Security, standards, and interoperability are crucial issues that public sector and defense agencies must address to reap the higher data transmission and increased capacity benefits of 5G networks, government and industry experts said during a recent webinar on the fifth-generation wireless technology.
5G technology will elevate mobile networks to interconnect people, as well as integrate and control machines, objects, and devices. Yet, myths about 5G abound across federal civilian, state and local, and defense circles, from the super high-frequency radio airwaves will make people sick to 5G will let China spy on the U.S.
During the webinar 5G Futures: Fact or Fiction, the editorial teams from Nextgov, Route Fifty, and Defense One, explored the facts, uncovered the fiction, and investigated the lines between what’s real and what’s not when it comes to 5G with a lineup of government and industry experts. The webinar was underwritten by Verizon and CommScope, and I was fortunate to have a speaking role during the virtual event. Here are some of my key takeaways.
Does 5G pose a health risk?
There have been concerns that radiation from 5G radio towers dispersed on lampposts and rooftops throughout cities with dense populations could have adverse health effects on the population. However, “there is no evidence that [5G networks] pose individual risks to us when we use them at the current levels,” said Dr. Ryan Vega, the executive director of the Veterans Health Administration’s Innovation Ecosystem.
The Department of Veterans Affairs (VA) has several ongoing 5G projects. The Veterans Hospital in Palo Alto, California, is the first 5G-boosted facility in the U.S, known as Project Convergence. Now, the VA has additional medical facilities under review including Lake Nona, Florida; Seattle, Washington; and a campus-wide expansion of the Palo Alto hospital.
The goal is to move from a technology-centric focus to a patient-centric focus, ensuring that facilities are developing the workloads that fit into their environments, Vega said. 5G will give health practitioners in VA hospitals the ability to move and make accessible massive amounts of data, such as healthcare imaging data from hospital systems to mobile devices-spurring greater collaboration among physicians and enhanced communications with patients.
Expanding attack surface
Standards and security will be crucial as all types of devices with different technologies – Bluetooth, 5G enabled, or traditional and future versions of Wi-Fi – are connected to hospital systems via radio access networks. However, this expands the attack surface cybercriminals can target to access a patient’s medical records, financial information, or social security number.
“How do you create closed networks that contain and protect the health systems or the patient but allows these devices to talk to each other?” Vega asked. “The only way we are going to achieve meaningful use is if those [devices and systems] have some standard language with which they communicate.”
The security apparatus around these devices and infrastructure is increasingly important as attack surfaces expand, Vega noted, adding that “we are still learning about No Trust Networks within hospitals and network optimization.”
The proliferation of technology, increased use of software and virtualized technology to manage the communications network, as well as legacy infrastructure connected to new networks, pose security risks, said Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center.
Agencies need “better software security to isolate and keep things from cascading” as more devices are connected, Kolasky said. This way a whole network infrastructure cannot be exploited. Instead, there are isolated elements that can be managed, and incidents can be dealt with as they emerge. The goal is to understand technical vulnerabilities and to be acutely aware of what type of technology is being deployed within 5G networks. This includes having the right development, design, and review processes in place to ensure that component software and hardware come from trustworthy sources, Kolasky noted.
Leveraging software-based Zero Trust networks will give civilian and defense agencies increased visibility of user activity, protect against bad actors moving laterally around networks, and limit the possibility for data exfiltration, Cornelius Brown, director of Verizon’s Department of Defense business, noted.
Defense agencies will also reap the benefits of scalability and cost. Plus, Verizon is taking advantage of innovations such as network slicing across private and commercial 5G networks to help protect data from adversaries today and in the future.
Need for flexible security architecture
“To meet the requirements that 5G has laid out, the security architecture has to be more flexible,” said Jeff Cichonski, cybersecurity engineer with the National Institute of Standards and Technology (NIST). The architecture needs to be able to adapt to different industry verticals and specific use cases, he said.
To that end, an umbrella standards organization known as the 3rd Generation Partnership Project (3GPP) has been involved in efforts to improve security of Long-Term Evolution (LTE), a standard for wireless broadband communication for mobile devices and data terminals.
LTE provided a lot of robust security, so 5G security specifications are an evolution, not a revolution. Security standards that will be available in all 5G network equipment focus on user and network authentication and additional radio interface encryption.
“As commercial and 5G networks convert and implement a 5G core, all of these standards will be available to folks operating 5G networks,” Cichonski said.
Also, 5G is dependent on cloud computing technology such as virtualization and containers. The cloud allows organizations to scale up and down, spinning new services on demand. The security for the underlying cloud infrastructure is not within 3GPP’s scope. However, it is important for agencies to understand the security implications and how security protocols and best practices must be applied to the foundational cloud infrastructure to protect 5G networks.
CommScope is enabling secure, smart connectivity in facilities, using the transformational capabilities of Wi-Fi 6 spectrum to provide convergence of Internet of Things (IoT) infrastructure. This reduces multiple siloed IoT networks prone to attack. Connectivity is the foundation, consisting of a robust platform deploying high bandwidth fiber, switches, and copper cable to power devices at the edge. Automated infrastructure management (AIM) solutions monitor, map and document connectivity across the entire network. This is a holistic approach to strong foundational connectivity and then edge devices can be deployed on top.
Learn more about how CommScope is helping agencies to build smart connectivity across buildings, campuses, cities, and military bases at www.comscope.com/federal.
To access the full virtual event, visit 5G Futures: Fact or Fiction.