WASHINGTON, D.C.–Amid high anticipation for 5G capabilities and applications, the question of who is — or ought to be — responsible for ensuring security and privacy on those new networks is one that remains to be answered.
Does the federal government need to ensure the safety of U.S. citizens’ information, as it does for the country’s airspace, land and waters? Or should the responsibility continue to fall primarily on network operators, device manufacturers and end users themselves, and what incentives might nudge individuals and industry to implement more stringent — or at least minimal — security measures? How will 5G standards ensure sufficient security but still enable lawful intercept by law enforcement agencies?
In a session at the DC5G conference this week, panelists discussed some of the issues surrounding responsibility for privacy and security in future 5G networks.
Drew Morin, director of federal cyber security technology and engineering programs at T-Mobile US, said that while in 2G and 3G networks, information being carried across mobile networks was not always encrypted, that has changed in 4G and in 5G. Focusing on the work in standards bodies such as 3GPP to make 5G secure, he said that “what we’ve done in 5G is, we’ve worked in the specifications to ensure that the over-the-air part is all encrypted, as well as the handshake between the device and the tower [and into] the core of the network, that’s also encrypted all the way through,” Morin said. He went on to note that where there are interfaces between the network and application or information service providers, the laws governing privacy kick in. What the industry wants to see and work with public partners on, he said, is “consistency in any kind of guidance or regulation or legislation” governing security and privacy, rather than a patchwork of individual laws passed by states. Europe has put it own major policy changes into effect on consumer privacy under the General Data Protection Regulation, and California has since moved forward with its own state regulation.
Jill Kelley, former ambassador to U.S. coalition military forces, founder of Space-SkyFi and president, Military Diplomacy Strategies, declared that it is the responsibility of the federal government to ensure that U.S. networks are safe for users, much like U.S. travelers and visitors have passports checked to ensure that everything is in order, or that government regulates safety standards for vehicles.
“The government has to make sure that it’s done,” she said.
Watch an excerpt from the panel discussion below. Participants included, left to right: Moderator Jill Canfield, VP of legal and industry and assistant general counsel for the Rural Broadband Association; Asghar Meraj, program manager for OST; Melanie Tiano, director for cybersecurity and privacy at CTIA; Morin, director of federal cybersecurity technology and engineering programs at T-Mobile US; and Jill Kelley, former ambassador to U.S. coalition military forces, founder of Space-SkyFi and president, Military Diplomacy Strategies.