The fifth-generation technology standard for broadband cellular networks is coming, and defense leaders say supply chain security, information-sharing strategies with the private sector and appropriate acquisition standards are going to be key to its successful roll out.
“[5G] only works if we can make it secure,” said Dan Massey, 5G program lead at the Defense Department, during ATARC’s 5G Symposium Tuesday. “If we don't have security, all this great technology is not of much value to us.”
Massey recommends federal agencies and private companies move to a zero trust model to protect 5G infrastructure.
“When we think about adding in security, can we make security enhance the resiliency and availability, not inhibit it? I think those are our main challenges,” he said. “I think we need to move to a zero trust kind of environment.”
Serena Reynolds, chief of the initiative management branch at the Cybersecurity and Infrastructure Security Agency, said CISA is focused on the risk management of 5G. As the federal government and private industry race to deploy 5G infrastructure ahead of nation-state competitors, managing risks cannot be ignored.
The 5G information and communications technology (ICT) supply chain, "internet of things," and general cybersecurity elements will be critically important, she said.
“I think a lot of the critical infrastructure is going to happen at the owner/operator level,” she said at the symposium. “It's going to be something we need to communicate widely and really think about the policy questions that will be made. That ICT supply chain piece I think is going to be extremely critical.”
The Federal Mobility Group (FMG), which includes dozens of federal agencies and reports to the Federal CIO Council, meets twice a month to discuss 5G challenges and use cases and share best practices. FMG Co-Chair Vincent Sritapan, also section chief for the cyber quality service management office at CISA, said the group regularly checks in with industry so that everyone is on the same page.
“We have identified and consolidated the integrated data collections,” he said regarding the number of devices or endpoints. "It used to be about 15 metrics, now it's down to nine. We've pushed to modernize that information and make it more accessible to agencies.”
Jim Russo, branch chief of solutions development at the General Services Administration, explained integrated data collections as a “government-wide mobility data call.”
“The objective is to use that data within the FMG and for the agencies to make educated decisions on how they're going to manage and run the agency mobility programs,” he said during the event. “The primary reason for those is to focus on what is the combined spend, adoption rate of 5G capable devices, what about emergency preparedness, and finally what contract vehicles are used by the agencies to acquire 5G mobile services?”
The goal of these information-sharing and collaboration practices is to ensure 5G rollout is as streamlined as possible.
“One of the key imperatives for us as a nation is to look at leadership positions in these technologies,” said Dr. Sumit Roy, the "Innovative Beyond 5G" lead at DOD. “It, of course, means we invest in early research and development, but also we look to work with our allies and future standardization. The fact that the government, particularly DOD, is investing particularly early, an angel investor in this business early, and providing infrastructure for testing, as well as the policy front — that is the whole of government, grappling how to engage standardization.”
DOD is working hard to upgrade its existing infrastructure for 5G, like its radio access network. Joseph Evans, principal director for 5G at DOD, said the agency's multipronged approach includes commoditizing that network, enabling DOD to access 5G by going “through or over” unsecure networks, and prioritizing innovation so that DOD is ready for “6G and beyond.”
Despite the federal government’s 5G ambitions, Massey and Reynolds emphasized the importance of security, collaboration and information-sharing as key to a successful and competitive 5G rollout.
“I think one of the most important things we can do is for this not to be a siloed approach,” Massey said. “We're looking at a common assurance process. How do we get new ATOs for this new tech? How do we collaborate so we don't have our basic research and forward looking research that [the National Science Foundation] is doing disconnected from what DOD or [the Department of Homeland Security] or other groups are doing? We need to collaborate on solicitations. We're starting to do a good job on that, so we'll hopefully see more of that going forward. That key piece — this is not a DOD or DHS or NSF problem, this is a challenge for all of us. The more we can collaborate, the better.”