This is the first in a series of feature articles highlighting the Department of Homeland Security Science and Technology Directorate’s (S&T) work related to 5G.
You no doubt have seen the numerous television commercials touting the introduction of the next cellular technology: fifth generation wireless technology, more commonly called 5G.
5G builds upon existing telecommunication infrastructure to improve bandwidth and capabilities and reduce network-generated delays. However, 5G also carries over and introduces new risks that must be addressed to ensure its secure and safe use by the government and private sectors, including everyday citizens. Together, S&T and the Cybersecurity and Infrastructure Security Agency (CISA) are working to do just that.
The complete evolution to 5G will take years—expected by 2022—but its goals are to meet increasing data and communication requirements, including capacity for tens of billions of connected devices that will make up the internet of things, ultra-low latency—the delay in communications between connections—required for near-real time communications, and faster speeds to support emerging technologies. 5G networks currently are in development; right now, availability is limited to urban areas around the country.
Wireless Precursors and 5G Benefits
Roughly every 10 years, the next generation of mobile communication networks is released, bringing faster speeds and increased capabilities. The first-generation (1G) wireless network enabled the first cell phones, 2G brought improved coverage and texting, 3G introduced voice with data/internet, and 4G/4G long-term evolution (LTE) delivered increased speeds to keep up with mobile data demand.
5G technology promises to completely transform telecommunication networks, introducing a wealth of benefits such as:
- 100-times-faster download speeds—for instance, a 3-gigabyte movie will now download in only 35 seconds;
- 10-times decrease in latency—this will enable new capabilities, such as remote surgery and self-driving cars; and
- increased network capacity—this will allow millions of devices to be connected to the same network within a small geographical area.
These benefits will pave the way for additional new capabilities and support connectivity for applications like smart homes and cities, industrial automation, autonomous vehicles, telemedicine, and virtual/augmented reality.
“From my perspective, 5G is the single biggest critical infrastructure build that the globe has seen in the last 25 years and, coupled with the growth of cloud computing, automation, and future of artificial intelligence, demands focused attention today to secure tomorrow,” said CISA Director Christopher Krebs in the agency’s 5G Strategy report.
Initial 5G deployments will operate on a non-standalone (NSA) network—in other words, operate on existing 4G and 4G-LTE infrastructure and 4G/5G hybrid infrastructures. The complete evolution to standalone 5G networks is likely two years away. But in the interim, the goal remains to meet increasing data and communication requirements through NSA networks, all while securely and safely reaping 5G’s benefits and possibilities.
5G Risks and Managing Vulnerabilities
As the nation’s risk advisor, CISA has determined that 5G implementation will introduce vulnerabilities in the following critical areas:
- Supply Chain: The 5G supply chain is susceptible to the malicious or unintentional introduction of risks like malicious software and hardware, counterfeit components, and poor designs, manufacturing processes, and maintenance procedures.
- Deployment: 5G will use more information and communication technology (ICT) components than previous generations of wireless networks. Improperly deployed, configured, or managed 5G equipment and networks may be vulnerable to disruption and manipulation.
- Network Security: 5G builds upon previous generations of wireless networks and is currently being integrated with 4G LTE networks that contain some legacy vulnerabilities, such as Distributed Denial of Service attacks and SS7/Diameter challenges. These vulnerabilities may affect 5G equipment and networks even with additional security enhancements.
- Competition and Choice: Despite the development of standards that encourage interoperability, some companies are building proprietary interfaces into their technologies, which limits customers’ choices to use other equipment. Lack of interoperability with other technologies and services limits the ability of trusted ICT companies to compete in the 5G market.
To address these critical challenges, CISA and S&T are advocating that government and industry work collaboratively to maximize 5G’s benefits and promote its security and resilience.
Strategic Approaches to 5G R&D, Deployment, Standards
Following are a range of strategies CISA, S&T, and other federal government and private-sector entities are pursuing:
- Encouraging continued trusted development of 5G technologies, services and products — National investment in research and development (R&D), economic incentives for manufacturing, and buying trusted components (or using economic deterrents for purchasing and installing untrusted components), will increase trusted production and lower the risks of malicious untrusted technologies.
- Encouraging continued trusted development of the next generations of communications technologies—5G technologies and standards will build upon themselves over time and security enhancements will continue. This development will occur in individual companies and in standards-making bodies as markets for new services take shape. However, the United States can encourage and invest in such development, potentially decreasing the influence of adversarial nations and decreasing U.S. reliance on untrusted technologies.
- Promoting international standards and processes that are open, transparent, and consensus-driven and do not place trusted ICT companies at a disadvantage—Global standards bodies, including the International Telecommunication Union and the 3rd Generation Partnership Project, should promote currently-adopted 5G-related standards and collaborate on their development.
- Limiting the use of 5G equipment with known or suspected vulnerabilities—The federal government is limiting the adoption of 5G equipment that may contain vulnerabilities through Section 889 of the 2019 National Defense Authorization Act, The Federal Acquisition Supply Chain Security Act, and Executive Order 13873 “Securing the Information and Communications Technology and Services Supply Chain.”
- Engaging with the private sector on risk identification and mitigation efforts—The private sector can help mitigate 5G vulnerabilities and provide insight on where government support or intervention is needed, such as the development of best practices, convening industry and government partners, and prohibiting untrusted equipment will help secure 5G technologies and networks.
- Ensuring robust security capabilities for 5G applications and services—The federal government and industry partners will take a prevention-focused approach developing security capabilities that protect not only the 5G infrastructure, but also the applications and services that utilize it. Secure 5G applications and services will likely mitigate the risk of malware being transported across protected devices and defend against unauthorized command and control from exploited connected devices. Secure infrastructure will also guard against these threats and mitigate lateral threat movement within the 5G network.
What’s Next in 5G R&D at S&T
S&T’s Mobile Security R&D Program will soon be launching “Secure and Resilient Mobile Network Infrastructure” (SRMNI) R&D projects to support CISA’s number-one priority: securing the wireless communications supply chain and Goal 4 of CISA’s 5G Strategy. These SRMNI projects also support the National Strategy to Secure 5G (PDF, 11 pgs., 602KB) and its Implementation Plan.
“The benefits and new capabilities that will be realized through the adoption of 5G will provide tremendous value to the nation, its people and its economy,” said William N. Bryan, Senior Official Performing the Duties of the Under Secretary for Science and Technology. “S&T is engaging with its private-sector R&D partners to develop solutions that will make 5G adoption secure, ensuring that its promised benefits will be realized at all levels of government and by all private entities.”
The SRMNI project, which has an overarching goal to ensure secure and resilient critical mobile communications networks, will create innovative approaches and technologies to protect legacy, current and 5G mobile network communications, services and equipment against risks identified in the DHS Study on Mobile Device Security.
More specifically, the SRMNI project area’s 5G network security focus will develop innovative approaches that will leverage 5G to define methods and approaches to achieve:
- Flexible 5G security architecture tailored for a government environment
- Government-controlled security policy
- End-to-end security for the mobile device to the core
- Approaches to implement interoperable secure unclassified voice across Federal Government departments and agencies
We’re Just Getting Started
5G wireless technology will introduce a wealth of benefits that will pave the way for new capabilities and applications, transform the digital landscape and be a catalyst for innovation, new markets, and economic growth. But first, CISA and S&T are working on dual, but complementary, tracks to ensure its safety and security before 5G’s widespread availability across the country and certainly prior to the introduction of 6G technology, which already is in development.
Stay tuned for additional articles in the S&T 5G series.