Home / Blogs

One More Trump 5G Minefield

As the saying goes, it's not over until it's over. So, it wasn't surprising that Trump's minions just got one last 5G minefield out the door. On 15 January, his followers at Dept. of Commerce's NTIA published the "National Strategy to Secure 5G Implementation Plan”. The 40-page document consists of a fairly standard Washington policy playbook of 18 activities with six annexes that "details how the United States along with like-minded countries will lead global development, deployment, and management of secure and reliable 5G infrastructure." The underlying objective, however, is to attempt to cement in place Trump's 5G Executive Orders, policies, and largesse to supporters as much as possible to impede the incoming Biden Administration development of its own 5G strategies, policies, and initiatives.

Like most Washington playbooks, the NTIA Plan proses a standard set of steps largely devoid of substance but designed to ensure Trump's objectives via the 18 activities. The devil is in the details, which include the attempted allocation of power and funds among Federal agencies. The Implementation Plan does not fail in this regard by allocating "lead roles" with "supporting entities" and specified "outcomes" among 35 different Federal agencies. Not surprisingly, the plan allocates some key roles and power to the Dept. of Commerce itself.

OSTP 1.1: Research, development, and testing to reach and maintain United States leadership in secure 5G and beyond

DOC/NTIA 1.2: Identify incentives and options to leverage trusted international partner and domestic suppliers

CISA 2.1: Risk evaluation of domestic and international suppliers

CISA 2.2: Assess threats, vulnerabilities, and risks to 5G infrastructure and supply chain

ODNI 2.3: Identify security gaps and threats to United States and strategic partners' supply chains

DHS 2.4: Assessment of global competitiveness and (economic) vulnerabilities of United States manufacturers / suppliers

DHS 2.5: Identify/develop/apply security principles for 5G infrastructure in the United States

EOP/NEC 3.1: Identify incentives and policies to close security gaps

EOP/NEC 3.2: Identify incentives and policies to ensure United States industrial base economic viability

CISA 3.3: Address the risk of 'High-Risk' vendors in United States 5G infrastructure (forward looking)

DOC 3.4: Private sector engagement on 5G security

GSA 3.5: Establish acquisition processes to facilitate 5G infrastructure for classified information requirements

State 4.1: Diplomatic engagement plan for risk mitigation, standards, and security principles

State 4.2: Provide Technical Assistance to International Partners

State 4.3: Mitigating the security risk from untrusted equipment in international partners' systems

DOC/NIST 4.4: Promote United States leadership in international standards development for 5G, including through private sector and international engagement

OSTP 4.5: Joint testing environments with international partners

DOC/ITA & NTIA 4.6: Policies and strategies for global market competitiveness and diversity of secure 5G infrastructure

While these are not unreasonable activities, there are several fundamental problems. One is found at the outset of the plan, i.e., it hypes 5G and describes it entirely in terms of wireless technology. In other words, it fails to understand what is encompassed by "5G" — not recognizing that it is also preponderantly non-radio based and that its most important attribute is virtualisation of component architectures, services, and devices.

Another fundamental problem is the utter lack of understanding of security and ridiculous assertions such as "we cannot ensure the security of 5G networks if untrusted equipment or software is allowed to control any part of the network, including the radio access network (RAN). That is an utterly absurd and unattainable outcome in the real world — and inserted to further Trumpian xenophobic, build-the-wall views of the world.

Still, another problem is the sheer arrogance being displayed. The reality here is that an enormously complex and highly technical global ecosystem of industry collaboration has been ongoing for years among hundreds of industry players to develop the requirements, work items, and thousands of specifications for every part of the 5G ecosystem, including its security. Outside of a handful of people in a few Federal agencies largely observing some of the work, there has been essentially no engagement in much of anything by the U.S. government. Furthermore, none of these agencies except NSA even begins to have the expertise to analyse and engage in the work or are likely able to hire the necessary experts from the private sector.

It is ludicrous to think that a gaggle of 35 different Federal agencies under the leadership of eight of them will step into the huge ongoing fast-paced global 5G industry ecosystem, assert the U.S. government is now here, and take over. To emulate the famous Clint Eastwood quote, "a country has got to know its limitations." The NTIA plan is a recipe for a chaotic 5G clown show among 35 Federal agencies that will hobble existing U.S. industry engagement in these activities and competitiveness in the global information economy.

One of the more bizarre tidbits in the NTIA 5G Plan is something called the "Open Security Framework." You can see it on page 21. It is pitched as some kind of nirvana - a linchpin for "ensuring the security of 5G and beyond infrastructure and services." However, it is never explained nor discussed anywhere else in the document. If you do a Google search, the phrase appears nowhere except randomly in a few old academic publications and the infamous companion NTIA 5G scheme recently released to raid DOD resources. Also included in the NTIA Plan is reference to a "new Manufacturing USA Institute for Secure 5G and Beyond Development" — which seems to exist nowhere else and designed to further Trump's rapidly sidelined scheme to create a government PTT — like 5G infrastructure to benefit special interests.

Ultimately, all of this Trump 5G mishegoss will end up in the lap of Anne Neuberger in two days — Biden's eminently competent new cybersecurity chief on the National Security Council. Fortunately, she has the expertise, assets, and common sense to clear the Trump minefields and create de novo a rational 5G strategy and activities grounded in the real world.

By Anthony Rutkowski, Principal, Netmagic Associates LLC – The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

IPv4 Markets

Sponsored byIPXO

Brand Protection

Sponsored byAppdetex

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Management

Sponsored byMarkMonitor

Domain Names

Sponsored byVerisign