- Nov 15, 2016
Private Sector Already Has Sufficient Incentives To Build Secure Mobile Systems
U.S. government: China is the dominant malicious actor in cyberspace. (Source: Axios)
On Monday, news site Axios broke a significant story: Fearing that China is spying on phone calls, the U.S. government believes it should spearhead the rollout of 5G networks, to ensure they offer better security.
See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'
The leaked slides and memo from the National Security Council propose that the U.S. should develop the infrastructure, wireless and network security standards for 5G deployment. It advocates an aggressive three-year timeline, likening the project to the 1969 moon landing.
"Nationalization would bring unrelated entanglements that ultimately take the focus away from the security picture."
The FCC has since registered its opposition to such a plan, and the Trump administration says discussions are in early stages, according to CNN.
Setting aside the issue over alleged Chinese phone hacking, the broader security argument outlined in the documents is well-trodden: Many Western governments have expressed fears over Chinese vendors' dominance, including manufacturers such as Huawei, which build widely used networking systems that could open doors for Chinese intelligence.
The presentation is not short on superlatives. The title is an "Eisenhower National Highway System for the Information Age" and refers to the project as a "moonshot."
"Much like concertina wire on a beach facing assault, or a city wall meant to keep out bandits, the case can be made that a nationwide secure network is required to create a defensive perimeter in the information domain," the slide presentation reads.
U.S. government: Let's build oceans around 5G. (Source: Axios)
But You Canceled Security
My reaction: Oh, but where to begin?
For starters, the proposal has already raised eyebrows since part of President Donald Trump's 2016 presidential campaign emphasized his intention to roll back government regulation. That's in part what makes the security focus of the memo so interesting.
Since their publication, however, the documents have drawn rebukes from all corners. One opponent is Tom Wheeler, who was chairman of the U.S. Federal Communications Commission for four years until Trump became president in January 2017. Writing for The Brookings Institution, Wheeler says such government intervention would raise carriers' 5G investment uncertainty.
Wheeler also addresses the security argument. He notes that the FCC warned Trump's transition team "that a FCC retreat from ongoing cybersecurity activities would have dire consequences for 5G and the future of the nation's critical communications infrastructure."
Nevertheless, when current FCC Chairman Ajit Pai took office, Wheeler writes, the agency repealed an FCC requirement from December 2016 specifying that 5G technologies must have built-in cybersecurity standards.
"It was a little noticed and highly significant repeal of a historic FCC action: the Obama FCC had for the first time in history required that cybersecurity be a priority rather than an afterthought in planning for a new network," Wheeler writes. "The industry opposed the idea, and the Trump FCC bowed to their wishes, cancelling an ongoing proceeding on the topic."
5G: Fast, Potentially Dangerous
Global carriers are already developing 5G technology; trials are underway. The 3GPP, the global standards organization, released its first specifications for 5G last December. AT&T and Verizon plan to launch 5G coverage in some areas of the United States by the end of the year.
When 5G is widely deployed, it will have a vast impact. The lightening data speeds and high reliability will provide the backbone for all kinds of internet of things devices that will employ machine-to-machine communication, including life-saving systems in medical devices and vehicles. 5G networks will also accommodate stronger encryption, which will be key to better protect voice, data and location data from spies and equipment such as IMSI catchers.
But the features that make 5G attractive could aid nefarious activity - think along the lines of distributed denial-of-service attacks to botnets. A report released last year by Cisco contends that when 2G and 3G networks were launched, it was mostly a small subset of insiders and elite encryption experts who used manual attack vectors. That has changed.
"Even back in 2009 when 4G was launched, the security threat landscape was nothing like today's," Cisco writes. "5G is the first cellular generation that will be launched in the era of the Internet being 'weaponized.'"
Nationalization Upsides? About That ...
How involved should the U.S. government be to avoid a 5G security mess? The answer: Somewhat involved, but not completely in charge.
Government experts should of course advise on standards development so that security-positive decisions get made. But international bodies such as the 3GPP and operators have incentives to ensure that security remains at the forefront of their efforts, since network problems and hacks would diminish customers' confidence and could have bottom-line impacts.
The NSC memo and slides, however, are couched in language suggesting that having the U.S. government wrap its arms around a 5G project would solve potential security problems. It would not. Nationalization would bring unrelated entanglements that ultimately take the focus away from the security picture.
Meanwhile, if the immediate concern is Chinese phone hacking, there are already plenty of alternatives to making voice calls over insecure mobile networks. Encrypted messaging software such as Signal and WhatsApp - and most recently, Skype - all use the Signal protocol, which is regarded as the gold standard for content encryption.
That's not to say those applications will never be undermined. But they're feasible, already available alternatives that don't require building a network at a cost of hundreds of billions of dollars, with Uncle Sam in charge.