The modernization of wireless technology is well underway with 5G deployments -- and so are the attacks. In response, MITRE, along with the Department of Defense, announced an adversarial threat model for 5G systems to help organizations assess the threats against their networks.
A "purpose-built model of observed adversary behaviors," FiGHT (5G Hierarchy of Threats) is a knowledge base of adversary tactics and techniques for 5G systems. The framework empowers organizations to "reliably assess the confidentiality, integrity, and availability of 5G networks, as well as the devices and applications using them," according to MITRE.
FiGHT is similar to MITRE ATT&CK, a knowledge base of adversary behaviors seen in attacks against the broader ecosystem. In fact, FiGHT is derived from ATT&CK, making FiGHT's tactics and techniques complementary to those described in ATT&CK. The FiGHT Matrix lists tactics used in attacks as columns, and some of the items listed are actually ATT&CK techniques or sub-techniques relevant for 5G.
Tactics and techniques are grouped across three categories: theoretical, proof-of-concept, and observed. At the moment, most of the techniques are categorized as either theoretical or proof-of-concept as the information is based on academic research and other publicly available documents. Just a minority of the techniques described in FiGHT are based on real-world observations, reflecting the fact that the number of 5G attacks are still relatively low.
Even though 5G has built-in security features, there still some risks and vulnerabilities to be aware of.
"We identified an industry need for a structured understanding of 5G threats because even though 5G represents the most secure cellular standard to date, it can be implemented and deployed in ways that still have risks and vulnerabilities," Dr. Charles Clancy, senior vice president and general manager of MITRE Labs, said in a statement.
During this year's RSA Conference, researchers from Deloitte & Touche described a potential avenue of attack targeting network slices, a fundamental part of 5G's architecture. Enterprises rolling out 5G LANs also need to consider that the new capabilities that come with these environments, such as cross-network roaming and cloud edge services, also increase that attack surface.
FiGHT can be used to conduct threat assessments, enable adversarial emulation, and identify gaps in security coverage. Security teams can also use FiGHT to determine which areas the organization should be investing in.
"FiGHT helps stakeholders assess where cyber investments should be made to achieve the highest impact as they build, configure, and deploy secure and resilient 5G systems," Clancy said.