WEBVTT - https://subtitletools.com 00:00:05.516 --> 00:00:20.546 [ Music ] 00:00:21.046 --> 00:00:22.566 Female Speaker: Our next speaker is Kevin Briggs, 00:00:22.706 --> 00:00:25.816 who is the Chief of Continuity Assessment and Resilience 00:00:25.816 --> 00:00:27.916 at the National Coordinating Center 00:00:27.916 --> 00:00:29.416 for Communications within CISA. 00:00:30.186 --> 00:00:33.046 He leads teams that assess and work to mitigate risk 00:00:33.286 --> 00:00:35.616 to the communication infrastructures from threats 00:00:35.616 --> 00:00:38.446 such as EMP, SS7, rogue cell towers, 00:00:38.446 --> 00:00:39.756 earthquakes, and solar storms. 00:00:40.346 --> 00:00:44.276 He also oversees several Federal Continuing Communication 00:00:44.386 --> 00:00:46.346 Programs, such as the SHARES Program, 00:00:46.756 --> 00:00:50.136 the Federal Continuing Communications Plan, 00:00:50.356 --> 00:00:53.066 and the Department and Agency Continuing Network 00:00:53.206 --> 00:00:56.016 and the Title Globe Assessment Program. 00:00:56.016 --> 00:00:57.786 I am butchering your bio here. 00:00:57.786 --> 00:00:58.476 I apologize. 00:00:58.936 --> 00:01:02.256 He also leads CISA's 5G Capacity Building Team 00:01:02.256 --> 00:01:04.046 and several R&D efforts to identify 00:01:04.046 --> 00:01:06.666 and mitigate mobile cyber threats. 00:01:08.646 --> 00:01:13.816 And I will... 00:01:14.316 --> 00:01:16.606 [ Applause ] 00:01:17.106 --> 00:01:19.806 Kevin Briggs: Okay, well, thank you to the S&T 00:01:19.866 --> 00:01:23.966 for this opportunity to talk about the 5G race and some 00:01:23.966 --> 00:01:25.386 of the challenges that we have. 00:01:26.006 --> 00:01:30.916 Let me make sure I've got the clicker under control here. 00:01:31.716 --> 00:01:32.706 I'm Kevin Briggs. 00:01:32.706 --> 00:01:36.496 I'm with CISA, and today, I'm going give you some perspectives 00:01:36.496 --> 00:01:39.646 on the 5G race, and in particular, 00:01:39.646 --> 00:01:43.036 I'm going to be focusing in some of the safety 00:01:43.406 --> 00:01:46.116 and security aspects of 5G. 00:01:48.646 --> 00:01:52.576 Some of you, probably back in April, saw the press conference 00:01:52.576 --> 00:01:57.136 with President Trump where he was talking about the 5G race. 00:01:57.666 --> 00:02:01.236 A couple things I wanted to highlight out of that is 00:02:01.236 --> 00:02:05.326 that he said it's a race that America must win, 00:02:05.796 --> 00:02:11.026 and he went a little further and emphasized the security aspects 00:02:11.196 --> 00:02:15.306 and said, "Secure 5G, those networks, 00:02:15.306 --> 00:02:20.446 are an absolutely vital link in America's prosperity 00:02:20.446 --> 00:02:22.636 and future national security." 00:02:23.136 --> 00:02:27.656 So, we look at the security aspect is vital. 00:02:28.316 --> 00:02:30.756 You're amplifying everything under 5G. 00:02:30.756 --> 00:02:35.526 You're amplifying the speeds, the availability, the, you know, 00:02:35.526 --> 00:02:37.736 every dimension, but, 00:02:37.736 --> 00:02:40.956 if you don't also concurrently handle the security, 00:02:41.286 --> 00:02:44.426 your amplifying issues there, as well, and risk. 00:02:44.786 --> 00:02:47.916 A couple other things that the president discussed is 00:02:47.916 --> 00:02:53.006 that he's looking to streamline the deployment of 5G. 00:02:53.276 --> 00:02:54.826 He's working with the FCC 00:02:54.826 --> 00:02:59.336 so that the approvals don't take years as they have in the past. 00:02:59.716 --> 00:03:02.306 That going into the future, it should be done 00:03:02.306 --> 00:03:07.006 within 90 days approval or disapproval, and by the end 00:03:07.006 --> 00:03:11.126 of 2019, the President pointed out that we should have 00:03:11.126 --> 00:03:15.786 about 92 communities within the United States with 5G services, 00:03:16.246 --> 00:03:18.926 and that that is leading the world. 00:03:18.926 --> 00:03:23.286 He said the closest next competitor was South Korea. 00:03:23.286 --> 00:03:26.106 There's a whole lot of other dimensions that could be brought 00:03:26.106 --> 00:03:28.326 in as to how many people you've actually got covered 00:03:28.326 --> 00:03:29.726 and percentage of population. 00:03:30.056 --> 00:03:33.416 But those are the measures that are brought out right now. 00:03:36.266 --> 00:03:39.666 One other thing, before leaving that thought is 00:03:39.666 --> 00:03:42.596 that he wants this to be ubiquitous, and he does talk 00:03:42.596 --> 00:03:45.376 about the importance of getting it to the edge 00:03:45.716 --> 00:03:47.466 and into our rural communities. 