Christopher Krebs, Director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), today outlined a range of security concerns associated with deployment of 5G wireless networks in the U.S., and offered a list of top-level recommendations for government and industry to deal with them.
Those security concerns and recommendations are featured in a CISA report released today. Discussing them at an event organized by the Center for Strategic and International Studies, Krebs said CISA’s ITC Risk Management Task Force found three primary concerns with U.S. 5G deployment: technical, physical, and logistical or supply-chain related vulnerabilities.
“On the physical vulnerabilities, 5G is going to require a significant surface area, … so it’s only going to increase the potential attack surface for adversaries,” Krebs said. “How are we going to mitigate and manage against that? And lastly there are those technical vulnerabilities. As we deploy 5G, it’s going to be built on 4G, it’s going to be built on 3G. What vulnerabilities are we inheriting from the prior deployments in the immediate 5G deployment?”
The new report offers six mitigation recommendations to address the risks of 5G deployment, Krebs said. These strategies suggest that government agencies:
- Encourage the development and deployment of trusted 5G technology equipment and services;
- Encourage continued trusted development of future generations of communications technologies;
- Urge “international standards and processes that are open, transparent, consensus-driven, and that do not place trusted companies at a disadvantage;”
- Limit the adoption of untrusted equipment;
- Continue collaboration with industry on risk identification and mitigation; and
- Push for sharper security capabilities across applications and services.
Krebs emphasized that those recommendations require government-wide collaboration to successfully deploy 5G, not just collaboration with industry.
“It’s going to take all of us working together,” he said. “No one agency is going to be able to engage in this conversation, this dialogue, and these deployments going forth. It’s going to take all of us working together on that.”