Date and Time
Tuesday, 14 NOVEMBER 2023 // 14:00 - 15:30 // EASTERN STANDARD TIME (EST)
Moderator
Scott Poretsky, Director of Security, Ericsson North America
Panelists
- Mike Loushine, Cybersecurity Lead, AT&T Chief Security Office
- Taha Sajid, 5G Principal Security Architect, Comcast
- Yousif Targali, 5G Security Architect, Verizon
Scope
Zero trust architecture (ZTA) is the evolution of the zero trust concept to a concrete plan that provides defense from external and internal threats. In a ZTA, assets and resources are secured as micro-perimeters and no internal subject (user or digital system) is assumed to be trusted. ZTA is an important goal for securing critical infrastructure, including mobile networks, to protect against threat actors seeking to achieve network disruption or data breach.
5G is the most secure generation of mobile technology standardized to date. While the end-to- end 5G System (5GS) has many security features that align with a zero trust architecture (ZTA), the 5GS is not a ZTA as defined by the NIST seven tenets for zero trust [NIST SP 800-207]. It is important that the security posture of 5G specifications continue to progress toward a ZTA with multi-layer confidentiality, integrity, availability, and authenticity protection from internal threats, in addition to traditional perimeter defenses from external threats. There is a window of opportunity to build-in ZTA to 6G standards that will soon be developed in 3GPP, O-RAN ALLIANCE, ATIS and other relevant industry bodies.
The cloud introduces security advantages for critical infrastructure, but it also expands the attack surface due dependency on third-party software and infrastructure. Recent cyberattacks show the risk in the cloud due to evolving threats performing reconnaissance and exploiting vulnerabilities for lateral movement. As 5G radio access networks (RAN) and Core (5GC) migrate to cloud- native deployments, it is important to assess the security posture for a ZTA. Cloud-based deployments must be realized with a strong security posture that takes a risk-based approach striving towards a zero trust architecture (ZTA) to protect network functions and data.
This panel brings together leading 5G cybersecurity experts from mobile network operators to discuss their insights for securing 5G RAN and Core with pursuit of a ZTA. Example questions that could be addressed include:
- Why is there so much interest in ZTA for mobile networks?
- Is ZTA achievable in 5G?
- What security controls are needed to achieve a ZTA in mobile networks?
- CISA advises an incremental approach for a ZTA using the 4-stages of its Zero Trust Maturity Model. How would you recommend to have the increments implemented?
- What role will ZTA play in 5G cloud deployments?
- How do 3GPP and O-RAN security specifications align with ZTA?
- What can be done to build ZTA for 6G standards?
SHORT BIO of Moderator and Panelists
Scott Poretsky is Ericsson North America’s Director for Security, Network Product Solutions focusing on securing 5G, Open RAN, and cloud deployments of critical infrastructure built upon a zero trust architecture. He has over 25 years of industry experience in a variety of networking and security technologies. Scott is Ericsson’s voting member at the O-RAN Alliance’s WG11 - Security, where he is a rapporteur and leading contributor for multiple security work items.
Scott currently serves as Co-Chair for the ATIS TOPS Council’s 5G Zero Trust Study Group. Scott served as Ericsson’s delegate to FCC CSRIC VIII WG2 on Open RAN and WG3 on 5G Virtualization and has represented Ericsson in other industry-government collaborative working groups including NSA ESF, NSTAC Subcommittee for Communications Resilience, DHS CISA ICT SCRM, and FCC CSRIC VII. Scott is Ericsson’s security delegate to 5G Americas where he was co-lead author of two industry papers. He is a member of the CTIA 5G Security Test Bed TAC, CTIA Cybersecurity Working Group (CSWG), and Comm Sector Coordinating Council (CSCC) 5G Committee. He is an IEEE Senior Member and member of the Advisory Board for IEEE ComSoc's technical committee for Communications Quality and Reliability (CQR). Scott is a Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) and holds an MSEE from the Worcester Polytechnic Institute (WPI) and BSEE from the University of Vermont.
Mike Loushine is a Cybersecurity Lead in the AT&T Chief Security Office. Mike develops cybersecurity mechanisms and platforms for mobility and enterprise systems. Mike has over three decades of experience in the communications industry within various engineering and research capacities. Mike currently serves as an AT&T delegate to the O-RAN Alliance Security Working Group and the 3GPP SA3 Security Working Group. Within these and other standards development organizations Mike works with mobile network operators and vendors to drive security into mobility standards and to establish industry-wide best practices. Mike regularly contributes to industry alliances focused on emerging cybersecurity requirements and solutions for 5G, Next G, and 6G systems.
Mike joined AT&T in 2016 after 17 years in the roles of Director, Chief Scientist, and Senior Scientist at Telcordia Applied Research and (then renamed) Applied Communication Sciences. Mike performed research in wireless communications technology including Wi-Fi positioning, 4G mobile networks, and security. His technical and business contributions were recognized with three CEO Awards.
Mike earned a Bachelor of Electrical Engineering from the University of Minnesota and a Master of Science in Electrical Engineering (Communications Theory) from The George Washington University.
Taha Sajid is a Principal Security Architect, responsible for securing 5G Core, RAN and cloud deployments. He specialized in 5G network assessments, architecting security solutions and leading security operations across the network architecture. He is also part of several working groups for Zero Trust Security initiatives and security standards design with in Comcast and industry alliances like ATIS, IEEE and 3GPP.
In addition to telecom, he is also well versed in Blockchain and Fintech security, has authored a book “Mastering Blockchain Security” as well as authored several e-learning courses. He is part of a digital currency think tank, aimed to help central banks and financial institutions for secure development of blockchain projects.
Due to his contribution to the 5G and Blockchain industry, he is recognized as the global thought leader. Taha holds a Certified Information Systems Security Professional (CISSP),
Huawei Certified ICT Professional (HCIP-5G), along with MSc in Blockchain and Digital currency from the University of Nicosia. He also has a YouTube channel, where his videos on 5G Design and Security has gained lots of traction.
Yousif Targali has 20+ years of experience in the security and telecom industry. He is currently a member of the Standards Planning Organization at Verizon, in which he represents Verizon in the 3GPP SA3 and O-RAN security working groups. Before joining the standards team, Yousif was a member of the Network Security Planning Organization at Verizon. Yousif’s responsibilities included driving 5G security planning strategy, focusing on 5G RAN and Roaming security.
Prior to joining Verizon, Yousif held variety of positions at T-Mobile USA. He was 3GPP SA3 Security and Lawful Intercept standards delegate, where he was leading T-Mobile’s 5G security
standards strategy. Yousif also held the position of principal security architect in the Digital Security Organization at T-Mobile, where he was leading mobile networks security strategy.
Yousif has several security and wireless patents and contributions to different standards bodies and industry forums. He also holds a Ph.D. in mobile communications from University of Essex in the UK.
