The Department of Defense has ambitious plans to leverage 5G communications technology for a wide variety of use cases to include back-office functions, logistics, training and warfighting. However, a great deal of work remains to be done by government and industry to ensure those systems and networks will be secure and interoperable when they are deployed, according to a top National Security Agency official.
The Pentagon has a number of 5G pilot projects underway. In the future, observers can expect a “full wave” of these next-generation capabilities to be fielded, said Neal Ziring, technical director of the cybersecurity directorate at NSA.
“We’re looking at our biggest customers, the [military] services, and saying, ‘Wow, they’re rushing headlong towards 5G,’” Ziring said Wednesday during a luncheon hosted by AFCEA.
NSA wants to help. To that end, a number of steps need to be taken to meet the security, interoperability and deployability requirements for defense applications, he noted.
One is ensuring the right standards are in place. A number of organizations are involved in setting those standards.
“Those standards bodies define how the 5G gear works together. So, NSA and other parts of the DOD and parts of the industrial base who are represented here today, especially the telecommunications carriers, are active in that environment trying to make sure that those standards have security baked into them so that all the equipment we buy from whatever vendor … have the security in it that we need, and that we can turn it on or request that our industry service providers make full use of it in providing service to defense,” Ziring said.
Another key component of the next-gen communications technology will be a concept known as network slicing, which will enable service providers to set up independent logical networks across the same 5G infrastructure.
“How are we going to get the 5G services that we deploy or that we procure to interoperate with the cloud services that we build or that we procure?”
— Neal Ziring, technical director, NSA cybersecurity directorate
“They sort of have it a little bit in 4G, but it’s a big feature in 5G,” Ziring said. “We think that’s going to be really important for pretty much all the defense use cases.”
Managers can designate specific network “slices” for certain users or certain devices, and then provide levels of security protection, isolation or access to only the authorized members of that slice, he explained.
NSA is working with a number of industry partners to help define what the security attributes of network slices should be so that the Pentagon can ask for those things and industry can then provide them, he said.
Cloud integration presents another challenge.
“Most 5G systems that I’ve talked to industry about have a significant cloud integration component. Some of them are completely dependent on commercial cloud services. And, of course, DOD is rolling into that space more and more,” Ziring said.
“How are we going to integrate those? How are we going to get the 5G services that we deploy or that we procure to interoperate with the cloud services that we build or that we procure?” he asked. “We at NSA are trying to focus in that area, both from a cloud strategy viewpoint and a 5G strategy viewpoint.”
Having common architectures for integrating 5G services and cloud services into U.S. military facilities and platforms, including at the tactical edge, will be key, he said.
Cloud providers, telecom companies and government agencies need to cooperate to offer secure services to DOD as well as other critical infrastructure sectors that have similar security needs, Ziring said.
Putting 5G systems in the lab
Meanwhile, NSA aims to help the Pentagon better understand the security risks of the new technology. Efforts are underway to set up labs where officials can “play with stuff.”
“It’s very important if you’re going to understand the security and operation of these systems to actually have them in a lab environment where you can test ’em out and break ’em. And so we’re working hard to set those up with industry partners,” Ziring said. “I think that’s going to be really critical for building up the expertise in our workforce that can then become a resource for the rest of DOD.”
Government agencies and industry need to understand the unique threats that 5G systems face and how they could present new attack surfaces for adversaries to exploit. Mobile edge compute is a primary example, he noted.
“Everybody wants to use that. It has tremendous potential benefits, but it could be a potential risk,” Ziring said. “Those are all issues that we’re looking at today in NSA and with our partners” across the military and industry.
Understanding how to effectively integrate 5G capabilities into the military on a large scale — and doing what’s required to enable that — will be even more crucial than the technology itself, according to Ziring.
“We’re looking forward to doing that, but it’s going to be a lot of work, I’d say, over the next two to three years to get to that point,” he said.