00:03:48.246 --> 00:03:50.866 Now how do we win the 5G race? 00:03:50.866 --> 00:03:52.406 Is it all about bits and bytes 00:03:52.406 --> 00:03:54.626 and how fast they move and how far they go? 00:03:55.096 --> 00:03:59.326 I think the answer is that it's a whole lot more than that, 00:03:59.326 --> 00:04:05.926 and as the president said, our 5G networks must also be secure. 00:04:06.326 --> 00:04:09.336 They must be strong, and when I say strong, 00:04:09.446 --> 00:04:12.306 and I think our community, as we look at it, we're talking 00:04:12.306 --> 00:04:16.046 about where you're available and resilient under all conditions. 00:04:16.046 --> 00:04:18.866 Everywhere, you know, I mean the goal would be everywhere, 00:04:18.866 --> 00:04:23.076 anytime, anyplace, and any condition, 00:04:23.366 --> 00:04:28.026 to include all natural disasters and going all the way 00:04:28.026 --> 00:04:29.886 up through wartime conditions. 00:04:30.266 --> 00:04:33.856 It's a big order, and obviously, is always going to be a goal. 00:04:35.226 --> 00:04:38.396 We believe without good 5G security, 00:04:38.556 --> 00:04:41.226 we cannot be safe from our enemies. 00:04:42.446 --> 00:04:44.656 Again, we're amplifying benefits, 00:04:44.656 --> 00:04:46.696 but we're also amplifying risks 00:04:47.036 --> 00:04:50.536 if we do not handle all the security aspects, 00:04:51.206 --> 00:04:53.566 and winning the race, then, you know, 00:04:53.566 --> 00:04:56.876 what is the answer to that? 00:04:56.996 --> 00:05:00.956 It means that you're providing the most benefits while ensuring 00:05:00.956 --> 00:05:02.046 the least risks. 00:05:05.176 --> 00:05:10.066 Now, I wanted to go through some examples that put some flesh 00:05:10.066 --> 00:05:15.636 onto these ideas, and I'm going to just go through some 00:05:15.636 --> 00:05:19.586 of the proposed benefit areas, but then kind of flip it 00:05:19.586 --> 00:05:23.246 and say, okay, if this benefit isn't well secured, 00:05:23.716 --> 00:05:25.786 what might be some of the consequences? 00:05:26.666 --> 00:05:30.406 So, if you look at autonomous vehicles, you know, a great, 00:05:30.406 --> 00:05:36.716 new capability, but if they are being controlled or monitored 00:05:36.716 --> 00:05:40.226 or tracked, it opens up all sorts of other vulnerabilities 00:05:40.226 --> 00:05:44.576 to include crashes and other unwanted consequences. 00:05:45.306 --> 00:05:47.156 The telemedicine. 00:05:47.236 --> 00:05:48.216 We're hearing about a -- 00:05:48.216 --> 00:05:51.296 you want to bring in the best doctor anywhere in the world 00:05:51.616 --> 00:05:56.536 into your room and actually using the scalpel to help. 00:05:57.196 --> 00:06:01.406 Well, again, you don't want that to be cut off mid operation, 00:06:01.816 --> 00:06:04.156 and you want to maintain control of the scalpel. 00:06:05.256 --> 00:06:09.756 National security, each of these areas I won't go 00:06:09.756 --> 00:06:10.256 through in detail. 00:06:10.406 --> 00:06:15.066 Let's just say you need to have the national security 00:06:15.066 --> 00:06:21.656 information everywhere and to the edge, but if you have a lack 00:06:21.656 --> 00:06:26.046 of security on your 5G, you have an exfiltration of data 00:06:26.386 --> 00:06:29.426 and mess at any location. 00:06:29.556 --> 00:06:31.216 So, you have to secure it carefully. 00:06:31.886 --> 00:06:34.796 First responders, Rob went through that very well. 00:06:35.176 --> 00:06:38.126 You want to make sure that they get the timely information they 00:06:38.126 --> 00:06:41.846 need as they're heading into a building or into a situation. 00:06:42.346 --> 00:06:45.526 On the contrary, you don't want people blocking 00:06:45.526 --> 00:06:47.466 that are giving you false information 00:06:47.466 --> 00:06:49.446 and steering them incorrectly. 00:06:50.216 --> 00:06:53.246 Industrial controls, whether it be smart factories, 00:06:53.246 --> 00:06:57.916 smart cities, Internet of things, you've got a whole range 00:06:57.916 --> 00:06:59.746 of controls that you need 00:06:59.746 --> 00:07:05.026 to maintain the whole cyber ecosystem around, 00:07:05.396 --> 00:07:12.066 or there's indeed, a great consequence of harm potentially. 00:07:12.866 --> 00:07:17.186 So, last couple things, as far as privacy, 00:07:17.186 --> 00:07:21.066 you want to ensure privacy in all dimensions 00:07:22.096 --> 00:07:26.686 versus having your voice, video habits of life, 00:07:26.826 --> 00:07:29.786 and other dimensions of your life being exposed 00:07:30.176 --> 00:07:33.866 through networks that connect back into other countries. 00:07:34.966 --> 00:07:39.486 Bottom line, with good cybersecurity on 5G, 00:07:39.736 --> 00:07:43.066 we're going to save a lot of lives, save a lot of money, 00:07:43.116 --> 00:07:46.666 and make America greater in a lot of ways. 00:07:47.126 --> 00:07:51.826 Without that good security, it is not a pretty picture. 