To successfully defend 5G networks from cybersecurity threats, the United States needs to rethink the cybersecurity posture and approach of its cellular networks, and not just in the terms of the threat from Chinese companies in the supply chain, according to a Brookings Institution paper from Tom Wheeler, former chairman of the Federal Communications Commission (FCC), and David Simpson, former chief of the Public Safety and Homeland Security Bureau at the FCC.
Wheeler notes that while the majority of conversation on 5G and cybersecurity has centered around the supply chain, establishing a solid cyber foundation will require a broader focus that includes the supply chain but doesn’t focus on it.
“The hyperbolic rhetoric surrounding the Chinese equipment issues is drowning out what should be a strong national focus on the full breadth of cybersecurity risk factors facing 5G,” the authors write. “We cannot allow the headline-grabbing focus on Chinese network equipment to lull us into a false sense of cybersecurity.”
The report highlights the expanded risk of moving away from a hub and spoke design, virtualizing higher-level network functions, network management by software, the expansion of bandwidth, and the major expansion of IoT devices on 5G networks. The authors also flag that businesses do not have the monetary incentive to effectively reduce risk, and need government intervention.
Wheeler and Simpson call for “a combination of market-based incentives and appropriate regulatory oversight” from government to ensure 5G’s security. They also note that companies must be held responsible for their “new cyber duty of care,” and must be applied to providers of all sizes. Rather than applying standards to government contractors, the report argues that regulations must extend to cover those small and medium-sized providers who might not interact with Federal contracts.
“Yes, the “race” to 5G is on – but it is a race to secure our nation, our economy, and our citizens,” they write.