5G security concerns were the central focus of a two-day conference held this week in Prague, where delegates from 32 countries addressed security concerns and discussed potential plans for securing 5G networks. The conference ended with a series of proposals that serve as a blueprint for eventual policies, though participants noted that such blanket rules will not suffice.
“There are no universal solutions and I think the complexity and richness of our discussion bears that out,” Cairan Martin, CEO of the National Cyber Security Center in the United Kingdom, said during a closing session.
A series of recommendations framed as the “Prague Proposals” include the establishment of proper reactive measures to mitigate challenges and risks. The working groups also noted that the security of 5G networks isn’t a purely technical issue, and that while government and public interests have to be addressed there must also be a national and global approach to 5G security given the interconnectedness of networks and societies. The draft also noted the underlying element of security in the supply chain and participants anticipate that factor will play a much greater role than the industry has witnessed to date.
“The fact that dozens of nations are represented here shows that there is a broad consensus that network security is not only a priority but a necessity for 5G,” FCC Chairman Ajit Pai said during prepared remarks at the event. “Indeed, going forward, 5G network security will impact our respective countries’ national security.”
One of the primary working groups discussed the need to plan for network failures and seize opportunities to maintain network resilience. “There will be problems in these systems, there will be attacks, there will be flaws,” Martin said. “Security requirements for 5G need to be commonly understood,” and that includes understanding the implications of virtualized infrastructure and software, the importance of open architecture, network slicing, and edge computing, he added.
“We noted the problem of vendor diversity. … We discussed a set of issues about dealing with the problems arising from the vendors we have now rather than the vendors we might like to have in the future,” Martin said, adding that there is a range of security challenges resulting from poor engineering and security practices.
“There are issues around the security requirements arising from the need for vendors to access the operator network. How is that controlled?” he said. “5G networks do not exist in a vacuum and the security considerations around them do not exist in a vacuum either.”
A different group focused on economic policy determined that while security and economic considerations “don’t completely overlap, but they do work collectively to aid each other in meeting our shared goals,” said David Redl, assistant secretary for communications and information at the U.S. Commerce Department.
“We should not lose sight of all the economic benefit that next-generation networks, those particularly built on 5G technologies, will bring to the economy in general but also individual sectors,” he said. “There was general agreement amongst the group that a competitive and functioning market for equipment and components provides a foundation upon which you can build a solid security strategy.”
The supply chain was a recurring theme at the event, as Pai and other shared concerns about the need to protect the equipment and software. “That’s why the FCC has proposed to prohibit the use of the broadband funding we administer to purchase equipment or services from any company that poses a national security threat to the integrity fo the United States communications networks or the communications supply chain,” he said.
“We believe that 5G security issues need to be addressed upfront. Making the right choices when deployment is beginning is much easier than trying to correct mistakes once network construction and operation is well underway,” Pai explained, adding that the implications of 5G security are wide-ranging. “5G will have a transformational impact. It will affect our militaries, our industries, our critical infrastructure, our entrepreneurs, and much more.”