NSA, CISA and ODNI Join Forces to Assess 5G Security Risks

NSA, CISA and ODNI Join Forces to Assess 5G Security Risks

The agencies examine 5G security risks, release best guidance to the public and help protect warfighter communications in a competitive landscape.

Three key national security agencies — National Security Agency, Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence — have teamed up to combat cyber threats that have emerged with the introduction of the fifth generation mobile network, better known as 5G.

Leaders from these three national security organizations said in a recent statement they want to identify the risks posed by 5G and address them before they cause any major damage to wireless networks. They organized a group to conduct a deep analysis and created a product that looked into the risks of 5G adoption.

Natalie Pittore, NSA's chief of enduring security framework, said the product focused on a few core areas including standards, the supply chain and infrastructure. It’s not just 5G, it’s 5G layered on 4G, which is layered on 3G, said at the NextGov Unlocking the Promises of 5G Virtual Summit last month.

“Looking at where we can improve 3G and 4G so that we can address some of those inherited risks in 5G to make our 5G technology more secure is a top priority for us. So, we’ve really been exploring those risk areas,” said Pittore.

She added that releasing this analysis in an unclassified environment and working with industry allowed the group to "put out a more conclusive, definitive look into what those risk areas are."

"And to be able to drive mitigations on where we do, we really need to be applying our expertise in this space as we adopt 5G,” Pittore said. 

NSA and CISA have been working on a four-part series to produce cloud structure in fifth-generation networks. 

“We prioritized a list of risks with cloud as it was associated with 5G, and then we decided, you know what, let’s get this best practice guidance out to the public to help defend ... our national security systems, defending the Department of Defense networks, where that can move further with CISA in our critical infrastructure and let’s make it usable for folks,” said Pittore.

Data

NSA’s last installment of its latest product focuses on the data. 

"Protection of that data when it’s at rest, when it’s in transit. Those issues that keep coming up after major attacks. We all care about the data, we are almost defined by our data now," Pittore said.   

Cybersecurity is a cornerstone of national security and NSA has major concerns that are connected to 5G.

“What’s really important as I look at 5G is ensuring that our warfighters have secure communications. That they can rely, that they are protected and that when they send out information, that we don’t have to be concerned about the interception or the espionage on that type of network infrastructure that we’re going to be dealing with 5G,” said Pittore. 

We often push for functionality, but we should be asking for the best security when it comes to 5G and make that a top priority.

“What we’re asking for from the enduring security framework, from NSA is for security to be just as much as priority as functionality, and I think that's especially true when it comes to all of these devices being deployed and used on the infrastructure and particularly when it comes to the warfighter, security needs to be baked in and they need to be able to trust their devices and the networks those devices are communicating on,” said Pittore. 

Cybersecurity Collaboration Center

NSA has also established a new Cybersecurity Collaboration Center to address the challenges surrounding 5G and to remove many of the barriers that previously existed when it came to working with NSA.

“The reality is in order to paint a full picture of the threat we have to work with industry. We’re all coming together, we all have the optics that we have put in order to really be able to set the foundation to take action, to drive outcomes. We have to come together and we work together and that’s really the opportunity that the center here has affords us,” Pittore said. 

Furthermore, NSA is continuing to pursue standards development. The agency, which has a close relationship with the standards team, collaborates daily and shares goals. 

“When we’re starting to talk about getting left of boom, left of theft, standards really are as left as you can go in some ways because it's really what’s helping govern the rollout of these emerging technologies. It’s building that roadmap, that framework for these systems that are getting deployed,” said Pittore. 

In the past, the U.S. led international standards creations around technologies like 5G, but recently China has emerged as a vital competitor in standards bodies.

5G Competition With China

Laura Bate, senior director of Task Force 3 at the Cyberspace Solarium Commission, said the challenge comes when the U.S. starts to see China push for leadership positions in big international bodies.   

“The risk is that China, or any country, could patent a technology, push for it to become a standard and then reap the royalties that come from everyone globally who is using that technology that they have patented," Bate said at the summit. “As Chinese firms reap more royalties off of their technologies that becomes standard, they then have more money to invest in research and development, which then allows them to patent future technologies so you get this cyclical process, this path dependency that we’re now really struggling with.” 

In addition to standards and supply chain, Bate said that competitiveness of U.S. telecom companies is also a national security implication of 5G.   

“If trusted suppliers of 5G equipment are driven out of the market then we have even a more critical availability problem, but generally speaking what we’re talking about here is that the U.S. has a major incentive to ensure that our telecom companies are able to on a continuous basis provide goods and services that we can trust," Bate said. 

During the summit Bate said that the U.S. should be taking more steps to become market competitive as far as 5G technology.  

“Things like the export-import bank, U.S. International Finance Corporation, the U.S. Trade Development Agency, all of these agencies exist to help the U.S. companies tap into global markets whether it's by equity financing, debt financing, loan guaranty insurance, all of these things the U.S. can be doing to help the U.S. gain competitiveness,” Bate said. 

Basic Incentives

According to Bate, the U.S. should also be investing in basic incentives.  

There has been recent legislation, including the CHIPS Act, that points toward incentives to produce semiconductors domestically. The U.S. Innovation and Competition Act of 2021 provides a number of incentives as well. 

“This one by comparison is not law, it has been passed by the Senate, but not by the House. The USICA, called for short or also hear it called the China Bill, includes billions of dollars for federal investments for the domestic semiconductor market and for research design manufacturing,” said Bate.  

Meanwhile, NSA believes all of this is really about the people. The human network drives the collaborations and plays a huge part in accomplishing the process of securing 5G.   

“This doesn’t happen without everyone one of us coming together, the collaboration that happens from that, the commitment to that and really because we’re all doing it because it’s something we care about, this is not just work for us, this is life’s passion is to be able to defend the nation," Pittore said.

 
Standard