The futuristic world that movies foretold hinges on a new faster, broad-spectrum wireless network. Autonomous vehicles, drone delivery and remote medical procedures can be carried out only with 5G. But as 5G rolls out, security concerns roll in. This time, the Cybersecurity and Infrastructure Security Agency (CISA) is one step ahead in protecting its prized assets.
Challenge: Into the Unknown
5G is coming. It’s inevitable. And in many ways, it’s already here.
The fifth generation of wireless technology that will transform telecommunications networks has every sector of the U.S. frantically preparing for its widespread adoption. The faster, federated 5G network will enable possibilities unachievable until now, such as truly autonomous cars on roadways, package-delivering drones and increasingly realistic virtual and augmented reality, using all parts of the spectrum.
Because it exists as a wireless network, 5G will soon usher nearly every smartphone user into the movement.
If all of that sounds like good news, that’s because it is. The challenge arises in the wider attack surface that results from increased mobility and more devices.
CISA, part of the Homeland Security Department (DHS), has carried the flag for network security in the U.S. Although widespread use of 5G is not expected for another two to three years, CISA is preparing for how to protect assets in an increasingly remote and networkdriven security environment.
Cyberattacks are only increasing in number, and soon, they will have more targets. Attacks on 5G-enabled systems could be catastrophic – the compromise of drones or autonomous vehicles could endanger public safety. Before 5G hits the market fully, the U.S. government is readying its people, policies and systems.
Solution: Building Before Launch
No single solution exists for 5G security. As is the case across the federal government, modern security philosophies emphasize “safe, not sorry” authentication and authorization, permitting users access to only the systems they need while constantly verifying identity.
Zero trust is one such approach, a cybersecurity strategy that emphasizes security where users are as opposed to where data is stored. But that’s not what will explicitly prevent cyberattacks from penetrating 5G’s broadened range of devices.
CISA Assistant Director Bill Kolasky told GovLoop that 5G is just another evolving technology, and it is a product of an environment of big data and mobility. Kolasky, who leads the National Risk Management Center (NRMC), which works to identify and manage the nation’s top threats, emphasized that standards, regulation and collaboration would help guide 5G’s expansion in a way that did not carry significant risks to the U.S..
“We insist that we participate in the standards bodies,” Kolasky said, noting that his team collaborates with industry on international boards and partnerships.
Fully rolling out 5G will also require that related systems catch up to the technology. Legacy systems that interact with or support 5G can present preventable vulnerabilities, so achieving a modern, software-secured network that can extend protections to networks’ edges networks will be crucial.
Widespread 5G usage is not expected until 2022, meaning government has another few years to prepare — an important advantage over attackers.
Outcome: A Model for Emerging Tech Security
Although 5G already exists in select locations such as big cities and stadiums, overall, the federal government is ahead of the game.
CISA revealed an unclassified and public version of its risk overview for 5G in late July 2019, forecasting what government and industry need to do to prepare for the nascent technology. The International Telecommunication Union (ITU) and 3rd Generation Partnership Project (3GPP) are finalizing international standards. Industry and government are plotting out rural road maps for 5G.
Meanwhile, national and international companies, boards and governments are meeting to lay the preparatory groundwork for 5G.
Kolasky said that in many ways, the rollout to 5G has been a model for security. Although elements of 5G remain unpredictable, the stakeholders are filling potholes on the road to the next-generation wireless network – accounting for security and economic and technological impacts.
“One of my key points when I talk about this is we’re having the 5G security conversation before the 5G network becomes a reality, rather than after it is,” Kolasky said. “And I think that’s important because we can shape the 5G network and deploy it securely.”
Too often a new innovation is pushed to the market for the socioeconomic benefits, leaving security in the dust, he said. Then, teams like CISA have to react.
The buildup to 5G is different. Kolasky said that the 5G model could serve as an example for innovations going forward: Put security first, and everyone will be on the same page.
This blog is an excerpt from our recent guide, “Technology Transformation Strategies: From Idea to Implementation.” Download the full guide here for best practices.