Four lines of effort guided by risk management, stakeholder engagement, and technical assistance need to underpin resilient and effective rollout of 5G connectivity, says the Cybersecurity and Infrastructure Security Agency’s new 5G strategy.
The document says deployment of the next generation of mobile communication networks must focus on facilitating domestic 5G rollout, assessing risks to and identifying core security principles of 5G infrastructure, addressing risks to U.S. economic and national security during development and deployment of 5G infrastructure worldwide, and promoting responsible global development and deployment of 5G.
“The deployment of 5G technologies will enable new innovation, new markets, and economic growth around the world. Tens of billions of new devices will be connected to the Internet in the next few years. Given 5G’s scope, the stakes for safeguarding our networks could not be higher. The vulnerabilities that will come with 5G deployment are broad and range from insider threats to cyber espionage and attacks from sophisticated nation-states,” CISA Director Chris Krebs said in a message at the beginning of the strategy.
“Now more than ever, trust in our services and the underpinning equipment is paramount,” he added. “We must realize the importance of managing risk associated with 5G deployment because there are certain areas of critical infrastructure – automated health care, telecommunications backbone, sensitive military and government facilities, and mass transit – where the scale of 5G changes the nature of risk to critical functions.”
The fifth generation of wireless technology promises one hundred times the network capacity and download speeds, and data response times as low as one millisecond. The National Strategy to Secure 5G was rolled out this spring and expanded on the National Cyber Strategy, which says the United States government “will work with the private sector to facilitate the evolution and security of 5G, examine technological and spectrum-based solutions, and lay the groundwork for innovation beyond next-generation advancements.”
The CISA 5G Strategy “seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that enables enhanced national security, technological innovation, and economic opportunity for the United States and its allied partners.”
Those partners include federal departments and agencies; state, local, tribal, and territorial government agencies; industry; non-governmental organizations; and international allies.
The first strategic initiative is to “support 5G policy and standards development by emphasizing security and resilience,” with the objectives to “expand and coordinate participation in government and industry 5G working groups and standards body meetings,” “partner with trusted market leaders to increase 5G standards contributions,” and “support international 5G security and resilience policy framework development efforts.”
The second is to “expand situational awareness of 5G supply chain risks and promote security measures,” with the objectives to “collaborate with Information and Communication Technology (ICT) supply chain efforts within the Federal Government to unify 5G supply chain risk management workstreams,” “develop a common framework to evaluate, prioritize, and communicate 5G supply chain risks,” and “create customized outreach materials promoting supply chain risk management strategies.”
The third strategic initiative is to “partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments,” with the objectives to “collaborate with national laboratory and technology centers to evaluate key existing 5G components and identify security vulnerabilities,” “direct engagements to promote security and resilience of 5G deployment across the critical infrastructure sector and SLTT communities,” and “coordinate across the Federal Government to engage with international partners and promote 5G deployment best practices.”
The fourth is to “encourage innovation in the 5G marketplace to foster trusted 5G vendors,” with the objectives to “collaborate with federal interagency partners to establish R&D projects focused on emerging 5G technologies and capabilities,” “analyze and report the long-term risks of untrusted 5G component vendors,” and “partner with U.S. Government (USG) prize competition programs to influence and establish 5G innovation challenges.”
And the final strategic initiative is to “analyze potential 5G use cases and share information on identified risk management strategies,” with the objectives to “identify, prioritize, and evaluate potential 5G use cases in real and simulated environments,” “develop and deliver 5G technical assistance offerings to address stakeholder specific use cases,” and “leverage industry expertise and analysis to develop informational materials promoting security best practices for 5G enabled IoT devices.”
CISA says 5G networks will “spark an industrial revolution that will enable the development of many new and enhanced services like autonomous vehicles, smart cities, augmented reality, and remote surgery,” thus “the stakes for safeguarding the network against these vulnerabilities could not be higher.”
“The use of established critical infrastructure sector partnerships will be one of the backbones of CISA’s efforts within 5G, as the nature of the risk environment precludes any single entity from managing risk entirely on its own,” the strategy adds.