Federal Officials Stress Need to Build Security Into 5G

The Federal government is looking forward to implementing 5G wireless services as they become available, but building security into 5G services from the beginning will be key to a successful implementation, said officials from the Department of Defense (DoD), the Cybersecurity and Infrastructure Security Agency (CISA), and the General Services Administration (GSA).

At ATARC’s Federal Mobile Technology Summit today, the subject of supply chain security took up a large part of the discussion – similar to the broader conversation around 5G – with executive orders and multiple pieces of legislation focused on 5G suppliers.

“In the past, we’ve only really addressed the cybersecurity or physical security, but that’s changing. Now, security is viewed under a new lens, with a focus also on national security,” said Mark Norton, an engineer with DoD’s Office of the CIO. “Our new security requirements must address those national and cybersecurity concerns together,” he added.

“I think that more and more, we’re starting to see the terms and conditions move forward in the way we procure service-enabling devices, and especially the agencies who own their infrastructure, how they procure their equipment is going to be impacted. The question is how is that going to be impacted, and what are going to be the impacts from an efficiency perspective” said Sam Navarro, wireless mobility program manager at GSA.

While security is key, government and the country as a whole can’t afford to fall behind on 5G.

“We can’t allow mistakes of the past to creep into the way we take our approach,” said Navarro, using drone aircraft as an example. “The United States actually created the market for unmanned aerial vehicles (UAVs) and our inability to quickly respond from a policy perspective and put out guidelines that industry could leverage to continue innovating in this space allowed other countries to take an advantage on UAVs,” he added.

The confluence of emerging technologies – including the Internet of Things, artificial intelligence (AI), and 5G – will also be a key factor to consider.

“I’d argue we probably don’t really know the applications yet, so we have a tough road – or a very fun road – to figure out how we will adapt security to our considerations,” said Norton. “I’d also like to see some more fun stuff on how we’re going to use mobile in the future,” he added.

To support the development of 5G while supporting security, DoD is creating a pilot to build infrastructure on military bases to test the challenges of implementation and security, using Other Transaction Authorities.

At GSA, the agency is looking to address acquisition concerns and “find the gaps” for agencies, said Navarro. The agency will host a forum on October 3 to discuss the issue further, and Navarro noted that one area of focus will be finding areas that would benefit from National Institute of Standards and Technology (NIST) guidance.

Focusing on today’s challenges, agencies have limited dollars to spend on mobile security, making the choices on how to spend those dollars important.

“The question that I like to ask is, ‘How do you make the decision on where to spend your next cyber dollar?’ … The most frequent and the most honest answer I get is ‘I buy whatever my vendor tells me to,’” said Branko Bokan, cybersecurity specialist at CISA.

Bokan touted the .govCAR process to show how approaching defense from an attacker’s perspective can help agencies allocate their resources, emphasizing the need for a range of interoperable products.

Categories

Recent