IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CISA Releases 5G Infrastructure and Cybersecurity Strategy

As the U.S. rushes to lead in 5G deployment, the nation's top federal risk adviser has released its strategic vision for securing the new infrastructure. That vision focuses heavily on shareholder collaboration.

a 5G logo suspended over a digital background
Shutterstock/Alexander Supertramp
As the U.S. moves closer to widespread 5G adoption, both government and industry must begin to consider the security implications for the new wireless technology.  

To help with that, the Cybersecurity and Infrastructure Security Agency (CISA) has published its strategic plan to secure the state-of-the-art telecommunications infrastructure from bad actors, spelling out five strategic initiatives.

In the plan, CISA Director Chris Krebs calls 5G "the single biggest critical infrastructure build that the globe has seen in the last 25 years"--an assessment that isn't hyperbolic, given the new networks promise to revolutionize everything from IoT, to augmented reality, to farming, while also creating a whole host of new security challenges.  

Addressing those, CISA's strategic initiative builds on previously published 5G resilience road maps like the White House's National Strategy to Secure 5G, published earlier this year, and the Prague Principles, which was released in 2019 after Western leaders met in the Czech capitol to discuss the global implications of the new technology. 

Like those previous documents, CISA's strategic vision focuses on a combination of commerce, security and global relations and lists three basic priorities as the bedrock of its approach: risk management, stakeholder engagement and technical assistance.

In a broader sense, this means that the agency will support 5G standards and development by expanding awareness around 5G supply chain risks; partner with stakeholders to secure existing infrastructure; foster innovation through promotion of trusted vendors; and share information on effective risk management strategies as widely as possible. 

The threats to 5G are diverse, one of the most prominent being the threat of foreign influence to supply chains. CISA's new brief highlights this danger, noting that untested components and high-risk vendors will need to be identified and dealt with in an organized fashion. 

This and other security concerns have broad implications when it comes to state and local government. SLTTs will undoubtedly be on the front lines of deployment--with the expansion of new 5G networks estimated to involve the installation of some 800,000 small cells on largely existing municipal infrastructure throughout the country.

CISA's role with state and local governments will involve partnerships to share information on the latest potential vulnerabilities, as well as ongoing communication about "specific policy, technological and legal implications inhibiting secure 5G deployment," the report reads.

"As 5G networks are deployed among the critical infrastructure sectors and SLTT communities, CISA will lead engagements to communicate known risks and best practices that support secure and resilient 5G," the report says. This effort will include "facilitation and coordination of outreach through meetings, workshops, conferences and other events." 

At the same time, its obvious the private sector also has a big role to play in securing the new infrastructure. CISA will need to work together with large telecom vendors to "identify vulnerabilities and ensure that cybersecurity is prioritized within the design and development of 5G technology," the strategic plan states. 

Companies like AT&T, Verizon and T-Mobile, which have recently sought to corner the 5G market while ensuring confidence in their security approach, will be government's biggest partners in securing the new infrastructure. 

“AT&T is building one of the most advanced and highly secure 5G networks in the world," said a company spokesperson in an email to Government Technology. "Adopting a multi-layered approach, identifying the interconnectivity of devices and its physical environment, as well as deploying virtualization and automation among other defenses, will help to lessen risk and prepare organizations for the promises of IoT in a 5G world.”

Verizon, which began 5G rollout in 2019 and now supports 5G service in some 34 cities, also told GT that it was prepared to ward off new and emerging threats.

"We employ more than a thousand cybersecurity professionals and we constantly monitor our networks to identify and respond to threats," said Kevin King, director of corporate communications. "5G is a step forward in network security. For example, 5G has more sophisticated encryption features than earlier technologies, and it has a new 'Security Edge Protection Proxy' that prevents threats from less-secure interconnected networks (such as SS7) from harming 5G networks."

Appropriately, a unifying theme in CISA's plan is collaboration, which means ultimately public and private sector will need to work together--through working groups, task forces, and the like--to keep the new 5G infrastructure and allow innovation to flourish. 

Lucas Ropek is a former staff writer for Government Technology.