The Confluence of Cloud, Compute and Connectivity
The fifth generation, or 5G, of wireless and mobile communications will transform cloud computing and other networking capabilities.
In the 5G era, the next wave of cloud will be an evolution from the on-premises, hybrid cloud instantiations. At the end of a network or a node, at the so-called edge of an environment, the ecosystem of users and devices will have access to cloud services and technologies in new ways. And in this generation of cloud, telecommunication carriers may be the drivers of cloud offerings.
With the input of the Defense Department’s chief technology office and the military services pursuing 5G, the Cybersecurity Directorate at the National Security Agency (NSA) is investigating what this confluence of cloud, compute and connectivity may look like and how to ensure that the environment is secure from a cyber standpoint. And on behalf of future Defense Department end users in the continental United States (CONUS), the directorate’s officials are also figuring out what these customers will need to request information about their future 5G and cloud services from telecommunication carriers, technology providers and cloud service providers, explains Neil Ziring, technical director of NSA’s Cybersecurity Directorate.
“Our primary role as NSA Cybersecurity is to bring a security viewpoint to that work, to help our DoD [Defense Department] customers and partners understand what they should be asking of their service and technology providers and a little bit about the security integration they will need when they connect to new 5G networks, whether it is in a service provider network capacity or in a private network for their Defense Department enterprise system,” Ziring says.
The Cybersecurity Directorate is partnering with telecommunications, cloud providers and technology developers to understand their products and service offerings better “because that is essential to be able to apply to the rest of the DoD,” he states. “My personal feeling is that the providers are still ramping up in this space. They are bringing their service offerings along, but we are all in the early stages of 5G.”
The marketplace for CONUS Defense Department facilities and organizations harnessing 5G networks will be vast, given the powerful capabilities 5G is ushering in, such as smart facilities and autonomous vehicles. The associated telecommunications, technology and cloud-related offerings will abound.
“I think an important part of that is that the providers are looking at it as being able to provide differentiated services,” Ziring emphasizes.
In fact, it may be these companies that drive the market. For example, telephone and device company Ericsson sees the opportunities as transformational.
“5G and the massive increase of computer power in the network will transform the telecom industry like never before,” says Erik Ekudden, group chief technology officer (CTO) and head of Technology and Strategy at Ericsson. “Service providers, offering the most value added in emerging edge ecosystems, stand to gain most from lucrative new pathways into 5G cloud revenue streams.”
And although telecommunication carriers are not necessarily cloud service providers now, they could be in the future, through partnership agreements with a cloud company or even through their own services.
“The market continues to evolve,” Ziring observes. “My expectation is that as the DoD really starts adopting more 5G services, they will in fact work with both your big commercial carriers and the cloud providers, with whom they are already working for cloud services. And it is also the case that the cloud providers and the telecom carriers are working together to provide integrated service offerings.”
The technical director is already seeing shifting 5G telecommunication service offerings in the marketplace related to cloud. “I have noticed some of the cloud providers offering, or stating that they will offer, private 5G services as a cloud service,” Ziring shares. “In those cases, as I understand it, they are partnering with some of the big equipment providers, Nokia, Ericsson, etc., to be able to offer these deployable 5G service platforms that then back-end into their cloud.”
“That is another area that we are continuing to study,” and how those services “compare to other offerings and what is the best situation for DoD …. as we do not know yet,” he adds.
One offering that the NSA is watching closely is so-called network slicing. The ability to separate or “slice” a 5G network into subnetworks for designated users at specific security levels could prove to be very versatile at CONUS military facilities.
“Slicing is a fairly new [concept],” Ziring clarifies. “5G service providers can set up independent, logical networks across the same 5G infrastructure. We think that is going to be really important for defense use cases. They know to designate service onto that slice by certain users and devices, certain vehicles, etc., and then provide levels of security protection, isolation and access to particular networks only to the authorized members of that slice.”
The telecommunication carriers would be offering network slicing services as a feature of 5G. They would provide a set of service guarantees or security guarantees to a subset of subscribers, keeping those customers separate from the rest of the users at a location, with specialized services just for that subset of users, Ziring offers.
“We think that is going to play a big role in how DoD and possibly other parts of the government will consume 5G services,” he states. “A government agency or a military service may have a specialized need, and they will go to the provider and say, ‘These are our needs. We want a slice that our devices will go on. We want these service guarantees.’ 5G is set up to do that in ways that 4G is not. We think that will be a powerful benefit as the providers move in to offer 5G services.”
Moreover, network slicing will not require a further investment of supporting technologies to be put in place. “Although there will be a lot of work to get 5G deployed at a facility, in many cases, you may need new antennas, for example, or edge compute—something that is not there today for slicing in particular. The benefit is that it should just be part of your service,” the technical director notes. “[It will] indicate which devices are authorized to go on a slice. It should not be necessary to do anything with the hardware in order to gain those benefits. You don’t have to change out hardware to change your service levels for security features those individual devices or sets of devices will be receiving.”
Naturally, in an advanced wireless ecosystem, cybersecurity must be a part of any 5G, cloud or technology solution. The NSA, being the champion of the Commercial Solutions for Classified Program, or CSfC, is considering how the construct will apply to 5G and cloud-related military capabilities. “5G deployments on military bases all will be unclassified,” Ziring explains. “If we want to do classified work over them, the way that we will do that is the way we do classified mobility now, through the CSfC, Commercial Solutions for Classified.”
The technical director is joining officials from the CSfC Program Management Office to start examining the considerations. “We think that the general architecture of classified mobility will remain the same,” the technical director says. “But being able to isolate that traffic onto a dedicated slice will give us some additional things to monitor and additional abilities, with the right bandwidth and latency properties, for CSfC to work well. And we are still thinking about how the CSfC mobile access capability package might need to change or evolve as we move into a 5G architecture and whether it would differ, for example, with public 5G or private. We don’t know yet. It is still early days.”
For any military 5G-related cloud, technology or network solutions, providers will have to meet the scaling needs of the Defense Department with potentially 2.86 million users. The services are just in the beginning stages of evaluating capabilities through several smaller-scale 5G-related pilot programs.
“We are thinking hard about that,” Ziring says. “The pilots that are going on right now are not huge, so we haven’t had to stare that issue in the face yet. The real key to scaling up is automation. On the side of our own networks, as the DoD moves into a zero-trust architecture, we are going to have to automate, and in a lot of ways, we are already doing this. A lot of services are implementing automated security monitoring, identity monitoring, authentication and authorization. And those will be even more important as we move into 5G because devices will be coming to our networks over these service provider networks. And if we want to scale up to large numbers of devices, large numbers of users, we have to automate all of that.”
Lastly, Ziring stresses that the issues surrounding cloud services, wireless network functionality and communication solutions are long-term considerations. “5G is going to be our mobile telecom future for many years,” he notes. “People are talking about 6G, but that is quite a ways off. And the DoD is going to use 5G in all sorts of ways. Some are in ways we haven’t even thought of yet, so NSA Cybersecurity is settling in for the long haul on this. We are establishing partnerships with private industry, with other parts of government, building up expertise in our folks and talking to academia about it because we know this is going to be a long-term commitment.”
“I think an important obligation for the DoD and one that we here at NSA need to help with is understanding what exactly the security requirements are we are going to ask of these providers, the telecom carriers, the cloud providers, and in how they will work together, so that we can procure from them services that meet our particular military needs,” he says.