00:07:52.116 --> 00:07:54.886 So, we have to do our jobs here. 00:08:00.486 --> 00:08:03.956 Now for the next few slides, I wanted to focus on some 00:08:03.956 --> 00:08:05.236 of the unique challenges. 00:08:05.536 --> 00:08:07.426 Rob covered a lot of this already. 00:08:07.426 --> 00:08:10.256 So, I'm going to focus in on some high points, 00:08:10.706 --> 00:08:14.636 as far as policy and in the international scene here. 00:08:15.216 --> 00:08:19.966 So, the US government has serious concerns 00:08:20.396 --> 00:08:24.016 about allowing any product or vendor 00:08:24.416 --> 00:08:29.866 into the 5G infrastructure that can be compromised and has laws 00:08:30.176 --> 00:08:32.796 that force their companies to cooperate 00:08:32.836 --> 00:08:36.636 with intelligence organizations and things that would not be 00:08:36.636 --> 00:08:38.696 in the best interests of the United States. 00:08:39.226 --> 00:08:43.326 In particular, and you probably, if you're watching the news 00:08:43.326 --> 00:08:46.976 on these things, there's been a whole lot about the concerns 00:08:46.976 --> 00:08:51.616 with China and Huawei going into networks. 00:08:52.486 --> 00:08:54.956 We believe those concerns are very valid, 00:08:55.506 --> 00:08:57.886 and they're not easily mitigated. 00:08:58.736 --> 00:09:02.516 Given the consequences of a 5G compromise in any 00:09:02.516 --> 00:09:04.956 of those areas, for example, that I was just describing, 00:09:05.446 --> 00:09:07.236 those are unacceptable. 00:09:07.956 --> 00:09:12.946 And while the US has been outwardly discussing more 00:09:12.946 --> 00:09:17.446 of the Chinese threat here, when you're getting into supply chain 00:09:17.446 --> 00:09:21.836 and opening up back doors, those that are technologically savvy 00:09:21.836 --> 00:09:25.216 in other countries can piggyback right onto those, 00:09:25.216 --> 00:09:29.246 and unfortunately, in this situation, 00:09:29.246 --> 00:09:32.906 I can't go into details, but we have seen a lot 00:09:32.906 --> 00:09:34.256 of that over the years. 00:09:34.596 --> 00:09:37.666 We have a very, large attack surface even today, 00:09:38.146 --> 00:09:41.796 with the 4G networks, 3G, 2G. 00:09:42.226 --> 00:09:47.926 It's a network based on trust between all countries, and yet, 00:09:48.016 --> 00:09:52.636 you do have cyber controls in there, but they are not anywhere 00:09:52.696 --> 00:09:55.726 to the degree that we see on the computer side of the equation. 00:09:56.746 --> 00:09:59.416 So, a lot of concerns, and hence, we have concerns, 00:09:59.416 --> 00:10:01.356 too about our strategic partners. 00:10:01.746 --> 00:10:04.056 As we share information with them, you know, 00:10:04.056 --> 00:10:06.886 if it's national security-related information, 00:10:06.886 --> 00:10:08.426 we share it with one of our 5G 00:10:08.426 --> 00:10:12.456 or other 5 Values partners or others. 00:10:12.456 --> 00:10:14.076 We need to make sure that that's not going 00:10:14.076 --> 00:10:16.486 to then go out into the wild. 00:10:21.636 --> 00:10:25.726 Some other unique aspects and Rob did touch 00:10:25.726 --> 00:10:29.726 on the complexities of the software-defined networks, 00:10:29.726 --> 00:10:33.846 the operators are going to lose some of the visibility 00:10:33.846 --> 00:10:36.996 that they have into all the dynamics 00:10:36.996 --> 00:10:41.646 of making this network adapt in real time 00:10:41.646 --> 00:10:43.746 to whatever the situation is. 00:10:43.986 --> 00:10:47.496 In addition, if you have hardware, firmware, 00:10:47.846 --> 00:10:54.046 software that is not trusted, then you've got more routes 00:10:54.046 --> 00:10:57.436 of exfiltration and compromise 00:10:57.476 --> 00:11:00.296 than you have resources to mitigate. 00:11:00.866 --> 00:11:04.286 I can guarantee you, if a piece of equipment is built 00:11:04.346 --> 00:11:07.346 in a country and in a place that's untrusted, 00:11:07.346 --> 00:11:13.596 the numbers of ways that they can make that device, 00:11:13.596 --> 00:11:17.636 in a sense, compromised, go beyond the dollars that we have 00:11:17.636 --> 00:11:19.366 to try to vet all of that. 00:11:19.696 --> 00:11:24.486 You can mitigate it, but you can't eliminate that threat. 00:11:24.996 --> 00:11:29.336 There was excellent report by the Huawei Cybersecurity Center 00:11:29.336 --> 00:11:32.656 of Excellence, their oversight board, and they talked about, 00:11:32.736 --> 00:11:35.716 you can bring in technical mitigations, 00:11:35.756 --> 00:11:39.576 even if you do bring in Huawei gear or other things 00:11:39.576 --> 00:11:43.966 like ZT equipment, but for national security 00:11:43.966 --> 00:11:46.196 and where you have life and safety on the line, 00:11:46.666 --> 00:11:49.816 that's just something that we cannot say, oh, 00:11:49.816 --> 00:11:53.846 that's guaranteed that that's good enough. 