|
As the saying goes, it’s not over until it’s over. So, it wasn’t surprising that Trump’s minions just got one last 5G minefield out the door. On 15 January, his followers at Dept. of Commerce’s NTIA published the “National Strategy to Secure 5G Implementation Plan”. The 40-page document consists of a fairly standard Washington policy playbook of 18 activities with six annexes that “details how the United States along with like-minded countries will lead global development, deployment, and management of secure and reliable 5G infrastructure.” The underlying objective, however, is to attempt to cement in place Trump’s 5G Executive Orders, policies, and largesse to supporters as much as possible to impede the incoming Biden Administration development of its own 5G strategies, policies, and initiatives.
Like most Washington playbooks, the NTIA Plan proses a standard set of steps largely devoid of substance but designed to ensure Trump’s objectives via the 18 activities. The devil is in the details, which include the attempted allocation of power and funds among Federal agencies. The Implementation Plan does not fail in this regard by allocating “lead roles” with “supporting entities” and specified “outcomes” among 35 different Federal agencies. Not surprisingly, the plan allocates some key roles and power to the Dept. of Commerce itself.
OSTP 1.1: Research, development, and testing to reach and maintain United States leadership in secure 5G and beyond
DOC/NTIA 1.2: Identify incentives and options to leverage trusted international partner and domestic suppliers
CISA 2.1: Risk evaluation of domestic and international suppliers
CISA 2.2: Assess threats, vulnerabilities, and risks to 5G infrastructure and supply chain
ODNI 2.3: Identify security gaps and threats to United States and strategic partners’ supply chains
DHS 2.4: Assessment of global competitiveness and (economic) vulnerabilities of United States manufacturers / suppliers
DHS 2.5: Identify/develop/apply security principles for 5G infrastructure in the United States
EOP/NEC 3.1: Identify incentives and policies to close security gaps
EOP/NEC 3.2: Identify incentives and policies to ensure United States industrial base economic viability
CISA 3.3: Address the risk of ‘High-Risk’ vendors in United States 5G infrastructure (forward looking)
DOC 3.4: Private sector engagement on 5G security
GSA 3.5: Establish acquisition processes to facilitate 5G infrastructure for classified information requirements
State 4.1: Diplomatic engagement plan for risk mitigation, standards, and security principles
State 4.2: Provide Technical Assistance to International Partners
State 4.3: Mitigating the security risk from untrusted equipment in international partners’ systems
DOC/NIST 4.4: Promote United States leadership in international standards development for 5G, including through private sector and international engagement
OSTP 4.5: Joint testing environments with international partners
DOC/ITA & NTIA 4.6: Policies and strategies for global market competitiveness and diversity of secure 5G infrastructure
While these are not unreasonable activities, there are several fundamental problems. One is found at the outset of the plan, i.e., it hypes 5G and describes it entirely in terms of wireless technology. In other words, it fails to understand what is encompassed by “5G”—not recognizing that it is also preponderantly non-radio based and that its most important attribute is virtualisation of component architectures, services, and devices.
Another fundamental problem is the utter lack of understanding of security and ridiculous assertions such as “we cannot ensure the security of 5G networks if untrusted equipment or software is allowed to control any part of the network, including the radio access network (RAN). That is an utterly absurd and unattainable outcome in the real world—and inserted to further Trumpian xenophobic, build-the-wall views of the world.
Still, another problem is the sheer arrogance being displayed. The reality here is that an enormously complex and highly technical global ecosystem of industry collaboration has been ongoing for years among hundreds of industry players to develop the requirements, work items, and thousands of specifications for every part of the 5G ecosystem, including its security. Outside of a handful of people in a few Federal agencies largely observing some of the work, there has been essentially no engagement in much of anything by the U.S. government. Furthermore, none of these agencies except NSA even begins to have the expertise to analyse and engage in the work or are likely able to hire the necessary experts from the private sector.
It is ludicrous to think that a gaggle of 35 different Federal agencies under the leadership of eight of them will step into the huge ongoing fast-paced global 5G industry ecosystem, assert the U.S. government is now here, and take over. To emulate the famous Clint Eastwood quote, “a country has got to know its limitations.” The NTIA plan is a recipe for a chaotic 5G clown show among 35 Federal agencies that will hobble existing U.S. industry engagement in these activities and competitiveness in the global information economy.
One of the more bizarre tidbits in the NTIA 5G Plan is something called the “Open Security Framework.” You can see it on page 21. It is pitched as some kind of nirvana - a linchpin for “ensuring the security of 5G and beyond infrastructure and services.” However, it is never explained nor discussed anywhere else in the document. If you do a Google search, the phrase appears nowhere except randomly in a few old academic publications and the infamous companion NTIA 5G scheme recently released to raid DOD resources. Also included in the NTIA Plan is reference to a “new Manufacturing USA Institute for Secure 5G and Beyond Development”—which seems to exist nowhere else and designed to further Trump’s rapidly sidelined scheme to create a government PTT—like 5G infrastructure to benefit special interests.
Ultimately, all of this Trump 5G mishegoss will end up in the lap of Anne Neuberger in two days—Biden’s eminently competent new cybersecurity chief on the National Security Council. Fortunately, she has the expertise, assets, and common sense to clear the Trump minefields and create de novo a rational 5G strategy and activities grounded in the real world.
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign