Former FCC Officials Warn About 5G Cybersecurity Risks

By B.N. Frank

Opposition to 5G deployment and activation is worldwide due to various risks associated with it. This has limited, slowed, and/or stopped deployment in numerous locations including airports in the U.S. (see 1, 2, 3, 4, 5, 6, 7) and India due to interference issues with aviation equipment. Of course, cybersecurity risks have been an ongoing concern as well.

From Gov Tech:

New Network, New Risks: Former FCC Officials Talk Securing 5G

During a recent Brookings Institution event, a former FCC chair and a former chief of the FCC’s Public Safety and Homeland Security Bureau said that features that make 5G compelling also create different kinds of cybersecurity risks to address.

Jule Pattison-Gordon

David Simpson, former chief of the FCC’s Public Safety and Homeland Security Bureau, discusses the report during a Brookings Institution panel. Screenshot

The federal government needs to take a stronger approach to driving 5G cybersecurity nationwide — and the Federal Communications Commission (FCC) is well-positioned to do it, according to two former high-level FCC members.

David Simpson, former chief of the FCC’s Public Safety and Homeland Security Bureau, and Tom Wheeler, former FCC chair, presented a report to The Brookings Institution last week in which they said that many of the useful features that make 5G different from previous generations of networks also lead to a new set of cyber risks to be addressed.

Getting on top of these risks means moving away from voluntary approaches to 5G cybersecurity, they add, because just one entity’s lax security practices can put others at risk.

“The interconnected nature of the Internet creates a ‘whole of the network’ reality where the actions or inactions of one network provider can affect other networks,” their report states.

Wheeler and Simpson urged the federal government to provide a mix of carrot-and-stick efforts to prompt change, such as by subsidizing the costs of adopting better cyber behaviors while penalizing negligence.

MORE SOFTWARE, MORE HACKING RISK

While earlier generations of networks used “purpose-built hardware” for certain functions, 5G relies on software.

That heavy emphasis on software creates different kinds of risks. Hackers might find and exploit unintentional vulnerabilities in some of the software and malicious developers could insert back doors to exploit later, the report suggests.

“The thing that makes 5G special and different from previous telecommunications networks is that it is software-based. It virtualizes, in software, the kinds of activities that used to be performed in hardware and, as a result, it can do more things and do more things less expensively,” Wheeler said during the panel. “So, virtualizing in software is great and essential and a breakthrough. But we all know that software is hackable.”

Software often uses open-source components, which adds another potential avenue for attack: malicious actors might scour these publicly available code databases to find vulnerabilities, the report states.

Communities of volunteers develop, maintain and review open-source software, but questions have been raised about whether these groups are sufficiently resourced, as GovTech has previously reported. And mistakes can happen, despite efforts to vet proposed code modifications; for example, the widely impactful Log4Shell vulnerability arose even though the compromised function had been vetted by a core member of the project management committee.

MANY SUPPLIERS, MANY TARGETS

Mobile network providers have traditionally only been able to select among a handful of established equipment suppliers for their radio access networks (RANs). Such equipment also tends to be incompatible with offerings from other suppliers, forcing network providers to rely on a single company for RAN in a given geographic area, per the report.

The 5G landscape switches this up, however, because 5G implementations often make use of Open Radio Access Network (ORAN) architecture, or components designed to be interoperable and standardized. That lets network operators select components from a variety of different suppliers.

“We’re breaking up the technology stack,” Simpson said. “There is potentially a different owner-operator of the code at the core, at the distribution unit, at the radio unit for the RIC, who’s operating the cloud at the edge. And all of those elements include risk scenes that need to be addressed.”

One the one hand, expanding the potential supplier pool makes it easier for network providers to avoid companies that might pose security risks. The U.S. government sees Huawei as one such risky company, for example, and banned use of its equipment in 5G networks, due to fears the devices might be abused for foreign espionage.

On the other hand, involving more players increases opportunities for things to go wrong.

5G providers that look to combine solutions from different suppliers will need to make sure they configure each one properly to avoid security issues, for one.

Plus, increasing the number of suppliers involved in delivering 5G effectively expands networks’ attack surfaces. That’s because each entity is another potential target for hackers.

More suppliers means “more potential attack vectors,” Wheeler said.

MURKY RESPONSIBILITIES?

As 5G network providers engage with more suppliers and cloud providers, there needs to be a clear understanding of what security responsibilities each entity holds, Simpson said.

In their report, Simpson and Wheeler advised the FCC to clarify such situations by holding 5G network operators responsible for “anticipat[ing] and mitigat[ing]” cyber risks involved with “the services and products they deliver, even if it is a collection of multiple components from multiple sources.”

“The highest and best level to address cybersecurity is at the network, not chasing after the network’s multiplicity of suppliers,” they said.

Cybersecurity frameworks from the National Institute of Standards and Technology (NIST) and other entities provide strong guidance for bolstering network security. But, thus far, network providers have been permitted to choose whether to follow them — a practice that needs to change, Wheeler said.

Thanks to its regulatory oversight over commercial networks, the FCC is well positioned to push network providers to do more, the report asserts.

“Cybersecurity must be a required forethought in the design, implementation, and operation of 5G networks, not a voluntary afterthought,” the authors wrote.

Such cyber policies should be designed to be flexible, however, so the policies can be adjusted as technology and threats quickly evolve, per the report. Authors advised consultation among the public and private sectors to develop “agile and enforceable cyber expectations.”

To drive change, Wheeler and Simpson advised the federal government to reward entities that adopt recommended cyber defenses — regardless of how those organizations ultimately fare against a cyber attack — while penalizing entities that ignore warnings and neglect best practices.

Jule Pattison-Gordon is a staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.

The FCC is supposed to protect Americans from the telecom industry. Over the years, the agency has been heavily criticized as well as sued for not doing so. In fact, a federal court ruled in favor of petitioners who sued the FCC for NOT updating wireless radiation guidelines – including 5G – since 1996 despite scientific evidence submitted to it. Additionally, in 2019, telecom executives gave congressional testimony that they had NO independent scientific evidence that 5G is safe and the majority of scientists worldwide oppose deployment.

Of course, doctors and scientists have been asking for 5G moratoriums on Earth and in space since 2017 due to biological and environmental health risks (see 1, 2, 3, 4). Since 2018 there have been reports of people and animals experiencing symptoms and illnesses after it was activated (see 1, 2. 3, 4, 5 ). Some researchers have also warned that 5G activation may be contributing to COVID-19 infections as well as hundreds of thousands if not millions of bird deaths.

So there’s that too.

Activist Post reports regularly about the FCC, 5G, and other unsafe technologies. For more information, visit our archives and the following websites:

Become a Patron!
Or support us at SubscribeStar
Donate cryptocurrency HERE

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on SoMee, Telegram, HIVE, Flote, Minds, MeWe, Twitter, Gab, What Really Happened and GETTR.