The Department of Defense’s (DoD) decision to embrace the newer and faster 5G standard for its mobile communications network promises to dramatically improve the military’s ability to communicate and allow for many new applications. However, while 5G will provide much faster speeds, it also presents serious security challenges. And the risks and consequences of this shift can’t be understated given the sensitive military and national security communications that rely on these networks.
The widespread roll-out of 5G in the commercial sector offers a solid foundation for the military sector to build upon. Unlike previous wireless access technologies, 5G communication technology provides significant improvements through high-speed connectivity, enormous throughput, low latency, more device and end-user capacity, high reliability/availability, and efficient energy usage. And this is especially important in combat operations, where a large number of resources must be mobilized, deployed, and coordinated on short notice in unfamiliar territory, while command and control must have complete visibility, securely and without delay in order to make fast, data-driven decisions.The Department of Defense is leading the federal government's 5G research and development, concentrating on how to deploy 5G technology in forward-deployed and garrison environments. In 2020, the Department of Defense initiated a $600 million investment in 5G testbeds at five U.S. military facilities, making them the world's biggest full-scale 5G experiments. Verizon began 5G operations with the Air Force in 2019 spanning many locations throughout the Southeast, with seven bases already operational.
The Federal Mobility Group, which comprises CISA and the Department of Defense, has also developed a framework coordinating 5G research across all federal departments. Diverse kinds of 5G staging areas are included in the framework, which industry and government may utilize to securely test this new technology.
Unlike 4G, which is predominantly used for smartphone communications, 5G technology can connect a much wider range of endpoints, including everything from smartphones to sensors and control devices, as well as vehicle communication. Unlike earlier carrier mobile technologies like 3G and 4G, 5G offers unique features that make it ideal for military use. 5G will provide the unifying end-to-end communication platform to develop and operate networks for secure, rapid, and efficient data communication across a country's military services or even between ally national forces.
5G Security: Significant Challenges Remain
Previous mobile phones and other wireless technologies, such as the previous 3G and 4G as well as 802.11 WiFi standards, have merely addressed the issue of wireless transmission and data transfer. Even as they safeguarded wireless transmission, communication passing over this transport has left endpoints and the network as a whole vulnerable to attack. Threat actors have taken advantage of this, resulting in billions of dollars in damages for both mobile service providers and customers. This includes the ability to follow subscribers, the hijacking of user IDs and the ability to eavesdrop on conversations in the absence of end-to-end encryption.
In the previous 3G and 4G technologies, most real-time communication, particularly audio and video have no end-to-end encryption due to concerns about service quality and the load on the end devices. And once threat actors have gained access to the carrier network, they often have unrestricted access to the entire network, allowing them to abuse it for months or even years without being identified.
While 5G uses much of the same network technology as 4G, it takes a far more complete end-to-end transport and security approach. Despite the fact that 5G is often referred to as the successor to 4G, it is really defined and intended as an end-to-end network that provides modular and adaptable frameworks for numerous advanced technologies to transport data quickly, reliably, and securely.
The greatest strength of 5G networks is also their greatest weakness: exponentially more devices, apps, and services utilizing the same network infrastructure, resulting in a far larger attack surface. With many of those end-devices being non-traditional communication end-devices such as sensors and military or other IoT devices, conventional security paradigms such as maintaining operating systems up to date and implementing end-point protection are no longer practical.
End-to-end security is perhaps the most important aspect of 5G's definition. But this is also its Achilles heel: while it is inherently more secure, it is a fundamentally different approach to networking, application delivery, and communication security than is widely used today. This creates new challenges and complexity for the development and operations but can also create a significant security challenge for the Department of Defense that must be addressed:
- Commercial equipment providers aren't ready - deploying 5G networks requires a wide variety of vendors. However, due to a lack of common interfaces and a lack of established technology, this is challenging. The majority of essential technologies (if they exist) in 5G today are usually supplier-specific, specialized solutions aimed at certain sectors and use cases. Standard and open-source software options, on the other hand, are still in their infancy.
- 5G's virtualized and cloud features provide additional issues in terms of visibility. To set up, manage, and protect today's environment, IT operations teams still struggle to get insight into most of their commercial cloud and virtualized systems. Adding the volume and complexity of 5G networks to the mix will make things much more difficult.
- Scale - today's network and security monitoring methodologies and solutions will be quickly overwhelmed by the significant increase in end devices and traffic. The quantity of data that networks produce for analysis is already a security challenge for businesses, and 5G networks will exponentially increase the amount of information accessible while limiting visibility due to the end-to-end encryption.
- Traditional monitoring systems will be rendered useless or considerably weakened by end-to-end encryption. Visibility into TCP and even certain application layers are required for concepts such as application and network traffic (flow) analysis and network detection and response. Encryption will make a large portion of this data inaccessible to analytical software.
- Vendors building end devices such as sensors and military or other IoT devices often lack the wireless communications experience needed for advanced applications such as drone swarm computing and analysis. This raises risks of end devices not being adequately protected, creating security vulnerabilities such as we are currently experiencing in the enterprise with unsecured IoT devices.
- In both vendors and military organizations, there is a shortage of wireless technical skills, knowledge, and personnel for development and operations. 5G is a complicated interplay of innovative wireless, networking, security, and application infrastructure technologies. Demand for these skill sets already outweighs supply -- as we are seeing in cyber security -- and training is at best underdeveloped.
All of these issues may be resolved in the end, but it may take many years to do so. This implies that until 5G wireless networks are installed, such vulnerabilities must be addressed in other ways to provide secure networks for the Department of Defense.
5G and the DoD - Keep Security at the Forefront
Government programs, particularly military ones, often force diverse commercial and military organizations to collaborate to solve the aforementioned difficulties by offering research and development funding and fostering cooperation. However, we must be cautious not to fall back on vertical solutions that just address one aspect of the communications issue, negating the purpose of a unified end-to-end network.
The basic 5G wireless access technologies and part of the early network infrastructure have been provided by service providers but applying them to commercial and military applications that go beyond higher-quality consumer YouTube videos will drive our next industrial revolution. The Department of Defense (DoD) must seize this convergence of technology and services, which will empower the market to drive the innovation potential 5G provides.
However, the Department of Defense must guarantee that the 5G revolution is as safe as possible. With the confluence of all of these technologies and services, troops and commanders will have access to a vast quantity of data and situational awareness. With so many people relying on a network for critical mission execution, the Department of Defense must ensure that it is safe from start to finish, that it can withstand current cyber-attacks, and that it can self-heal.
The Department of Defense has a long history of fostering innovation by sponsoring innovative technology ventures and pushing the boundaries. With 5G now available and a slew of commercial technologies converging, we'll be able to take advantage of the next big communications revolution while also ensuring its security, resulting in companies clamoring for solutions based on DoD-funded research. Let's simply put security front and center, and make sure it's as high a priority as deployment speed.