Lawmakers are proposing to add more than half a billion dollars to the Pentagon’s 2020 budget for cybersecurity measures, in particular asking the department to include security features enabling its weapons and information systems to safely operate on future 5G worldwide wireless networks.
Much of that future infrastructure is being developed by China and could become the global standard.
Specifically, the Senate Appropriations Committee last week recommended adding $436 million to the Defense Department’s research and development budget for its “5G-XG” program that is intended to develop cybersecurity and other safeguards for future 5G communications. The committee proposed adding another $100 million for varied other cybersecurity efforts.
Citing a Defense Innovation Board report from April, appropriators in a report accompanying their fiscal 2020 Defense spending bill said that while the United States is focused on building its 5G network using higher-end frequencies of the radio spectrum known as millimeter waves, China is leading the rest of the world in using the lower end of the spectrum, in the so-called sub 6 GHz spectrum.
That difference could leave the Pentagon’s systems vulnerable to cyberattacks when they access 5G networks outside the United States or depend on global suppliers to build the military’s 5G networks.
“The Department will need significant investment in system security and resiliency to enable operations on a network infrastructure that will be highly vulnerable to cyber-attack,” the committee report said. “The Committee believes there is an urgency to addressing these issues.”
The 5G-XG program is “intended to harness emerging information communications technologies to enhance military capabilities and potentially accelerate U.S. deployment of new commercial products and services enabled by 5G networks,” the report said. Lawmakers asked the Defense secretary to lay out a plan for spending the extra money and to report to committees on how the Pentagon is addressing the Defense Innovation Board’s recommendations.
The committee’s proposed addition to the Pentagon budget is the first acknowledgment from Congress that the divergent paths taken by the United States and China to developing 5G could expose U.S. military systems to cyberattacks.
Unlike other countries, in the United States a significant chunk of spectrum below the 6GHz frequency — a desirable mid-band part of the spectrum — is already used by federal agencies, including the Pentagon, so making broad swaths of it available for commercial use is harder.
The rest of the world doesn’t face such spectrum limits, and is pursuing 5G development in that range, according to the Defense Innovation Board.
If the U.S. 5G network is built largely using high-end bands, the “United States may ﬁnd itself without a global supply base,” because of its divergence from the practices of the rest of the world, the board’s report warned.
If development of 5G using spectrum below 6GHz becomes the global standard then it’s likely that China and Huawei Technologies, “the current leader in that space, will lead the charge,” said the report, co-authored by Milo Medin and Gilman Louie. Medin works for Google, advising on its wireless strategy. Louie is a technology venture capitalist.
The Trump administration has been waging a global push to stop close U.S. allies from adopting Huawei’s 5G technologies, but without much success. The administration also has threatened to cut off U.S. parts supplies to Huawei but has held off on those proposed restrictions while broader trade talks between Washington and Beijing are ongoing.
The Defense Innovation Board report recommended that the Pentagon and the Federal Communications Commission determine how the United States can begin using the sub-6 GHz spectrum for commercial purposes so as to develop a friendly global supplier base. The board also recommended that the Pentagon vacate some of its unused portions of that spectrum.
The Pentagon is considering those recommendations, Defense Department spokeswoman Elissa Smith told CQ Roll Call recently.
Appropriators’ recognition of the cybersecurity risks of 5G networks is significant, said Tom Wheeler, a Brookings scholar and former FCC chairman.
“It’s fascinating that Congress and Republicans in the Senate have to step up and tell the Trump administration to start moving on” the issue, Wheeler said.
Wheeler has written extensively and argued that the FCC should enforce cybersecurity measures by telecom providers as they build the country’s 5G networks, an approach recommended by the Obama administration but discarded after the Trump administration took over.
“The nature of 5G networks exacerbates the cybersecurity threat,” Wheeler and David Simpson, a professor at Virginia Tech, wrote in a recent Brookings paper. “Across the country, consumers, companies, and cities seeking to use 5G are ill-equipped to assess, let alone address, its threats.”
Secure the supply chain
Separately, the Defense Science Board, another Pentagon advisory body, also recommended steps the Pentagon ought to take to protect its future 5G-dependent networks.
“Security is a vital component of system safety,” the board recommended in a report released in June, and it urged the Pentagon to make sure the “supply chain” of defense contractors and weapons makers is also secure.
The Office of the U.S. Undersecretary of Defense for Acquisition and Sustainment, led by Ellen Lord, should “kick-off an effort to develop hardened and secure 5G technologies and infrastructure with specific attention to supply chains,” the Board said. “The DoD should increase its emphasis on system safety, recognizing that emerging use cases include mission critical applications such as industrial controls and autonomous vehicles.”
Senate appropriators also proposed boosting the Pentagon’s 2020 budget for several other cybersecurity-related programs.
Lawmakers said they would add $22 million to the National Guard’s cyber defense mission, which assists states in defending their networks. The addition is noteworthy, particularly in light of a spate of recent ransomware attacks that have taken down multiple city government networks, and the Department of Homeland Security’s efforts to aid states ahead of the 2020 elections.
The committee added another $20 million to safeguard satellite command and control systems from cyberattacks because lawmakers recognize “the vast, rapidly evolving space-based cybersecurity threat facing the U.S. and the direct threats this poses against the U.S. government, critical infrastructure components, and the general economy for security critical functions,” the report said.
Lawmakers also added about $47 million for a variety of cybersecurity education programs and scholarships across the Defense Department.
Another $10 million addition would go toward developing cybersecurity measures for the industrial control systems that are part of the Cheyenne Mountain complex, a bunker near the Peterson Air Force base in Colorado, where the U.S. Northern Command and the North American Aerospace Defense Command, or NORAD, are designed to operate even after suffering a nuclear attack.
The committee “notes the criticality of the Cheyenne Mountain Complex to U.S. national security, including ballistic missile defense operations, as well as the increasing cyber threat,” according to the report.