00:11:59.226 --> 00:12:02.136 A few last thoughts, is and I'm going to talk 00:12:02.136 --> 00:12:05.776 about backdoor issues and some specifics 00:12:05.776 --> 00:12:08.306 to put a little more meat onto the bone here in a minute, 00:12:09.006 --> 00:12:15.076 but we don't see that they're going to have a smoking backdoor 00:12:15.376 --> 00:12:18.286 where it's obvious, you know, they've labeled it in a way 00:12:18.286 --> 00:12:23.756 that it looks and says backdoor, but if you have, 00:12:23.826 --> 00:12:28.626 and I like the term bug door, if you have poor security practice, 00:12:28.656 --> 00:12:32.736 just being baked in to every element of your hardware, 00:12:32.736 --> 00:12:36.956 firmware, software, then you have plausible deniability, 00:12:37.296 --> 00:12:39.526 and yet, you still have full access to everything. 00:12:40.356 --> 00:12:44.726 So, that is a huge concern, and we know, again, 00:12:45.106 --> 00:12:49.676 that the Russians and others are largely aware 00:12:49.676 --> 00:12:52.506 of where these vulnerabilities and access points are, 00:12:53.106 --> 00:12:58.776 and unfortunately, they do use those against us. 00:12:59.676 --> 00:13:04.756 Now, as far as what is CISA doing, the Cybersecurity 00:13:04.756 --> 00:13:07.856 and Infrastructure Security Agency, 00:13:08.346 --> 00:13:11.236 we've got several initiatives ongoing right now. 00:13:11.826 --> 00:13:14.186 One of them is on the government side. 00:13:14.226 --> 00:13:18.046 We have the Federal Acquisition Security Council. 00:13:18.046 --> 00:13:23.206 We also, on a joint industry and government perspective, 00:13:23.206 --> 00:13:26.316 we have like the ICT, the Information 00:13:26.316 --> 00:13:29.696 and Communications Technology Task Force. 00:13:29.986 --> 00:13:33.226 So, we're working in partnership across government 00:13:33.276 --> 00:13:36.786 and with our industry partners and others 00:13:36.786 --> 00:13:37.766 that are in the community. 00:13:37.916 --> 00:13:43.226 Just within CISA, we've got the National Risk Management Center 00:13:43.226 --> 00:13:46.146 that's been stood up here not too long ago, 00:13:46.146 --> 00:13:49.626 and they are doing a broad-based 5G risk assessment. 00:13:50.166 --> 00:13:52.766 Hopefully that will be out a little later this year, 00:13:53.366 --> 00:13:57.466 and we're tapping into other expertise centers throughout 00:13:57.526 --> 00:14:00.916 government, like the Idaho National Labs as a test lab, 00:14:01.416 --> 00:14:06.266 and we appreciate very much the partnership with S&T 00:14:06.266 --> 00:14:08.716 and with our other partners in government. 00:14:09.126 --> 00:14:13.656 The S&T has been very good about, you know, working with us 00:14:13.716 --> 00:14:15.016 to say we've got a problem. 00:14:15.326 --> 00:14:19.476 Let's develop some pilots to look at how do we address these 00:14:19.476 --> 00:14:21.696 in a cost-effective way? 00:14:24.846 --> 00:14:30.616 I wanted to just point out one study. 00:14:30.616 --> 00:14:32.706 There's many, many studies on these things, 00:14:32.756 --> 00:14:34.186 but it's a recent one. 00:14:34.516 --> 00:14:37.726 I'm not saying that the department endorses every aspect 00:14:37.726 --> 00:14:40.866 of this or whatever, but I use it as an illustration 00:14:41.266 --> 00:14:43.136 of why we're concerned. 00:14:43.136 --> 00:14:46.006 You know, some people think, oh, why are you picking on Huawei 00:14:46.006 --> 00:14:49.996 or why are you picking on ZTE or the like? 00:14:50.556 --> 00:14:55.086 And here's some of what we can talk about in a public setting 00:14:55.586 --> 00:14:57.676 that would give us concern. 00:14:58.026 --> 00:15:01.456 I also point out at the bottom of the slide, here's the source. 00:15:01.456 --> 00:15:03.746 It's a Finite State assessment. 00:15:03.746 --> 00:15:06.146 That's a company that's done an assessment 00:15:06.146 --> 00:15:07.486 that was published last month. 00:15:08.036 --> 00:15:12.346 Huawei has put out a rebuttal, and so I invite you 00:15:12.346 --> 00:15:16.676 to read both sides of the thing, but I do believe there's a lot 00:15:16.676 --> 00:15:18.586 of information in there that's useful. 00:15:19.266 --> 00:15:24.366 One is that almost 10,000 of the firmware images 00:15:24.366 --> 00:15:28.036 that they surveyed that was in the Huawei equipment, 00:15:28.036 --> 00:15:29.876 this is over 500 pieces 00:15:29.876 --> 00:15:36.726 of different Huawei gear, had a lot of issues. 