CISA released “5g security strategy”: speed up the construction of 5g security!


5g, the largest key infrastructure construction in the world in 25 years.

[guide] how far is it from the White House to release the__ In less than half a year, another 5g security strategy of the US government followed. On August 24, the U.S. cybersecurity and Infrastructure Security Agency (CISA) officially released the “CISA 5g strategy”, focusing on 5g, it proposed five targeted security strategic measures, namely “standard setting”, “supply chain”, “existing infrastructure”, “market innovation” and “risk management”, and relevant personnel also pointed out that “5g is the core of the strategy” The biggest key infrastructure construction seen in the world in 25 years must build a trustworthy 5g ecosystem. ” From the mirror, it is self-evident that 5g security is the cornerstone of the digital twin building in the United States. It can even be said that 5g security has become a cornerstone support related to national strength, national defense and national movement. Therefore, it is urgent to consider and implement the protective measures for its deployment and development.

On August 24, the cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security officially released the “CISA 5g strategy”, which puts forward five strategic measures concerning “standard setting”, “supply chain”, “existing infrastructure”, “market innovation” and “risk management”

1. Support the formulation of 5g policies and standards;

2. Expand the situation awareness of 5g supply chain risk and take security measures;

3. Work with stakeholders to strengthen and protect existing infrastructure and support future 5g deployment;

4. Encourage 5g market innovation to cultivate reliable 5g suppliers;

5. Analyze potential 5g use cases and share information about risk management strategies.

CISA released

As a supplement, CISA also released a 5g basic information map to introduce 5g related challenges and risks to stakeholders, and said that it will work with key infrastructure departments to release 5g risk profiles of specific industries in the next few months.

CISA released

Chris Krebs, director of CISA in the United States, commented that,

“Although the prospect of 5g is undeniable, as 5g technology is expected to support a wide range of key infrastructure functions, we must fully manage these risks and promote a trustworthy 5g component ecosystem.”

It is worth mentioning that these measures are highly consistent with the work line defined in the White House’s “national strategy for ensuring 5g security” released in March 2020.

Both of them focus on risk management, stakeholder participation and technical assistance to deal with 5g system threats, so as to guide CISA to formulate relevant policies, laws, security and security framework, “make full use of 5g technology and manage its major risks”.

The successive release of 5g security strategy by the US government is enough to show the core position of 5g technology in the US development blueprint in the future.

Looking through the US government’s actions, we should also see that 5g security in the future will be a cornerstone of national strength, national defense and national movement.

Behind the foundation stone

5g deployment development faces multiple security challenges

Indeed, as a new engine in the digital twin era, 5g provides the key kinetic energy for the new generation of technological revolution and is the technological lifeblood for the development of countries around the world.

The characteristics of ultra wideband, low delay and high reliability determine that 5g will take the role of a link to seamlessly integrate technologies such as Internet of things, cloud computing, big data, artificial intelligence and blockchain, and enable them to lead the new track in the era of big data and Internet of things in the future.

However, it is precisely because of this key positioning that 5g is also facing the risk of “driving the whole situation” when playing the role of “cornerstone” in the digital twin era, especially in the current development and deployment.

Risk 1: the underlying development architecture is complex, and 5g is facing a blow from the bottom

5g will use more ICT components than the previous generation of wireless networks. In the future, municipal organizations, enterprises and institutions may establish their own local 5g network. Any improper deployment, configuration or management of 5g devices and network vulnerabilities may become a breakthrough for hackers to capture the overall situation.

The new technologies and technical architecture of 5g network, such as software defined network (SDN), network function Virtualization (nfv), network slicing, cloud computing and edge computing, also bring new attack surface.

This means that the traditional “business first, security reinforcement” follow-up response has been difficult to form an efficient and agile security line of defense in the 5g era. Enhancing immunity and synchronizing security construction with information infrastructure has become an urgent task for 5g development.

Risk 2: the deployment of the supply chain is closely linked, and 5g security “drives the whole body”

5g network in the deployment process, including infrastructure providers, mobile communication service providers, virtual network providers and other multi-party participation in the supply chain, also brings great challenges to the security of 5g network.

Supply chains are vulnerable to malicious or unintentional risks such as malware and hardware, counterfeit components, and poor design, manufacturing processes, and maintenance programs. 5g hardware, software and services provided by the entrusted entity may increase the vulnerability of network asset disclosure and affect data confidentiality, integrity and availability.

What’s more disturbing is that the massive data derived from 5g are concentrated in the data center. Once any link in the supply chain is flawed, it will cause the collapse of 5g network.

Risk 3: big connection integration symbiosis, network attacks against 5g use cases will cause “Butterfly Effect”“

In the future, with the continuous deepening of 5g network, more than 100 times more network devices can be received per square kilometer than now. New application scenarios such as Internet of vehicles, industrial Internet, artificial intelligence, wireless medical, and smart city will form a “big connection” integration in the world with a scale of over 10 billion.

At the same time, all-round and high-density cloud and virtualization are further intensified, and the boundary between virtual space and the real world is gradually eliminated. Once network attacks are encountered, it will inevitably lead to “Butterfly Effect” disaster consequences. From personal privacy to enterprise assets, even key national infrastructure and military and political secret agencies will face the crisis of “complete loss”.

As CISA of the United States said in this 5g security strategy, although the deployment of 5g has opened up a new track, new technology and new mode for the digital era, it also virtually adds a sword of Damocles that will fall down at any time in cyberspace.

A review of think tanks

Where network technology develops, security research and response must follow. To minimize the security risk in the process of 5g deployment and development is the strategic thinking and bottom line awareness in the current digital process.

As a superpower, the United States, even though 5g network research and development is not dominant, continues to deploy 5g security strategy construction. All kinds of actions are the best embodiment of this concept.

In China, 5g is also the first fortress. At present, the new infrastructure is in full swing, and 5g is in every track of its development. According to the data, by the end of February this year, 164000 5g base stations have been built and put into operation nationwide, and it is expected that the number of 5g base stations will exceed 600000 by the end of 2020.

At the time of “blooming everywhere”, the network threat is bound to “rise side by side”. For China, it is urgent to strengthen the top-level design of 5g security and formulate the national 5g security strategy.

Starting from the overall situation, we should establish a set of 5g security comprehensive protection system based on overall thinking and top-level design, which integrates threat detection, situation awareness, emergency response and traceability disposal. We should go deep into every link of 5g enabling digital twin, move forward the risk gate, and prevent the trouble in advance. Only in this way can we make good use of the “double-edged sword” of 5g and escort the development of new infrastructure in an all-round way.