5G has military promise but security concerns are still being untangled

5G offers a number of promising defense applications, particularly when it comes to training on modernized ranges, but security standards still need to be worked out to get the right authorities to operate. 

Neal Ziring, technical director for the National Security Agency, said that using  5G for military and national security applications requires interoperable and secure standards and policies because they will define how capabilities work together. 

“In my mind, the critical aspect will not be 5G itself – and that’s going to be important – but understanding how we integrate with it. So if the standards can have security in them, which they’re starting to have…we can ask the carriers from whom we procure commercial service or commercially operated private service [to] turn on those security features,” Ziring said at an AFCEA DC event March 9. 

“How do we integrate our services, whether it's tactical services or facilities services or training services, to ride over that network in such a way that we know what security guarantees the 5G network itself provides to us and which ones we have to provide as an application service that sits on top?” he asked.

Ziring said that would be a crucial question to answer when providing real-time services to a mobile, edge computing environment, which isn’t well standardized yet: “They’re all very virtualized and containerized; that’s an area that’s still a challenge in some quarters for [an authority to operate] at all.” 

Ziring said the NSA is working with the services and the Defense Information Systems Agency to work out specifications and policy that everyone can use instead of coming up with their own. 

“We’re looking forward to doing that, but it’s going to be a lot of work over the next two, three years to get to that point,” he said.

One of the concepts the NSA is exploring, he said, is the idea of network slicing in which service providers set up independent logical networks across 5G infrastructure, which will be crucial for defense applications of the technology. 

This means that certain devices (or vehicles) and their authorized users would be designated for a particular network slice with the needed security protections. NSA is working on what the security should be for these slices and the integration risks between cloud and 5G infrastructures. 

“5G is already being deployed; we’re already having pilots. But I think it’s going to be very important to share security practices and experience as we start rolling these out,”  Ziring said. 

It’s critical that we don’t keep that secret to ourselves, that we share that so we all improve,” he said.