The New York Times reported that the US government has defined 5G competition as a “new arms race.” According to the report, “whichever country dominates 5G will gain an economic, intelligence and military edge for much of this century.” The transition to 5G is a revolution and “this will be almost more important than electricity,” an analyst was quoted by the report as saying. As noted in the Department of Defense 5G Strategy, “5G is a critical strategic technology: those nations that master advanced communications technologies and ubiquitous connectivity will have a long-term economic and military advantage.”
China is the world leader in 5G communications, and two of its telecommunications companies, Huawei and ZTE, dominate world sales and are building 5G networks in several nations. The companies’ connections to the Chinese military have prompted a handful of nations, including the United States, to ban their technology because of security concerns.
5G is important to DoD because it offers higher performance and additional capabilities, particularly for data driven applications and for machine-to-machine communication. These capabilities will become the foundation for a new networked way of war that brings together sensors and machines that will revolutionize the battlespace and the logistics and support functions behind the front lines. DoD must have access to a 5G defense industrial base that provides trustworthy 5G technologies.
The coming 5G standard will offer towering benefits, such as enhanced speed and performance, lower latency, and better efficiency. But it will also come with risks. Although 5G is susceptible to many of the same cybersecurity risks found in today’s existing telecommunications and enterprise networks, it’s also subject to new avenues of attack against core network services due to a more complex ecosystem of technologies and operations.
In a paper titled “A Formal Analysis of 5G Authentication,” researchers from ETH Zurich, the University of Lorraine and the University of Dundee warned that 5G could usher in a new era of security threats. 5G presents new risks because It’s an immature and insufficiently tested set of technologies; It enables the movement and access of vastly higher quantities of data, and thus broadens attack surfaces, and We will depend on it more than 4G for mission-critical applications. 5G systems are going to be service-oriented. This implies there will be a special emphasis on security and privacy requirements that stem from the angle of services. The rise of new business, new architecture, and new technologies in 5G will present new challenges to security and privacy protection.
Because 5G networks will be mostly software-defined networks, future upgrades will be software updates and thus will be vulnerable to much like the smartphone upgrades. 5G networks will support a massive number of connected devices, which together with elevated use of virtualization and the cloud will equate to many more 5G security threats and a broader, multifaceted attack surface.
An upcoming agency program, called GECCO — generating communications channels to operate — wants to allay these privacy concerns, Root said.
The Generating Communication Channels to Operate (GeCCO) program will enable secure communications for military applications in permissive environments by using a flexible communications architecture to deploy virtual network services to preserve privacy by preventing pattern-of-life analysis. Today’s distributed operations across the globe require a small logistical footprint in order to enable collaboration with mission partners while still preserving privacy of communications. GeCCO will overcome this challenge by enabling the secure use of already widespread cellular networks in order to reduce the logistical burden of deploying military systems. GeCCO will use virtualization and software programmability to create the network services needed to preserve privacy while improving quality of service compared to today’s tactical radio networks.
GeCCO will develop privacy-preserving techniques in software to prevent pattern-of-life analysis. GeCCO will also define a new networking architecture to deploy network services drawing on the software programmability characteristic of today’s advanced cellular networks. Microservice principles of resilience, scale, and speed will further drive GeCCO innovations.
“We want to ensure that the traffic — the information we’re sending through future 5G tunnels and slices — that the information is not exploitable and maintains our privacy,” Root said Aug. 31 at the DARPA Forward conference at Colorado State University in Fort Collins.
In the upcoming program, DARPA will ask researchers for ideas on how to transmit secure communications through possibly compromised 5G networks, he said.
“The GECCO program is about leveraging commercial infrastructure — but doing it securely — maintaining our security … and benefiting from significant commercial investment,” he said.
The military should be able to leverage these high-tech, robust communication systems that have been built by the private sector, he said.
GECCO will build on another agency program — the space-based adaptive communications node, also known as Space-BACN — which is seeking to exploit the billions in investments the private sector has made in low-Earth orbit communication satellite systems such as SpaceX’s Starlink, Amazon’s Project Kuiper, the Space Development Agency’s series of communications spacecraft and DARPA’s own Blackjack military communication satellite program.
Linking all those systems and providing military users with a universal “translator” could provide a powerful communications system, he said. Plus, much of the investment did not come from the government, he pointed out.
Details on the GECCO program have not yet been released publicly but will be soon, Root said.