter, particularly its PRISM surveillance program that we and the world wouldn't even know about if it wasn't for Snowden's leaks.

In any case, if you are the type of person who doesn't quite trust neither Google nor Apple to handle your private information, you may find it interesting to know about GrapheneOS.

This is an open source non-profit project developed by a small organization headed by security engineer Daniel Micay, aiming to be a "privacy and security focused mobile OS with Android app compatibility". And it is!

Even Twitter's former CEO Jack Dorsey showed interest in GrapheneOS

At the beginning of this year, Twitter's then-CEO Jack Dorsey posted a cryptic tweet with just a link to the GrapheneOS website, seemingly giving it a silent recommendation.

Of course, without much context, people were left to figure out what he was trying to say on their own, but it's safe to assume Dorsey too has an interest in this security-oriented Android OS.

What's wrong with using Android or iOS? In Edward Snowden's own words: What does GrapheneOS look like? Edward Snowden is one of the most well-known names in circles where mass surveillance and the NSA (National Security Agency) in general are often the topics of discussion.

After working with the CIA and at the NSA, in 2013 he fled the US and leaked thousands of classified NSA documents, revealing highly secret government information to the world.

As a high-profile US whistleblower, he's still unable to return to his country, currently living under asylum in Russia, which granted him an unlimited permanent residency as of 2020.

https://www.phonearena.com/news/what-does-cia-whistleblower-use-edward-snowden-graphene-os_id137050

>>15229210

Theres a fucking goat outside

NEWS | Dec. 13, 2021

NSA 2021 Year in Review

FT. MEADE, Md. – In a year still largely defined by the ongoing COVID-19 pandemic, the NSA proved once again that no matter the global climate, the mission continues. So as we prepare to usher in 2022, it is critical to look back on the many accomplishments of our workforce during the past year.

NSA Welcomed Two New Directors Arguably, among the most significant news shared this year was the new leaders of both our Cybersecurity and Research directorates.

Rob Joyce, a longtime member of the NSA family, took the reins of the Cybersecurity Directorate (CSD) shortly after Anne Neuberger joined the Biden Administration as Deputy National Security Advisor for Cyber and Emerging Technology. He has worked at NSA since 1989, holding various leadership positions within both focus areas of NSA: the Cybersecurity and Signals Intelligence missions, and most recently serving as NSA special U.S. liaison officer in London.

The Research Directorate was pleased to welcome Gilbert “Gil” Herrera as their new director in early September, after nearly 40 years at Sandia National Laboratories (Sandia). Having previously served as Director of Laboratory for Physical Sciences 2015-2018, Mr. Herrera is a recognized leader within the Department of Defense and is well positioned to lead the Directorate in world-class scientific research.

NSA Celebrated the Power of Partnerships

GCHQ

Celebrating a 75-year alliance, the partnership between NSA and GCHQ predates even the formal founding of our organizations, and has served as a remarkable example of the strong bond between our nations. The relationship defines how we share communication, translation, analysis, and code breaking information, and has helped protect our countries and allies for decades.

Showcasing a key component of the partnership, the annual Cyber Management Review, now in its fourth year, is a collaborative forum between the leadership of the National Security Agency, U.S. Cyber Command, U.K. Strategic Command, and the U.K. Government Communications Headquarters. Supported by ongoing interactions across multiple levels of the organizations, it provides guidance for future military and intelligence efforts in the cyber domain.

NCF

Building on their longstanding relationship, NSA announced a new partnership with the National Cryptologic Foundation (NCF), reaffirming their mutual commitment to building a pipeline of the next generation of cryptography and cybersecurity experts.

Research Initiatives

For the 8th consecutive year, NSA hosted the Hot Topics on Science of Security conference, or HotSOS. This year welcoming a record 1,200 individuals registering to discuss the nexus of research and cybersecurity, participants represented a mix of government, academia, and industry from 36 countries. The three-day virtual event featured keynote presentations, student presentations, and robust discussions of works-in-progress.

This year also hallmarked the National Security Agency's Laboratory for Physical Sciences (LPS) launch of the LPS Qubit Collaboratory (LQC), a Quantum Information Science research center in support of the U.S. National Quantum Initiative. The LQC offers a mechanism for collaborative research between LPS and academia, industry, FFRDCs, and Government Laboratories.

NSA Demonstrates Holistic Commitment to a Better Work Environment

In July, CAREERS & the disABLED magazine selected the National Security Agency as the 2021 Public-Sector Employer of the Year, a testament to the Agency's continued commitment to providing equal employment opportunities and fostering a fair and equitable work environment.

By constantly developing new ways to improve its recruitment, hiring, retention, and advancement of individuals with disabilities, the Agency established an initiative known as "the Big Six" to enhance the progress of building an exceptional workforce and culture. It focuses on: implementing fair personnel practices across the Agency; senior leader accountability; accessibility of facilities and usability of services; recruiting and hiring a diverse workforce; onboarding and mentoring; and developing a pipeline of diverse senior candidates.

NSA was further recognized during the Department of Defense (DoD) 41st Annual Disability Awards Ceremony in October. The virtual event honored the NSA as Best Intelligence Component and an Agency affiliate as a DoD 2021 Annual Disability Awards Outstanding Employee….

https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2871466/nsa-2021-year-in-review/

>>15229469

Good speech and true

>>15229399

What do they plan on doing to the unvaccinated during the winter? Are they going to try to kill unvaccinated?

God please stop this evil now!

>>15229591

Unless hes invited, and I just invited him and his solutions. We must give God the invitation to help us.

I’d suggest others do the same!

Thank you God fot any assistamce you will provide. Amen