A bipartisan pair of lawmakers introduced legislation June 18 that would direct the Department of Defense to implement several measures to improve 5G security.
Reps. Rick Larsen, D-Wash., and Rep. Mike Gallagher, R-Wisc., introduced the DoD 5G Act, which would direct the Pentagon to take several measures to identify and remediate known vulnerabilities in the department’s telecommunications infrastructure.
“As the U.S. continues to invest in disruptive new technologies, such as 5G, it is critical the Department of Defense identify risks and vulnerabilities in its telecommunications infrastructure,” said Larsen, a member of the House Armed Services Committee. “The DoD 5G Act ensures the DoD assesses and mitigates these risks as the department moves forward with implementation of 5G technology.”
Under the legislation, the defense secretary would have to “develop a capability to communicate clearly and authoritatively about threats by foreign actors” to the DoD telecommunications infrastructure. The Pentagon would also have to conduct red team security testing on “systems, subsystems, devices, and components” departmentwide.
Several requirements stem from a June 2019 report on DoD 5G networks from the Defense Science Board. That report listed 10 key recommendations on a broad range of 5G issues for the department, ranging from security to quick deployment of specific 5G waveforms.
The bill also would require Cyber Command and the Defense Information Systems Agency to monitor DoD networks for 5G data and ensure the “availability, confidentiality, and integrity of Department of Defense communications systems.” The DoD chief information officer’s team would also be required to use the moderate or high cloud security baselines set by the Federal Risk and Authorization Management Program — which authorizes cloud tools for use in the federal government — to assess the viability of services from 5G core service providers.
“With the promise of 5G also comes greater risk,” Gallagher, a member of the House Armed Services Committee, said in a statement. “As the Pentagon develops advanced telecommunications capabilities, it should set a clear standard and expectation across the federal government for security and resiliency, from the supply chain on up.”
The identification and mitigation of 5G technologies is included in the recently released DoD 5G strategy, which stated that the department would conduct security assessments. Earlier this month, the Senate Armed Services Committee released the summary of its version of the National Defense Authorization Act that included provisions directing the Pentagon to study the risk of allies having Chinese technology companies involved in their 5G networks.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.