5gWith the advent of 5G will come new security issues, which in turn will raise new policy issues, explained a panel of 5G security policy experts on a webinar organized by AT&T yesterday. Participants in the webinar, titled “Promoting Standards and Security for Next-Generation 5G Mobile Networks,” included executives from AT&T and Nokia, as well as a government agency and a wireless carrier association.

5G Security Policy Issues
New security issues related to 5G have a range of sources, including greater reliance on open source software and greater use of wireless networks to support Internet of Things (IoT) applications. In addition, new issues will arise from new real-time applications such as augmented and virtual reality or the connected car that will rely on the lower latency of 5G networks.

With regard to open source security issues, Vice President of AT&T’s Chief Security Office Rita Marty advocated a badging system such as what has been implemented for the Open Network Automation Platform (ONAP) initiative. Those who contribute code would be audited and would get a badge to confirm their software meets requirements.

“It’s a way to quantify the maturity of the code,” commented Marty.

Accountability of code will also be critical, she said. Developers should keep track of those who contributed to open source software so that those people can be kept up to date with regard to patches.

Knowing “what the threat surface looks like” will also be critical in an open source environment, observed Jeffrey Cichonski, information security engineer for the National Institute of Standards and Technology (NIST).

AT&T Assistant Vice President of Global Public Policy Christopher Boyer sees the U.S. government playing a key role with regard to Internet of Things security issues. He pointed to the example of the NIST Cybersecurity Framework, which was created by a range of stakeholders at the government’s urging with the goal of establishing cybersecurity best practices for enterprises.

Rapid Response Needed
The low latency of 5G networks is expected to give a boost to real-time applications such as augmented and virtual reality and the connected car, but those real-time applications also will require a faster response to security issues that may arise.

When rapid response is required, “the ability to collaborate and share information becomes more critical,” commented John Marinho, vice president of technology and cybersecurity for CTIA – The Wireless Association.

“You need collaboration between the private sector and government,” he continued.

Marinho pointed to the Department of Homeland Security as a good example of government coordinating a rapid response among multiple parties.

The industry also is looking at artificial intelligence and machine learning as a means of enhancing the ability to rapidly respond to security issues, noted Brian Hendricks, Nokia head of technology policy and government relations for the America. Another possibility that is being explored is to use Blockchain to create additional layers of security, he said.

The key takeaway from the webinar seemed to be that government and industry must collaborate to address 5G security issues. And according to Cichonski, the government has a mandate to do just that. Legislation adopted in 1998 requires federal agencies to consult with industry in adopting policies that impact industry, he noted.

Marinho suggested government could do more, however. He noted, for example, that the government could be represented on more forums and that it could share more information with the private sector.