National strategy to secure 5G infrastructure – is 5G infrastructure safe from EMI/EMP attacks?
by Hyeonji Choi, Global Resilience Institute
Adoption and penetration of the 5G technologies are still in its infancy in the U.S. since the initial rollout in 2018. This supposedly life-changing new telecommunications technology is expected to be “faster and able to handle more connected devices than the existing 4G LTE network.” Despite the flashy commercials and advertisements on the nationwide deployment of 5G networks by major telecommunication companies, critics say it might be another few years until the entire country operates on 5G networks. In order for 5G to find its place as a new norm in the U.S. telecommunications industry, it’s not just the service providers that need to respond. Other stakeholders including, but not limited to, the Federal and regional government entities and consumers need to be proactive in adopting this new technology. In fact, the U.S. telecommunications giants – such as T-Mobile, AT&T, and Verizon – are still in the process of improving coverage and quality of their 5G networks. Simultaneously, if consumers don’t invest in high technology 5G compatible mobile devices, the now-being-established 5G networks are not as meaningful for those without a next-generation phone. Not only are there not many 5G compatible mobile devices available in the market as of now, but the ones that do exist are not affordable, just to take advantage of the 5G network. In reality, many of us are locked in with our current device for a while as we sign the device financing plan with our carrier every two years.
A similar story goes for the 5G related policy landscape in the U.S., especially when it comes to concerns revolving around national security. While the potential is great, there are many risk factors that are yet to be fully identified. This also means that there lacks protocols and policies in place to protect the 5G technology infrastructure itself and all the data being transmitted through 5G networks. In order to address this gap between technologies and policies, the White House released its National Strategy to Secure 5G recently in March 2020. The document acknowledges the risks and vulnerabilities that deploying 5G will accompany. The document outlines the current administration’s plans to ensure successful rollout of 5G, and there is plenty of homework to do for the key stakeholders.
The document lists the following four lines of effort:
Facilitate domestic 5G rollout through collaboration with private sector
Define core security principles of 5G infrastructure by identifying and characterizing economic, national security, and other risks posed by cyber threats and evaluate each risk.
Address risks to U.S. economic and national security during development and deployment of 5G infrastructure worldwide through managing supply chain risks and high-risk vendors
Promote responsible global development and deployment of 5G in collaboration with like-minded countries to promote the availability of secure and reliable equipment and services
A point reiterated throughout the announcement is the need to identify risks and develop standard protocols to protect the nation’s 5G infrastructure. One of the understudied threats that can compromise the critical telecommunications infrastructure is Electromagnetic Pulse (EMP) attacks. An EMP attack describes a scenario in which a burst of electromagnetic energy damages electronic equipment. As part of the Global Resilience Institute’s effort to contribute to strengthening the national security and economy, we’ve been researching the possible adverse impact of EMP attacks on the nation’s critical infrastructure. With a grant awarded by the Smith Richardson Foundation, GRI and our research partners successfully validated the vulnerability of key representative electronic equipment against possible civilian-orchestrated EMP attacks. All of the electronic components we tested that are vital to the U.S. critical infrastructure are proved to be far more sensitive than we expected. In fact, a small 4lbs EMP/EMI emitter was capable of resetting and/or partially damaging the tested electronics at extremely low voltage levels. Such finding further emphasizes the need for our nation to recognize the threats of civilian-orchestrated, small-scale EMP/EMI attacks and develop protocols and policies to mitigate possible disruptions.
Securing the 5G infrastructure is critical because of the sheer volume of data that could be compromised, but also for that fact that it will support many other vital critical infrastructure to the nation’s public health and safety, as well as economic and national security.