Industry, government and public-interest groups unite over 5G security

The eighth iteration of the FCC's Communications Security, Reliability, and Interoperability Council (CSRIC) met for the first time Wednesday to go over the group's duties for the next two years.

The new effort is an attempt by the US government to bring together a variety of stakeholders across the 5G industry – including public-interest groups, equipment vendors, service providers, trade associations and related government officials – to address a wide range of security issues.

"No entity is immune from this threat," FCC Acting Chairwoman Jessica Rosenworcel said in comments to the group. "This needs our attention, because enough is enough."

Rosenworcel noted in her introductory remarks that attacks against telecommunications companies and infrastructure have been on the rise. She specifically pointed to recent hacks involving SolarWinds and KPN. She also mentioned a hack into a "nationwide wireless carrier" involving 40 million customers, though she did not name the operator. She likely was referring to the massive hack into T-Mobile's systems that, according to The Wall Street Journal, was perpetrated by a 21-year-old American in Turkey.

"I could go on," Rosenworcel said of such hacks, noting that "our defenses need to evolve and improve."

As a result, the CSRIC VIII is tackling the topic of security – with a focus on 5G – through six specific working groups:

  • 5G Signaling Protocols Security, which will look into the details around the 5G transmission standard, building on previous FCC efforts to look into other cellular signaling technologies including SS7 and Diameter protocol. AT&T is among the companies participating in this group.
  • Promoting Security, Reliability, and Interoperability of ORAN Equipment, which will investigate security technologies in nascent open RAN standards. Mavenir is among the companies participating in this group.
  • Leveraging Virtualization Technology to Promote Secure, Reliable 5G Networks, which will look at security issues around virtualized network functions and software-defined networking. Dell Technologies and Microsoft are among the companies working in this group
  • 911 Service Over Wi-Fi, which will look at how 911 calls might be conducted over other networks, including Wi-Fi.
  • Managing Software & Cloud Services Supply Chain Security for Comm. Infrastructure, which will look at how to secure the equipment supply chain for 5G and other telecom products.
  • Leveraging Mobile Device Applications and Firmware to Enhance WEA, which will look at ways to improve the delivery of emergency alerts.

There are dozens of executives and officials in CSRIC VIII, including Billy Bob Brown, Jr. of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA); Colin Andrews of the Telecommunications Industry Association (TIA); Donna Bethea-Murphy of Inmarsat; Brian Daly of AT&T; Harold Feld of Public Knowledge; Stephen Hayes of Ericsson; Javed Khan of Altiostar Networks; and Steve Watkins of Cox Communications.

Security issues have long dogged the global telecom industry and the cellular industry, too, particularly as cellphones have shifted from nice-to-have devices to ones critical to modern digital life. Further, a number of other government organizations have tackled the topic of 5G security in recent years, including the National Institute of Standards and Technology's (NIST), DHS' Information and Communications Technology Supply Chain Risk Management Task Force (ICT SCRM Task Force) and the National Telecommunications and Information Administration's (NTIA) Communications Supply Chain Risk Information Partnership (C–SCRIP).

Thus, the latest version of the FCC's CSRIC group represents yet another step in a long line of moves by both industry and government focused to prevent hacks into telecom networks, including 5G networks.

Related posts:

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

COMMENTS Add Comment
Be the first to post a comment regarding this story.
Sign In