The Fifth Generation of wireless technology, or 5G, will enable new innovation, new markets, and economic growth around the world. Tens of billions of new devices will be connected to the Internet through 5G technology. These connections will empower a vast array of new and enhanced critical services, from autonomous vehicles and telemedicine, to automated manufacturing and advances to traditional critical infrastructure, such as smart grid electricity distribution. Given 5G’s scope, the stakes for safeguarding these vital networks could not be higher. CISA is leading risk mitigation efforts across the federal government and is committed to working with government and industry partners to ensure the security and integrity of 5G technology in our nation.
What is 5G?
5G is the next generation of wireless technology that represents a complete transformation of telecommunication networks. Combining new and legacy technology and infrastructure, 5G will build upon previous generations in an evolution that will occur over many years, utilizing existing infrastructure and technology. 5G builds upon existing telecommunication infrastructure by improving the bandwidth, capacity, and reliability of wireless broadband services. The evolution will take years, but the goal is to meet increasing data and communication requirements, including capacity for tens of billions of connected devices that will make up the Internet of Things (IoT),v ultra-low latency required for critical near-real time communications, and faster speeds to support emerging technologies.
When will 5G be Available?
Widespread usage of a standalone 5G network is not expected until at least 2022. In the interim, the continued exponential increase of connected devices will utilize 4G, 4G Long-Term Evolution (LTE), and 4G/5G hybrid infrastructures for internet connectivity.
Vulnerabilities of 5G Adoption
The move to 5G presents opportunities to enhance security and create a better user experience; however, it may result in vulnerabilities related to supply chains, deployment, network security, and the loss of competition and choice. While not all inclusive, there are a range of vulnerabilities that could increase risk for the United States as the country’s networks migrate to 5G, including: reliance on untrusted entities and the global supply chain, lack of participation by untrusted companies in interoperability efforts, increased size of 5G infrastructure, integration within existing vulnerable networks, and untrusted company development of custom code for Information and Communication Technologies (ICT) components.
CISA’s Role in 5G Adoption
CISA is leading 5G risk mitigation efforts to ensure that the U.S. can fully benefit from all the advantages 5G connectivity promises to bring. Through its unique authorities, the agency is working with government and industry to ensure there is policy, legal, security, and safety frameworks in place to fully leverage its technology while mitigating its significant risks. Recently, CISA worked with the IT and Communications sectors to produce a 5G Risk Characterization product that provides a concise and easily understood overview of the wide range of risks 5G will introduce before, during, and after deployment. It provides a foundational baseline that both the U.S. government and industry can reference as common ground during the deployment of 5G.
CISA has provided an analysis of the vulnerabilities likely to affect the secure adoption and implementation of 5G technologies. This analysis represents the beginning of CISA’s thinking on this issue, and not the culmination of it. It is not an exhaustive risk summary or technical review of attack methodologies.