Plan Now to Secure 5G, Says Government Expert
Multiple measures must be taken to ensure unhindered defense use.
The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.
“Our strategic and economic competitors will seek to dominate and yes, exploit, the evolution of this technology,” declared Wendy Noble, NSA executive director. “Given the broad application of 5G … the stakes for securing this new technology could not be higher.” Noble made these remarks at the virtual 5G Defense Tech Summit hosted by the AFCEA D.C. Chapter on April 7.
Noting that 5G is a critical strategic technology that alters the communications landscape for everyone, Noble pointed out that its high-speed networks will test cyber defenses. For the Defense Department, the main challenge is how to accelerate the development and deployment of 5G capabilities while ensuring systems are robust, resilient, reliable and secure. This applies to systems with allies and partners, she added.
Noble cited six areas of concern based on a 2019 study. The first is standards, as 5G standards and policies will serve as the foundation for securing the future 5G communications infrastructure. “It is critical that international standards and policies are open, transparent and consensus-driven,” she stated. Inadequate policies and standards, along with those influenced by strategic and economic competitors or adversaries, offer potential vulnerabilities. The result could be cyber attacks, espionage, sabotage and other adverse effects.
The second area of concern is spectrum management. An ongoing debate focuses on whether to divert Defense Department frequencies to 5G or permit industry and the Defense Department to share the bands. The department could be forced to relocate applications such as satellite connectivity. Whatever options are selected will affect military operations worldwide, Noble pointed out.
The third area is the adoption of zero-trust architectures. This will allow the Defense Department to manage risk while operating within a trusted network environment. The current model is quantum resistant, she noted.
The fourth area of concern is supply chain risk. These risks include bad companies, foreign government-backed suppliers and cyber actors. Noble cited the SolarWinds breach as an example of supply chain exploitation. “While we live in a global economy, our strategy needs to defend against a compromised supply chain where components from trusted sources are used across multiple systems,” she said. “We will continue to encourage our allies and partners to monitor their supply chains and promote similar efforts to protect their intellectual property.”
Noble continued that, if China leads the field in the development and deployment of 5G infrastructure and systems, then any future 5G ecosystem will have Chinese components embedded throughout. This in turn could pose a serious threat to the security of U.S. Defense Department operations and networks both at home and abroad, she added.
The fifth area facing 5G deployment in defense is secure code. Noble discussed one suggestion that the United States could incentivize good security in software coding and penalize firms that introduce vulnerabilities, whether intentional or accidental. The United States could impose tariffs on goods from any nation selling weakened systems, thus forcing companies and nations to implement secure coding practices to prevent exploitable vulnerabilities, she continued.
The sixth area is improved network resilience and layers of redundancy. Cyber exploitation and attacks are part of any adversary’s toolkit, she pointed out. Countering these will depend on resilient and redundant networks that maintain uninterrupted connectivity.
Multiple strategies aim to address these six concerns, Noble noted. “The Defense Department recognizes that these capabilities will become the foundation for a new networked way of supporting [the department] global operations,” she declared.