SoylentNews is people
SoylentNews
The Trump administration’s so-called “race” with China to build new fifth-generation (5G) wireless networks is speeding toward a network vulnerable to Chinese (and other) cyberattacks. So far, the Trump administration has focused on blocking Chinese companies from being a part of the network, but these efforts are far from sufficient. We cannot allow the hype about 5G to overshadow the absolute necessity that it be secure.
[...] “It is imperative that America be first in fifth-generation (5G) wireless technologies,” President Trump wrote in an October Presidential Memorandum of instructions to federal agencies. While the administration, especially the Trump Federal Communications Commission (F.C.C.), makes much of how the 5G “race” with China is a matter of national security, not enough effort is being put into the security of the network itself. Nowhere in the president’s directive, for instance, was there a word about protecting the cybersecurity of the new network.
As the President’s National Security Telecommunications Advisory Committee told him in November[pdf], “the cybersecurity threat now poses an existential threat to the future of the Nation.” Last January, the brightest technical minds in the intelligence community, working with the White House National Security Council (N.S.C.), warned of the 5G cybersecurity threat. When the proposed solutions included security through a federally-owned network backbone, the wireless industry screamed in protest. The chairman of the Trump F.C.C. quickly echoed the industry line that “the market, not government, is best positioned to drive innovation and leadership.” Government ownership may not be practicable, but the concerns in the N.S.C. report have been dismissed too readily.
Worse than ignoring the warnings, the Trump administration has repealed existing protections. Shortly after taking office, the Trump F.C.C. removed a requirement imposed by the Obama F.C.C. that the 5G technical standard must be designed from the outset to withstand cyberattacks. For the first time in history, cybersecurity was being required as a forethought in the design of a new network standard — until the Trump F.C.C. repealed it. The Trump F.C.C. also canceled a formal inquiry seeking input from the country’s best technical minds about 5G security, retracted an Obama-era F.C.C. white paper about reducing cyberthreats, and questioned whether the agency had any responsibility for the cybersecurity of the networks they are entrusted with overseeing.
The simple fact is that our wireless networks are not as secure as they could be because they weren’t designed to withstand the kinds of cyberattacks that are now common. This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern.
-- submitted from IRC
(Score: 5, Insightful) by ledow on Tuesday January 22 2019, @08:43AM (1 child)
Because anyone with half a brain assumes that ALL transport media are insecure and if they wish to speak securely they layer encryption over them, including encryption capable of verifying genuine endpoints over insecure media.
Like... everything on the Internet (which is insecure). Everything over GSM/2G/3G/4G currently. Everything over wireless. Everything over leased lines. Everything over Ethernet, even.
If you have a need for security, you don't care what the base medium is. You assume that it's hostile, that endpoints may not be who they say they are, and that an adversary is capable of receiving EVERY packet sent and received. And then using those assumptions you design encryption and cryptographic identification and verification algorithms that also work on those assumptions but can produce a secure channel over it.
This is what Diffie-Hellman and all the rest is FOR. Literally generating a shared secret over an insecure channel.
Now, given that it's a public medium, and the public has thus far tolerated GSM, 2G, 3G and 4G which - although increasingly secure, have never actually been "secure" - we can assume that 5G will be the same and the general public won't care. Despite what your average techy might think, or what might be said, the average person really doesn't care that someone "could be listening to their calls". If they didn't, they wouldn't have ever used Skype, or POTS, etc. Thus, the general public will work under the same assumption "Nobody cares about my chat about the vets to my wife, but if they had a pressing legal need to, they could intercept my calls in some way, presumably." Meanwhile anyone who NEEDS a secure channel will do what's always been done - layer encryption OVER such data / voice channels with third-party services, devices, or some other guarantee from the telecoms company, etc.
(Score: 2) by darkfeline on Thursday January 24 2019, @04:40AM
This, but going even further, the transport *shouldn't* be secure, because that security adds unnecessary overhead that you can't even rely on. You need to layer your own security on top of the transport medium period. Any security at the transport layer is wasted.
Join the SDF Public Access UNIX System today!