Sen. Wyden Pushes FCC on 5G SecurityLawmaker Asks for Encryption and Authentication Requirements
U.S. Sen. Ron Wyden, D-Ore., is pushing the Federal Communications Commission to ensure that wireless carriers build new security measures, such as encryption and authentication, into 5G networks as they're rolled out over the next several years.
Wyden, in a Nov. 6 letter to FCC Chairman Ajit Pai, raises concerns ranging from hacking to unlawful tracking and interception by nation-state actors. The senator urges the FCC to require the big three carriers in the U.S. - AT&T, Verizon and T-Mobile - to adopt security measures for their 5G networks.
The senator says that carriers should build in cybersecurity protections for 5G networks that address many of the vulnerabilities that have been exploited in older 3G and 4G networks.
Wyden notes that governments as well as cybercriminals continue to exploit these vulnerabilities to listen in on unencrypted calls. In addition, Wyden says that many companies openly sell technology to hack into older cellular networks.
With 5G networks, which are based more on software than cellular hardware, carriers have an opportunity to better address security issues, the senator adds.
"For decades, wireless carriers have ignored known cybersecurity vulnerabilities that foreign governments were and are still actively exploiting to target Americans. The market has failed to incentivize cybersecurity in part because consumers have no way of comparing the cybersecurity practices of phone companies," Wyden says.
Building in Security
In September 2018, the Communications Security, Reliability and Interoperability Council, an advisory group to the FCC, issued a report about 5G security that noted that common attacks on older 3G and 4G networks could be mitigated with newer technologies.
That report, however, notes that 5G networks come with their own security concerns.
"5G will be more resilient, and introduces new security procedures, however 5G does introduce new attack vectors, and requires a solid security framework to be implemented throughout the network," according to the report. "Fortunately, security considerations are an integral design consideration in the development of the 5G architecture specifications and standards that will result in a more resilient and secure framework for 5G network implementation."
Pai's Focus on 5G
The FCC did not respond to a request for comment about Wyden's letter.
A few day before Wyden submitted his letter, however, Pai spoke about securing 5G networks at the Council on Foreign Relations at New York.
"When it comes to 5G and America's security, we cannot afford to take a risk and hope for the best. The stakes are too high," Pai says.
In October, Pai released a proposal that would ban U.S. telecommunications firms from using commission funds to buy equipment from companies deemed national security threats, especially in the run-up to 5G The new rule would first target Chinese telecom companies Huawei and ZTE. The full FCC is expected to vote on the proposals Nov. 19 (see: FCC Chair's Proposal Targets Chinese Technology Firms).
Global Security Concerns
The rollout of 5G across the world over the next few years will include newer technologies, such as software-defined networks, or SDNs, which is a major shift from older communication networks that relied on a combination of hardware and software. This creates new security challenges that need to be addressed.
In an interview with Information Security Media Group earlier this year, Roger Piqueras Jover, a research scientist and senior security architect at Bloomberg, noted that analysts are already finding flaws in 5G technologies even though most networks haven't even gone into operation.
These vulnerabilities range from the cellular architecture itself to cryptographic algorithms that are needed for authentication. "5G is not even live yet and people are finding issues already. It needs some extra work," Jover said (see: Cellular Networks Present Security Challenges).
In October, a security assessment conducted by the European Commission and the European Agency for Cybersecurity found nation-state attacks are the biggest threat to 5G networks (see: Nation-State Hackers Greatest Threat to 5G Networks: Report).
In December 2018, James Andrew Lewis, a senior vice president and director of technology policy program for the Center for Strategic and International Studies, a Washington think tank, wrote a report that found 5G security is a significant national security issue, especially for the U.S.