U.S. military must resolve widespread security threats to harden commercial 5G for the warfighterStory
October 20, 2021
By Dr. Robert Spalding, USAF Brig. Gen. (Ret.)
The deployment of 5G networks by the U.S. military will be an historic moment for today’s warfighter. From improved C5ISR [command, control, computers, communications, cyber, intelligence, surveillance, and reconnaissance] readiness and geolocation accuracy to more effective enemy engagement and perimeter defense, 5G gear will enable scalable, extremely low-latency, mobile radio platforms and an Internet of Things edge-sensor network that puts the power of real-time AI and machine learning into the hands of the combat soldier. This future state is achievable, but not without confronting a blunt reality: 5G is an open architecture designed for commercial applications and as such suffers from a great many security vulnerabilities. To build a resilient, secure, survivable 5G military communications network, we must first harden and future-proof the COTS [commercial off-the-shelf]-based hardware, software, and firmware that are the foundation of today’s civilian 5G infrastructure.
As commercial 5G service rolls out across the U.S. with the promise of 100 times greater speeds than its 4G predecessor, it’s time to examine how the U.S. military can equip the modern warfighter with an upgrade to today’s outmoded battlefield communications infrastructure.
This is no small feat. 5G was designed by an international coalition of technology companies, with heavy input from state-owned Chinese firms. As an open-source, commercial standard, 5G is riddled with potential security threats, nearly 800 of which have yet to be resolved by the governing 3GPP standards body. Moreover, the uptake of 5G by the warfighter will require the U.S. military to forego a decades-long practice of developing bespoke, incompatible radio hardware and move toward a shared, hardened communications framework.
Communications alignment is a national security imperative
The good news? The overhaul and unification of the military’s communications network is already underway in key areas.
The U.S. Department of Defense (DoD) is committed to its Joint All-Domain Command and Control (JADC2) mission, which according to the Congressional Research Service (CRS), aims to “connect sensors from all military services – Air Force, Army, Marine Corps, Navy, and Space Force – into a single network.” This alone will accelerate the speed of decision-making for the soldier and command-and-control (C2) center, which is an urgently needed component of the U.S.’s National Defense Strategy as it prepares for the emergence of Mach 5+ hypersonic weapons.
The U.S. Air Force is contributing to the JADC2 mission by developing the Advanced Battle Management System (ABMS), a C2 framework that the CRS describes as “using secure cloud environments and new communications methods to allow Air Force and Space Force systems to share data seamlessly using artificial intelligence.” In effect, this is an attempt at integrating a sensor-based Internet of Things (IoT) network that reinvents the conventional, airborne C2 structure by extending the eyes and ears of our warfighters to an intelligent edge.
Just as importantly, a unified communications topology must support the nation’s Nuclear Command and Control System (NCCS), which guides the chain of command in providing the President with information required to authorize (and prevent unauthorized) use of nuclear weapons.
Allure of 5G processing speeds tempered by inherent security risks
The military has long been eager to build a common telecommunications and computing platform that enables new software applications to be adopted at the same speed as the commercial sector – or better yet, harden Android and Apple iOS smartphones for use in the field. At best, however, today’s warfighter is relegated to using the phone’s GPS map function for geolocation, which is often more reliable than their military-issued gear.
5G is the enabling technology that will underpin the military’s digital transformation, but 5G was never designed as a native military radio waveform. This reality presents significant challenges and entails the recognition that more than 60% of what the 3GPP ratified as 4G and 5G standards were developed primarily by state-owned Chinese companies. That raises concerns relative to the influence China may have exercised over an industry standards-making body – and the number of unsecured backdoors and man-in-the-middle vulnerabilities through which classified data can be siphoned or modified.
As a point of reference, a 2019 report released by IoT cybersecurity specialist, Finite State, looked into Huawei Technologies and found that 55 percent of tested Huawei devices had at least one potential backdoor. In its summary of findings, Finite State concluded that “if you include known, remote access vulnerabilities along with possible back doors, Huawei devices appear to be at high risk of potential compromise.”
What a 5G future will look like for the warfighter
The future 5G state we should be working to realize will enable users to harness the power of AI, machine learning, and hundreds of thousands of sensors at the IoT edge. Doing so will give troops real-time intelligence and processing while providing secure battlefield computing and communications using fixed and transportable cellular towers supplemented by vehicle-mounted data center nodes. All of this can be achieved using commercial off-the-shelf (COTS) hardware, software, and firmware, as long as it’s all sufficiently hardened to ensure a secure connection to both the network and computing platform.
So, practically speaking, what would a typical 5G application look like? Let’s consider base security: A lot of what occurs on the battlefield involves establishing and maintaining a security perimeter. We can surmise that 5G-enabled communications technology will enable easy supplementation of the perimeter with field-of-motion and pressure sensors. When activated, those sensors feed into a tower-based alert system that sends out drones to investigate. The drones leverage video streaming and facial recognition, and if a threat is detected, can trigger an automated targeting system. If deployed properly, 5G will enable users to very quickly automate their field operations.
Marry the cell tower and data center node
In a commercial 5G application, a smartphone streaming data sends a signal to a nearby tower, which routes the request to a data center that may be hundreds of miles away. The data is retrieved and sent back through the tower and on to the user. That’s a large threat surface, as was seen with the May 2021 Colonial Pipeline ransomware cyberattack.
A more secure, resilient solution is to co-locate the cell tower and data center and build hundreds of them as part of a distributed, compartmentalized network. Not only does this provide better, more even coverage, but if one tower is compromised the others will continue to send and receive data. In turn, that data is wrapped in purpose-built security layers from the inside out – not as a programming afterthought – and provides the warfighter with a “zero-trust network” that includes encryption, user authentication, sandboxing, behavioral analytics, and other protective measures.
It’s this concept that led to the development of the SEMPRE Tower, which is based on the idea that a hardened, COTS-based 5G telecommunications and computing infrastructure can be adapted by the military to improve collaboration on the battlefield while maintaining a secure, resilient C5ISR [command, control, computers, communications, cyber, intelligence, surveillance, and reconnaissance] framework that can withstand a nuclear electromagnetic pulse (EMP) attack. (Figure 1.)
SEMPRE Towers are currently undergoing advanced field trials with the DoD, Air Force, and Army. As the trials progress, the goal is to reimagine battlefield communications by equipping the warfighter with a data gateway – and a data sentry – that securely and seamlessly connects them across different military branches with the performance, flexibility, and ease-of-use of a commercial smartphone.
U.S. Air Force Brigadier General (Ret.) Dr. Robert Spalding is the founder and CEO of SEMPRE, a technology company committed to securing critical U.S. infrastructure. Prior to his role at SEMPRE, Gen. Spalding served in senior positions of strategy and diplomacy within the Defense Dept. and State Dept. for more than 26 years. He was the chief architect of the Trump administration’s National Security Strategy (NSS) and served as the Senior Director for Strategy to the president at the National Security Council.