Page:The 5G Ecosystem Risks & Opportunities for DoD.pdf/31

 *Sharing parts of the sub-6 spectrum will certainly help the U.S. 5G effort, but gaining a competitive edge over China would require action at a rate and magnitude previously unseen within DoD. For this reason, it is probable that most of the world outside of the United States will adopt a sub-6 5G solution, forcing DoD to operate on a “post-Western” wireless ecosystem. In this event, DoD should assume that all network infrastructure will ultimately become vulnerable to cyber-attack from both an encryption and resiliency standpoint.
 * DoD must adopt a “zero-trust” network model. Perimeter defense models have been proven to be ineffective, and 5G will only exacerbate this problem as more systems are linked into a common network. Information access should no longer be granted simply through attachment to a specific network, and instead should be granted through various security checks within the network. DoD should also plan to move to quantum-resistant key exchange mechanisms to deal with the eventual fall of public key exchange algorithms, particularly given China’s investments in quantum computing.
 * While “zero-trust” networks can protect context exchange through cryptography, these exchanges will still be subject to traffic analysis and detection of surges in network utilization. DoD should work to keep large amounts of data flowing on a constant basis so that increases in operational tempo will not be noticed.
 * In addition to these security precautions, DoD must brace for cyber-attack and penetration by improving resiliency and building in layers of redundancy throughout its networks to ensure uninterrupted connectivity.
 * DoD will need to consider options for defending against a compromised supply chain, where Chinese semiconductor components and chipsets are embedded across multiple systems. DoD should invest in R&D to study the impact of compartmentalizing systems to limit an attacker’s ability to move laterally into other systems. This will come with performance costs, and DoD must find the line where it can balance baseline capability with security.
 * DoD should advocate for aggressive protection of U.S. technology intellectual property rights (IPR) in an effort to slow down China’s telecommunications ecosystem expansion. The United States should leverage export controls to slow the rate of market loss for Western vendors, even if it may increase the pace at which China becomes self-sufficient.
 * DoD will increasingly be driven to operate on shared commercial networks without their own bespoke infrastructure (as in the case of nuclear C3). DoD must analyze the risks and benefits associated with that shift, and adjust its concept of operations to account for it.
 * *For a more detailed assessment of 5G impact on nuclear C3, see Classified Annex.

DIB 5G Study
 * DoD needs to consider the broader implications of a compromised supply chain, such as risk to personal devices and information that can be derived from activity on those