00:15:36.726 --> 00:15:41.806 In this case, roughly 55% of those firmware images had 00:15:41.806 --> 00:15:45.686 at least one potential backdoor associated. 00:15:46.646 --> 00:15:49.066 I think, and I'm not going to go through every line here, 00:15:49.066 --> 00:15:52.646 but notice that it's almost 30% had things 00:15:52.646 --> 00:15:57.896 like one default username and password stored in the firmware. 00:15:58.806 --> 00:16:02.706 You know, that's just like the key to your house thing. 00:16:02.756 --> 00:16:06.256 You don't do that, and there's -- 00:16:06.766 --> 00:16:08.446 I'm not saying it's all with intent, 00:16:09.046 --> 00:16:14.666 but if you are not instituting good software engineering, 00:16:14.916 --> 00:16:18.846 you know, principles and practices, this is what happens. 00:16:19.136 --> 00:16:24.426 You take something off a low cost, you know, 00:16:24.426 --> 00:16:27.106 source and stick it into your code, and there you go. 00:16:27.806 --> 00:16:30.766 Now, Huawei devices have a high number 00:16:30.806 --> 00:16:34.856 of security vulnerabilities, at least according to this study. 00:16:35.486 --> 00:16:41.536 On average, Huawei devices had -- and let me go one more. 00:16:41.786 --> 00:16:43.726 Due to time, I'm not going to go through the whole thing, 00:16:43.726 --> 00:16:48.256 but I gave you some other things in your spare time you can look 00:16:48.256 --> 00:16:49.176 at if you're interested. 00:16:49.826 --> 00:16:51.856 On average, Huawei devices had 00:16:51.856 --> 00:16:55.236 over 100 known vulnerabilities inside their firmware. 00:16:56.016 --> 00:16:58.116 Now that's per device. 00:16:58.896 --> 00:17:03.536 That's just incredible, in a way. 00:17:03.536 --> 00:17:08.196 The Huawei engineers systematically made poor 00:17:08.196 --> 00:17:10.736 decisions, at least in our opinion, 00:17:11.216 --> 00:17:13.056 with regard to security. 00:17:13.346 --> 00:17:16.286 I'll only point out maybe a couple more here. 00:17:16.646 --> 00:17:22.386 Sometimes they used 10-year-old versions of libraries and the 00:17:22.386 --> 00:17:26.416 like when there are known vulnerabilities associated 00:17:26.416 --> 00:17:26.976 with those. 00:17:27.346 --> 00:17:28.996 They didn't take the time to clean them up 00:17:28.996 --> 00:17:34.136 or use the more current patched and improved software. 00:17:34.746 --> 00:17:40.556 And in some cases, they actually saw that they had like a call 00:17:40.556 --> 00:17:43.226 with a function that was vulnerable. 00:17:43.426 --> 00:17:45.856 They know that there's a newer one that's better. 00:17:46.176 --> 00:17:50.876 They renamed, in the software, that it was the newer one, 00:17:50.876 --> 00:17:53.166 but in actuality, the backend is the old one. 00:17:53.586 --> 00:17:56.906 So, if you're doing IV&V, independent verification 00:17:56.906 --> 00:17:58.756 and validation, and thinking you're looking through it. 00:17:58.986 --> 00:17:59.536 Looks good. 00:17:59.536 --> 00:18:00.386 Oh, yeah, that's the latest. 00:18:00.736 --> 00:18:03.436 That's why we need tools that go through carefully 00:18:03.436 --> 00:18:04.476 and say, wait a second. 00:18:04.476 --> 00:18:06.906 This, this is not lining up. 00:18:07.186 --> 00:18:09.526 It says it's this, but it's actually the old one that's 00:18:09.526 --> 00:18:10.346 very vulnerable. 00:18:10.936 --> 00:18:15.156 So those are a few examples of why we're concerned 00:18:15.296 --> 00:18:20.826 with using Huawei or other gear in our sensitive areas. 00:18:21.366 --> 00:18:23.306 I hope that helps a bit. 00:18:23.476 --> 00:18:26.136 I want to go into a couple other things outside 00:18:26.466 --> 00:18:28.646 of the standard security area 00:18:29.226 --> 00:18:32.036 and into more of the safety area. 00:18:32.036 --> 00:18:36.066 I just want to highlight that we've got a whole lot more 00:18:36.386 --> 00:18:40.456 in the way of 5G spectrum being put 00:18:40.456 --> 00:18:43.946 out there, 5 gigahertz worth. 00:18:44.016 --> 00:18:47.756 I mean, it's just a lot of spectrum going out there. 00:18:48.326 --> 00:18:51.776 So, with that, in particular, 00:18:51.816 --> 00:18:55.796 like the 24-gigahertz spectrum that's been put out there, 00:18:55.796 --> 00:19:00.216 even just very recently, there are concerns in other parts 00:19:00.216 --> 00:19:01.976 of government who said, wait, wait. 00:19:02.326 --> 00:19:06.436 If we take that, and don't appropriately design your 00:19:06.436 --> 00:19:08.216 networks, you don't have somebody 00:19:08.216 --> 00:19:12.536 like Rob Dew helping you design it end-to-end, you're going 00:19:12.536 --> 00:19:15.026 to interfere with other government functions, 00:19:15.076 --> 00:19:19.986 like NOAA's ability to use the weather prediction off 00:19:19.986 --> 00:19:20.856 of their satellites. 00:19:21.276 --> 00:19:23.766 And, you know, some have gone so far as to say, oh, you're going 00:19:23.766 --> 00:19:27.516 to push back our ability to predict hurricanes by, you know, 00:19:27.516 --> 00:19:29.066 like what we did back in the 80s. 00:19:29.466 --> 00:19:31.656 So, we need to move forward intelligently. 00:19:31.656 --> 00:19:35.046 Nobody's arguing that we move forward into the 5G race, 00:19:35.116 --> 00:19:39.576 but we need to do these things with not just, you know, 00:19:39.576 --> 00:19:40.986 rushing headlong into things 00:19:40.986 --> 00:19:44.486 without carefully considering the consequences. 00:19:44.906 --> 00:19:49.556 Another thing on this slide, the spectrum here is very vast, 00:19:49.556 --> 00:19:51.946 and a lot of it's new territory for us. 00:19:52.436 --> 00:19:57.006 The human experiment of 3G, 2G, 4G, 00:19:57.006 --> 00:19:59.936 we're going to see the same thing with 5G. 00:20:00.346 --> 00:20:03.476 It's going to be into new areas 00:20:03.556 --> 00:20:07.986 where we haven't had ubiquitous 24, 28 gigahertz, 00:20:07.986 --> 00:20:10.286 all the way up to 90 gigahertz. 00:20:10.776 --> 00:20:14.176 And cellular heating and things like that, 00:20:14.606 --> 00:20:19.146 some of the SAR criteria that the FCC currently uses, 00:20:19.476 --> 00:20:20.696 we may need to evolve that. 00:20:20.696 --> 00:20:22.906 That's where we need help, as well, because -- 00:20:23.226 --> 00:20:29.066 okay, I've got to speed up a little here. 00:20:29.236 --> 00:20:30.296 The -- I've got about a minute. 00:20:30.846 --> 00:20:34.456 I'll touch on a couple of things. 00:20:34.456 --> 00:20:36.546 There's, as Rob pointed out, there's likely 00:20:36.546 --> 00:20:39.356 to be a whole lot more points of presence, 00:20:39.356 --> 00:20:42.086 as far as in your neighborhoods and on buildings. 00:20:42.546 --> 00:20:46.346 The coverage of a low-frequency 00:20:46.346 --> 00:20:49.086 versus high-frequency is pretty dramatic. 00:20:49.526 --> 00:20:54.016 And so, you may have millions of more points of a 5G. 00:20:54.016 --> 00:20:57.056 You know, versus having something that's a mile away 00:20:57.056 --> 00:20:58.106 on a cell tower. 00:20:58.106 --> 00:21:02.026 Now it's right in your home, and what's it going to be doing? 00:21:02.696 --> 00:21:05.846 The health effects, I wish we had a little more time. 00:21:06.116 --> 00:21:09.076 I'll just say, the next couple of slides gives some studies. 00:21:09.396 --> 00:21:12.766 In the past, like the 2011 World Health Organization, 00:21:13.116 --> 00:21:18.236 people said, oh, it's just a lot of poor rats in this case 00:21:18.326 --> 00:21:22.846 and other rodents being exposed on a very high level, 00:21:23.256 --> 00:21:26.416 but when you go down to like at the bottom of the slide, 00:21:26.466 --> 00:21:30.206 there was Ramazzini, or however you pronounce that, 00:21:30.206 --> 00:21:33.016 Institute Study, that was at a much lower level, 00:21:33.016 --> 00:21:34.516 and we were seeing the same types 00:21:34.516 --> 00:21:36.996 of brain/heart tumors, other things. 00:21:37.456 --> 00:21:39.706 And now, there is a move afoot 00:21:39.736 --> 00:21:42.066 by many well-respected scientists 00:21:42.066 --> 00:21:44.826 across the world saying we need to be careful here. 00:21:45.156 --> 00:21:49.106 We could have a real health problem. 00:21:49.236 --> 00:21:51.766 The references are there for you. 00:21:51.766 --> 00:21:55.776 There are calls with many that said we need 00:21:55.776 --> 00:21:58.986 to reclassify this into a category one. 00:21:59.466 --> 00:22:07.206 So, last takeaway is that the challenges I've gone 00:22:07.206 --> 00:22:10.266 through here are many with 5G. 00:22:10.266 --> 00:22:11.596 The benefits are great, 00:22:12.096 --> 00:22:17.426 but we need to go forward intelligently, and so, 00:22:17.516 --> 00:22:19.366 we're asking for everyone's help. 00:22:19.366 --> 00:22:21.096 This is a whole-community effort. 00:22:21.586 --> 00:22:24.276 We can't -- the government doesn't have the solutions You 00:22:24.276 --> 00:22:27.686 know, we can help facilitate, but the solutions are out there. 00:22:28.116 --> 00:22:32.186 So, with that, I'll close, and if you have any questions, 00:22:32.606 --> 00:22:34.396 I can entertain those now. 00:22:38.586 --> 00:22:39.596 Yes, hey Bill. 00:22:39.596 --> 00:22:41.506 If we can wait for the mic. 00:22:41.506 --> 00:22:42.716 You're about to get a mic. 00:22:42.716 --> 00:22:47.176 Woman: And do you mind standing up? 00:22:47.976 --> 00:22:50.786 Man: So, Kevin, a question about the relationship 00:22:50.866 --> 00:22:56.556 between 5G and the global submarine cable system 00:22:56.676 --> 00:23:00.336 that carries 99% of intercontinental communications. 00:23:00.946 --> 00:23:05.936 So, I recently talked to the publisher of SubTel Forum, 00:23:06.116 --> 00:23:07.876 who's up to date on the statistics. 00:23:07.906 --> 00:23:11.966 There are between 700 and 800 lamping sites 00:23:12.726 --> 00:23:16.056 for these commercial intercontinental systems, 00:23:16.566 --> 00:23:21.696 and if there were not even a purposeful like EMP attack, 00:23:21.926 --> 00:23:25.226 if the North Koreans just did a test over the Pacific Ocean 00:23:25.866 --> 00:23:30.056 to see what EMP effects there are, 00:23:30.516 --> 00:23:33.856 there is no financial incentive less -- 00:23:34.046 --> 00:23:37.026 in place now to protect the commercial. 00:23:37.176 --> 00:23:38.826 Not the national security systems 00:23:38.886 --> 00:23:41.306 but the commercial systems, and so, 00:23:41.726 --> 00:23:46.016 that could have a huge impact on availability of 5G 00:23:46.356 --> 00:23:51.206 for international supply chains and business. 00:23:51.206 --> 00:23:53.846 Is that of concern? 00:23:54.256 --> 00:23:58.946 The intersection between 5G and the submarine cable systems 00:23:58.946 --> 00:24:01.336 that are pretty well protected from solar storms 00:24:01.476 --> 00:24:07.276 but wouldn't necessarily make it for high-altitude EMP? 00:24:07.276 --> 00:24:08.376 Kevin Briggs: There's a lot of waterfront 00:24:08.376 --> 00:24:10.406 on that question, no pun intended. 00:24:10.796 --> 00:24:17.936 But yes, we are very concerned about all dimensions of 5G. 00:24:17.976 --> 00:24:22.886 5G takes you into, I think there's 12000 satellites planned 00:24:22.886 --> 00:24:25.706 over the next few years that will also be tied in. 00:24:26.056 --> 00:24:32.776 It's, whether it's a, in a sense, the access point 00:24:33.246 --> 00:24:35.086 for a lot of information that then goes 00:24:35.086 --> 00:24:36.286 under the undersea cables, 00:24:36.846 --> 00:24:38.886 I will point out, you mentioned EMP. 00:24:39.156 --> 00:24:40.576 That's one of my favorite subjects. 00:24:41.026 --> 00:24:45.746 When it comes to public safety, there is a new standard 00:24:45.746 --> 00:24:50.376 that has come out for public safety that allows -- 00:24:50.606 --> 00:24:53.596 this is the NAVCO standard that came out about two weeks ago 00:24:54.016 --> 00:24:59.026 that says that EMP is a consideration now, 00:24:59.446 --> 00:25:00.886 and how to do it. 00:25:00.886 --> 00:25:07.786 So, yes, we are concerned that the 5G access, as well as core, 00:25:07.786 --> 00:25:10.366 and things like FirstNet and others made, 00:25:10.446 --> 00:25:13.096 that they be protected against these things. 00:25:13.586 --> 00:25:16.296 But yeah, it all interconnects, you know, whether it be 00:25:16.296 --> 00:25:19.566 in undersea cable or satellite or 5G brand. 00:25:20.306 --> 00:25:23.636 Yeah, I hope that helped to answer your question. 00:25:23.916 --> 00:25:23.996 Yeah? 00:25:24.706 --> 00:25:26.136 Man: Can you hear? 00:25:26.136 --> 00:25:29.916 You mentioned a lot about supply chain attacks in terms 00:25:29.916 --> 00:25:32.766 of our resilience, and our cyber resilience for 5G. 00:25:32.976 --> 00:25:35.906 Are you also working on the deployment, the operation? 00:25:35.906 --> 00:25:38.956 A lot of the attacks don't necessarily use 00:25:39.216 --> 00:25:40.216 third-party vulnerability. 00:25:40.216 --> 00:25:42.216 They actually just operate within the environment 00:25:42.266 --> 00:25:44.856 to get their goals without vulnerability 00:25:44.856 --> 00:25:45.656 in the equipment itself. 00:25:45.836 --> 00:25:47.696 Are you looking at it from a more global, 00:25:47.696 --> 00:25:50.036 operational perspective? 00:25:50.496 --> 00:25:52.376 Kevin Briggs: And I'm not sure I fully understood 00:25:52.376 --> 00:25:53.156 that question. 00:25:53.496 --> 00:25:58.506 Are you saying that the avenues for -- 00:25:58.576 --> 00:25:59.936 Man: I'll give you an example. 00:26:00.036 --> 00:26:00.416 Kevin Briggs: Okay. 00:26:00.996 --> 00:26:02.936 Man: My company's a cybersecurity company. 00:26:02.936 --> 00:26:05.336 A month ago, we published a Chinese operation 00:26:05.336 --> 00:26:07.856 against a big telecom provider, different country. 00:26:08.376 --> 00:26:10.666 But they were like 12 countries that were operating. 00:26:10.666 --> 00:26:13.636 They walked in through a completely unregulated system 00:26:13.636 --> 00:26:15.826 in the building -- I'm sorry, on the web front. 00:26:16.326 --> 00:26:18.616 Walked inside the environment until they got to the core 00:26:18.616 --> 00:26:20.096 and had complete control of the core, 00:26:20.096 --> 00:26:22.146 where they could do everything they wanted out of operations. 