The Department of Homeland Security has established a working group within its cyber operations directorate dedicated to managing risks stemming from the adoption of fifth-generation wireless technology, including those posed by telecommunications equipment supplied by Chinese manufacturers given their lack of independent from China’s national government, a department official said on Tuesday.
The working group was set up within the Cybersecurity and Infrastructure Security Agency (CISA) and it combines experts in “emergency preparedness, communications, cyber security, supply chain risk management, and infrastructure security,” Chris Krebs, director of the agency, told the Senate Judiciary Committee. He said the group also “works closely” with industry and interagency partners “on both tactical and strategic risk management efforts.”
Chinese firms such as Huawei and ZTE are among the leading suppliers of 5G technology and U.S. and other international security officials assess that these and other Chinese companies are an extension of their country’s government, which can ensure backdoors are built into the technologies for purposes such as stealing data, disrupting end services, espionage, tracking targets, and other nefarious ends.
“We are working with partners in industry to establish a common baseline understanding of 5G deployments by which we can guide risk management priorities,” Krebs told the panel, which met to review national security and other concerns of 5G technology. “As a part of this, we are taking a risk-based approach to understanding the implications of the growing global presence of Chinese telecom equipment throughout the 5G technology stack.”
U.S. telecommunications carriers have pledged not to build out their 5G networks using Chinese technology. Other key 5G providers are based in Finland, Sweden and South Korea.
Krebs was joined at the witness table by a State Department official who highlighted some of China’s bad behavior on the cyber front.
“Last December, the United States announced that since at least 2014, Chinese cyber actors associated with the Chinese Ministry of State Security hacked multiple U.S. and global managed service and cloud providers,” Robert Strayer, deputy assistant secretary for Cyber and International Communications’ and Information Policy, said in his written statement. “These cyber intrusions allowed China to compromise the networks of the providers’ clients, including global companies located in at least 12 countries. Countries should not allow 5G to be another vector for China to steal their intellectual property.”
In addition to the 5G working group within CISA, the agency also has stood up a public-private task force within its National Risk Management Center focused on identifying supply chain risks within the information and communications technology sector, including risks presented by 5G, Krebs said in his written remarks.
In April, DHS began soliciting proposals from vendors on ways to bolster the security of 5G networks.
5G networks will offer greater bandwidth, speed, capacity and lower latency than current 4G networks, enabling greater leaps in other technologies such as autonomous vehicles, telemedicine and smart electricity grids.