The U.S. Department of Homeland Security (DHS) has published a far-reaching strategy document that outlines the scope of its purview for ensuring the security of emerging 5G wireless networks.
The strategy document was published by the Cybersecurity and Infrastructure Security Agency (CISA), an arm of the DHS that has been tasked to serve as “the risk advisor” for the country. CISA plans to promote the deployment of secure and resilient 5G wireless network by identifying, analyzing, prioritizing and managing risks.
CISA also pledged to develop and update instructional tools and services to support stakeholders with the planning, governance, operational management, and other technical aspects of securing 5G deployments, including influencing the design and architecture of 5G networks in a way that prevents unspecified threat actors from exercising potential influence over those decisions.
Threats actors, of course, are countries that may be exercising too much influence over how networking and security infrastructure and software is manufactured and built.
CISA also notes it is actively participating across numerous 5G standards bodies, including groups such as the Communications Security Reliability and Interoperability Council (CSRIC) through which DHS will engage the private sector. The CSRIC consists mainly of representatives from telecommunications carriers and government agencies. It’s role is to provide security recommendations to the Federal Communications Commission (FCC). As part of an effort to ensure the distribution of streamlined and consistent messaging across all support areas, CISA revealed it has also created its own internal working group to consolidate and coordinate all efforts.
CISA in the strategy document claims adversarial nations have strong influence among global standards bodies, such as the 3rd Generation Partnership Project (3GPP). CISA said it will partner with trusted market leaders and other leading standards contributors such as the International Telecommunication Union, Institute of Electrical and Electronics Engineers, and the Alliance for Telecommunications Industry Solutions to assist with the development of standards that eliminate vulnerabilities and the potential for corruption.
Regardless of who wins the next election, cybersecurity professionals should assume that governments around the world will be looking to exercise a lot more influence over what and how almost anything gets connected to a wireless network. The U.S. government is clearly responding to what it perceives to be a threat to national security. Other governments will follow suit.
The wisdom of some of those actions may be debatable, but the fact remains they are going to be implemented. Cybersecurity teams should plan to make adjustments to how networking and cybersecurity technologies are acquired and maintained. Like it or not, anything that ultimately connects to a government agency is potentially subject to review by the DHS. It’s not hard to imagine how the Internet itself will soon devolve into a series of segments where each country exercises varying levels of controls behind firewalls both great and small.
Each of those segments will naturally be more secure than the Internet is as we know it today, but the sacrifices that are being made to achieve it from a freedom perspective are not unsubstantial.