The Expert's View with Jeremy Kirk

Memo to the White House: Forget the 5G Moonshot

Private Sector Already Has Sufficient Incentives to Build Secure Mobile Systems
Memo to the White House: Forget the 5G Moonshot
U.S. government: China is the dominant malicious actor in cyberspace. (Source: Axios)

On Monday, news site Axios broke a significant story: Fearing that China is spying on phone calls, the U.S. government believes it should spearhead the rollout of 5G networks to ensure they offer better security.

See Also: Webinar | Prisma Access Browser: Boosting Security for Browser-Based Work

The leaked slides and memo from the National Security Council propose that the U.S. should develop the infrastructure, wireless and network security standards for 5G deployment. It advocates an aggressive three-year timeline, likening the project to the 1969 moon landing.

The FCC has since registered its opposition to such a plan, and the Trump administration says discussions are in early stages, according to CNN.

Setting aside the issue over alleged Chinese phone hacking, the broader security argument outlined in the documents is well-trodden: Many Western governments have expressed fears over Chinese vendors' dominance, including manufacturers such as Huawei, which build widely used networking systems that could open doors for Chinese intelligence.

The presentation is not short on superlatives. The title is an "Eisenhower National Highway System for the Information Age" and it refers to the project as a "moonshot."

"Much like concertina wire on a beach facing assault, or a city wall meant to keep out bandits, the case can be made that a nationwide secure network is required to create a defensive perimeter in the information domain," the slide presentation reads.

U.S. government: Let's build oceans around 5G. (Source: Axios)

But You Canceled Security

My reaction: Oh, but where to begin?

For starters, the proposal has already raised eyebrows, because President Donald Trump's 2016 presidential campaign emphasized his intention to roll back government regulation. That's, in part, what makes the security focus of the memo so interesting.

Since their publication, however, the documents have drawn rebukes from all corners. One opponent is Tom Wheeler, who was chairman of the U.S. Federal Communications Commission for four years until Trump became president in January 2017. Writing for The Brookings Institution, Wheeler says such government intervention would raise carriers' 5G investment uncertainty.

Wheeler also addresses the security argument. He notes that the FCC warned Trump's transition team "that a FCC retreat from ongoing cybersecurity activities would have dire consequences for 5G and the future of the nation's critical communications infrastructure."

Nevertheless, when current FCC Chairman Ajit Pai took office, Wheeler writes, the agency repealed an FCC requirement from December 2016 specifying that 5G technologies must have built-in cybersecurity standards.

"It was a little noticed and highly significant repeal of a historic FCC action: The Obama FCC had for the first time in history required that cybersecurity be a priority rather than an afterthought in planning for a new network," Wheeler writes. "The industry opposed the idea, and the Trump FCC bowed to their wishes, cancelling an ongoing proceeding on the topic."

5G: Fast, Potentially Dangerous

Global carriers are already developing 5G technology; trials are underway. The 3GPP, the global standards organization, released its first specifications for 5G last December. AT&T and Verizon plan to launch 5G coverage in some areas of the United States by the end of the year.

When 5G is widely deployed, it will have a vast impact. The lightening data speeds and high reliability could provide the backbone for all kinds of internet of things devices that will employ machine-to-machine communication, including life-saving systems in medical devices and vehicles. 5G networks will also accommodate stronger encryption, which will be key to better protect voice, data and location data from spies and equipment such as IMSI catchers.

But the features that make 5G attractive could aid nefarious activity - think along the lines of distributed denial-of-service attacks to botnets. A report released last year by Cisco contends that when 2G and 3G networks were launched, it was mostly a small subset of insiders and elite encryption experts who used manual attack vectors. That has changed.

"Even back in 2009 when 4G was launched, the security threat landscape was nothing like today's," Cisco writes. "5G is the first cellular generation that will be launched in the era of the Internet being 'weaponized.'"

Nationalization Upsides? About That ...

How involved should the U.S. government be to avoid a 5G security mess? The answer: Somewhat involved, but not completely in charge.

Government experts should, of course, advise on standards development so that security-positive decisions get made. But international bodies such as the 3GPP and operators have incentives to ensure that security remains at the forefront of their efforts, because network problems and hacks would diminish customers' confidence and could have bottom-line impacts.

The NSC memo and slides, however, are couched in language suggesting that having the U.S. government wrap its arms around a 5G project would solve potential security problems. It would not. Nationalization would bring unrelated entanglements that ultimately take the focus away from the security picture.

Meanwhile, if the immediate concern is Chinese phone hacking, there are already plenty of alternatives to making voice calls over insecure mobile networks. Encrypted messaging software such as Signal and WhatsApp - and most recently, Skype - all use the Signal protocol, which is regarded as the gold standard for content encryption.

That's not to say those applications will never be undermined. But they're feasible, already available alternatives that don't require building a network at a cost of hundreds of billions of dollars, with Uncle Sam in charge.



About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.