2 April 2020

White House Releases National Strategy for 5G Security

BY BRANDI VINCENT

The White House this week released its National Strategy to Secure 5G of the United States to formally frame how the nation will safeguard fifth-generation wireless infrastructure at home and abroad.

The 7-page policy document sets forth the president’s “vision for America to lead the development, deployment, and management of secure and reliable 5G communications infrastructure worldwide, arm-in-arm with [its] closest partners and allies.”

Its release marks President Trump’s initial move to meet the requirements laid out in the Secure 5G and Beyond Act, which he signed Monday. The new law directs the president to produce a strategy “to ensure security of next generation wireless communications systems and infrastructure,” within 180 days of its enactment.

The publication was first reported by Politico Wednesday morning, but someone close to the White House confirmed to Nextgov Wednesday afternoon that the strategy was first released Monday—the same day the legislation was signed.

The quietly-launched document outlines four distinct lines of effort that the bill called for it to include. They each briefly lay out the administration’s approaches and aims to: facilitate the domestic rollout of 5G; assess the risks and identify the core security principles of 5G infrastructure; assess the risks to United States economic and national security during development and deployment of 5G infrastructure worldwide, and promote responsible global development and deployment of 5G.

A senior administration official reiterated to Nextgov Wednesday that the publication fulfills one of the administration’s key obligations under the new bill and it is meant to complement the Secure and Trusted Communications Networks Act, which Trump also recently signed into law. Further, the official noted that the Secure 5G and Beyond Act also mandated the creation of an implementation plan, which they said will be “much more detailed,” than the initial publication.

“The development of the strategy was an interagency effort, led by the National Security Council and National Economic Council,” the official said. They also added that 5G security has been at the top of the president’s priority list “since day one” of the administration, and that Trump “felt it was important to capture his priorities in a national strategy.”

5G wireless technology is anticipated to unleash unprecedented levels of connectivity between millions of new internet of things devices and there are already a range of deployments making their way across the U.S. and in a few federal agencies. But the release of this strategy comes as America is also reconciling potential threats from China and elsewhere that might already lurk in its telecommunications and 5G supply chain—and as it has pushed other countries not to use products from foreign companies, such as Huawei, which it believes might pose a serious risk to national security.

“Malicious actors are already seeking to exploit 5G technology,” Trump wrote in the introduction to the strategy. “This is a target-rich environment for those with nefarious motives due to the number and types of devices it will connect and the large volume of data that those devices will transmit.”

In that light, the strategy said the administration would leverage a range of activities already laid out in an executive order in May to “address the risk of high-risk vendors in the 5G infrastructure.” Further, the strategy said the government will work with industry partners to “identify, develop, and apply core security principles—best practices in cybersecurity, supply chain risk management, and public safety—to United States 5G infrastructure.” At the same time, government leaders will work with international organizations to promote the development of standards for adoption and new security principles to help safeguard future rollouts.

The Information Technology and Innovation Foundation’s Director, Broadband and Spectrum Policy, Doug Brake told Nextgov Wednesday that “this overview is a good first step,” but needs more specifics.

“This issue deserves more substance,” Brake said. “It is a solid initial framing, but a more fulsome report should be more forward-looking and creative, especially in how the U.S. encourages a diversity of secure vendors that are viable innovators. It hints at virtualization and open interfaces, but a more concrete plan or proposal is needed.”

No comments: