NSA, DHS Say 5G is a Major Security Risk

In fairness, the NSA is trying not to kill all of the 5G buzz completely, so they are saying it could pose a major cybersecurity risk, but the rest of the story says it is a major risk.

Some issues – nation states might try to exert influence on standards. They are saying this could benefit one country over another or limit users choices, but I think they are probably remembering back to the time when the NSA gave RSA a suitcase load of money to incorporate deliberately flawed crypto for the dual EC standard into one of the major security tools of the time. When this came out NIST was forced to revoke an already existing standard. There was a cover story, but it was flimsy.

The next issue is supply chain integrity. Think Huawei and other challenges. Most chips are made in China. Most products are assembled there. You get the idea. Also think SolarWinds.

Also, the architecture itself is a bit of a dumpster fire due to the desire for backward compatibility with old standards that we know are broken. In addition, some of the brand new standards are broken since the folks that wrote them were not security experts.

Finally, due to the shortage of spectrum, spectrum has to be shared between all classes of users, allowing malicious users to jam and/or overhear conversations that they should not hear.

Other than that, the NSA says everything is cool.

What that means is that as you design your plans for high speed mobile, you need to assume that the core technology is broken, compromised and not secure. You have to architect whatever security you think you need yourself. If you are moving money, don’t think the network will keep you safe. If you are moving health information, don’t assume the network will keep it private. If you are moving your intellectual property or your client’s data, do not assume it is secure.

This is, as the feds told Colonial Pipeline this week after their pipeline was hacked, your problem. Deal with it.

Are you ready to deal with the dramatic increase in your data flowing over compromised 5G networks? Start now. Credit: The Hacker News