00:26:22.176 --> 00:26:25.356 So, even no vulnerability in the LTE core, 00:26:25.356 --> 00:26:27.186 in that case, was used. 00:26:27.536 --> 00:26:28.926 The Chinese operator, in this environment, 00:26:28.926 --> 00:26:30.466 had complete control of their environment. 00:26:30.566 --> 00:26:33.536 The we're using that for individual tracking, 00:26:33.596 --> 00:26:35.206 tracking people's whereabouts and the call records, 00:26:35.206 --> 00:26:38.246 but they could easily do it for any other kind of manipulation. 00:26:38.866 --> 00:26:41.886 It's a much more wholistic problem than just do we bring 00:26:41.886 --> 00:26:44.536 in a third-party vulnerable assets to the game? 00:26:44.956 --> 00:26:47.446 Kevin Briggs: Absolutely, and I would concur 00:26:47.446 --> 00:26:50.736 that it's a much more complex equation, 00:26:51.206 --> 00:26:52.516 and because it's backward -- 00:26:52.676 --> 00:26:56.986 5G is backward-compatible with all the other vulnerable aspects 00:26:56.986 --> 00:27:01.746 of 4G, 3G, 2G, it's well-known that there's lots of tools 00:27:01.746 --> 00:27:05.076 and techniques to use that -- 00:27:05.076 --> 00:27:10.006 and the back doors on the databases that are in all 00:27:10.046 --> 00:27:13.756 of the com networks is another, you know, huge issue. 00:27:14.086 --> 00:27:16.266 I want to point out one quick thing, 00:27:16.326 --> 00:27:17.696 and it jogged my brain here. 00:27:18.336 --> 00:27:22.056 The biggest subscriber-shipped network 00:27:22.056 --> 00:27:24.136 in the world isn't the Internet. 00:27:25.156 --> 00:27:31.286 The biggest one is the com networks, the SS7 networks, 00:27:31.286 --> 00:27:33.746 the diameter -- when you add up all the subscribers there, 00:27:34.056 --> 00:27:36.546 we've got them beat by billions, and we need to bring 00:27:36.546 --> 00:27:39.706 in the same cyber controls, end-to-end, whether it be 00:27:39.706 --> 00:27:43.836 in the core network or at the, you know, managed databases 00:27:43.976 --> 00:27:44.866 and other, you know, points. 00:27:45.006 --> 00:27:48.666 Yes? Okay, I'm getting the -- that may be the last question. 00:27:48.776 --> 00:27:48.996 Woman: One more. 00:27:49.206 --> 00:27:50.016 Kevin Briggs: Oh, one more, okay. 00:27:50.086 --> 00:27:50.746 One more question. 00:27:51.386 --> 00:27:54.356 Man: Hi, so, we're talking about security 00:27:54.356 --> 00:27:55.676 in heterogeneous networks. 00:27:56.216 --> 00:28:00.926 Currently the carriers can't even protect all the phone calls 00:28:00.926 --> 00:28:01.806 that are coming through. 00:28:02.046 --> 00:28:04.216 This is only going to compound the matter 00:28:04.216 --> 00:28:06.866 and then also introduce the current vulnerability 00:28:06.866 --> 00:28:08.576 that the Internet poses. 00:28:09.156 --> 00:28:12.986 So, I see security risks going tremendously, 00:28:13.536 --> 00:28:16.866 exponentially greater without changing the actual 00:28:17.956 --> 00:28:20.796 infrastructure platform integrity itself, 00:28:20.926 --> 00:28:23.096 which we haven't done since 1978. 00:28:23.416 --> 00:28:27.976 So, just to as far as security goes, how do you expect 00:28:27.976 --> 00:28:30.506 that we're going to be able to handle it? 00:28:31.156 --> 00:28:33.816 Kevin Briggs: Well, again, a very large question, 00:28:33.886 --> 00:28:39.186 but I'll say there are practices that are commonly used 00:28:39.186 --> 00:28:44.416 in the IT computer world that need to be brought more 00:28:44.656 --> 00:28:48.506 into the bigger data network, as far as subscribers, 00:28:48.506 --> 00:28:51.226 things like SSF and Diameter, 00:28:51.226 --> 00:28:54.046 where you're not monitoring people's voice and data 00:28:54.046 --> 00:28:56.946 and whatever, but you are looking at the controls, 00:28:57.306 --> 00:29:00.016 whether it be at a signaling transfer point 00:29:00.016 --> 00:29:03.116 or at your international gateways 00:29:03.116 --> 00:29:06.566 or in your rural interconnects. 00:29:06.906 --> 00:29:10.786 There needs to be the same discipline and security controls 00:29:10.786 --> 00:29:12.786 of monitoring appropriately. 00:29:12.786 --> 00:29:15.176 Not, you know, where you're getting into people's privacy, 00:29:15.766 --> 00:29:19.736 but we need to bring in that same level of expertise 00:29:20.106 --> 00:29:24.036 that the community does have to all of our telecom things. 00:29:24.066 --> 00:29:27.676 But yeah, if we don't up our game there, yeah, 00:29:27.676 --> 00:29:29.526 we introduce huge vulnerability. 00:29:33.266 --> 00:29:34.206 Okay, I think that's it. 00:29:34.446 --> 00:29:34.756 Thank you. 00:29:35.516 --> 00:29:37.516 [ Applause ] 00:29:38.516 --> 00:29:50.970 [ Music ]