Former FCC chairman argues for need to focus on cybersecurity of 5G networks

Former Federal Communications Commission (FCC) Chairman Tom Wheeler stressed the need to zero in on protecting 5G wireless networks from cyber threats in a new paper published Tuesday by the Brookings Institution.

The paper, co-authored by David Simpson, the former chief of the FCC’s Public Safety and Homeland Security Bureau, makes the case for putting “equivalent – if not greater – focus on the security” of 5G networks as there is on the possibilities of the “connected future.”

{mosads}“To build 5G on top of a weak cybersecurity foundation is to build on sand,” Wheeler and Simpson wrote in the paper. “This is not just a matter of the safety of network users, it is a matter of national security.” 

In an interview with The Hill, Wheeler highlighted the threat to 5G networks posed by the increasing amount of internet-connected devices, many of which may not be secure against cyberattacks. 

“We shouldn’t be surprised that the networks of the 21st century are the new attack vectors, but these are different because they are expanded to an almost infinite number of attack vectors,” Wheeler said.

The former officials recommended two “key steps” to ensure the security of 5G networks. They said companies should be held responsible for cybersecurity “duty of care” and treat cybersecurity as a priority. The second step, they wrote, involves government establishing a new “cyber regulatory paradigm” to encourage government and industry to work together to address threats to 5G networks. 

Wheeler and Simpson, both of whom led the FCC under President Obama, also strongly recommended that the FCC “re-engage” with international groups such as the 3rd Generation Partnership Project, an industry group that governs the setting of international 5G network standards.

The FCC under Obama engaged with the group on cybersecurity issues, but this ceased due to Republican opposition to these policies under President Trump.

Wheeler and Simpson rebuked Trump and members of Congress for their actions in regards to 5G security, an issue the authors described as “a whole-of-the-nation peril.”

“We must not confuse 5G cybersecurity with international trade policy. Congress should not have to pass legislation instructing the Trump administration to act on 5G cybersecurity,” the authors wrote. “The whole-of-the-nation peril requires a whole-of-the-economy and whole-of-the-government response built around the realities of the information age, not formulaic laissez faire political philosophy or the structures of the industrial age.”

The issue of 5G network security has been a major centerpiece of U.S.-China trade relations in recent months, particularly in regards to concerns the Trump administration has with the use of products from Chinese telecommunications group Huawei.  

The Commerce Department added the group to its “entity list” earlier this year, effectively banning U.S. companies from doing business with Huawei, citing national security issues stemming from the company being tied to the Chinese government. Huawei has denied these charges. President Trump said in June that he would allow some U.S. companies to do business with Huawei.

The Trump administration has been pushing U.S. allies to ban Huawei from their 5G networks due to security concerns, with some success. On Monday, the U.S. and Poland signed a 5G security agreement during Vice President Pence’s trip to the country. 

While the agreement did not mention any companies specifically, it read in part that “we believe that all countries must ensure that only trusted and reliable suppliers participate in our networks to protect them from unauthorized access or interference.”

Wheeler and Simpson argued in the paper that the “furor” over Huawei has “masked” other issues involved with securing 5G networks. They recommend that both businesses and government should be involved in reviewing how to mitigate 5G cybersecurity threats, and specifically evaluate what the government’s role should be in addressing this issue.

“The time to address these vulnerabilities is now, before we become dependent on insecure 5G services with no plan on how we sustain cyber readiness for the larger 5G ecosystem,” the authors wrote.  

Should 5G networks not be secured against cyberattacks, and allowed to remain insecure, Wheeler warned that the effects could be disastrous. 

“We are about to launch the definitive network for the 21st century, and if we aren’t being proactive in how we think about cyber, we will reap the consequences,” Wheeler told The Hill.