CISA Takes on Security Challenges with 5G
The agency provides a look at how the risks with 5G impact supply chain and uncover new vulnerabilities.

As federal agencies prepare their infrastructure for anticipated 5G capabilities, these modernization efforts elicit the need for enhanced security. The Cybersecurity and Infrastructure Security Agency (CISA) is uniquely positioned to address these needs.
The Federal Mobility Group (FMG), led by Department of Justice CISO Nick Ward, is heading up secure adoption of 5G technology throughout the federal register. The group released a white paper in November 2020, the Framework to Conduct 5G Testing, to address potential security concerns and challenges with 5G and the 5G supply chain.
The framework focuses on end-to-end testing of 5G architecture and mapping according to 3GPP standards, listing all possible testing use elements for different use cases, and performance and security metrics, according to the white paper.
Serena Reynolds, a member of the group and the 5G Program Lead at CISA, said CISAโs plan to secure 5G dovetails with the FMGโs framework.
โCISA released our 5G Strategy โฆ and thatโs really based on three areas: risk management, risk characterization and working with industry through a group called the enduring security framework, and technical assistance, [which is] walking through scenarios like network security standards, supply chain, and really dig deep [to] look at threat, risk, mitigation,โ she told GovernmentCIO Media & Research in an interview. โIt was really great to have industry in the room to validate what we were hearing from the federal world.โ
Reynolds said a lot of countries adopting 5G struggle with resilience, something CISA hopes to tackle. CISA is working on expanding awareness about the 5G supply chain and ICT supply chain and the inherent security risks.
โI think one of the big challenges we heard even within our state and local workshops is the lack of someone to communicate clearly about the risks without selling a product or service,โ Reynolds said, adding that she hopes CISA will fill this role and encourage innovation in the market. โWith limited competition in the marketplace, figuring out what those economic levers are, tax incentivization programs, financing, grants, trying to figure out what are some of those areas to help share info on what are those economic levers. A lot of that is run through our security.โ
Federal agencies and private industry alike see 5G as an exciting new technology glimmering with possibilities, but they need to collaborate on best security practices before jumping in.
โWe think the most significant use cases are going to come from when 5G works in that ultra-low latency use case for tele-surgery, autonomous vehicles, and transfer of critical data between internet exchange data centers without any sort of latency that limits productivity,โ Reynolds said. โWeโve seen with the pandemic, critical communications is extremely key with telehealth. 5G can support a lot of those public health and safety use cases, mostly because thereโs not going to be that latency issue and critical operations will have capacity. [5G will] support medical IOT devices as well.โ
Like so much of CISAโs work, 5G and ICT supply chain cyber risk are intertwined. Reynolds said sheโs been working with CISAโs ICT Supply Chain Risk Management (SCRM) Task Force to educate federal agencies and private companies on the overlapping issues.
โWith any emerging technology thereโs a lot of risk,โ she said. โWe know it can be done through a lot of ways, through a supply chain attack or a white labeling, but we know thatโs going to increase the ability for adversaries to compromise the integrity and ability of 5G. These are also smaller and mid-sized companies that are going to see a lot of the risk there.โ
As far as risks go, Reynolds thinks software vulnerabilities will be the biggest threat to 5G integrity. Some of 5Gโs most desirable capabilities, like network slicing and edge computing, are highly dependent on software and software assurance.
The influx of software updates and repairs creates more cyber vulnerabilities, and could raise costs for organizations seeking to secure their 5G infrastructure.
โThe proper software security piece is going to be extremely important with 5G, probably more so than any other generation,โ Reynolds said. โNetwork slicing allows users to be authenticated for only one network area, and thatโs information on one slice that canโt be accessed by another slice even if theyโre sharing information on the same infrastructure. The slices can add complexity to the network and make it a little more difficult to manage. Thereโs not really any real protocol for how network operators should develop and implement security for network slicing. So how do we partner with standards bodies and private companies and have those conversations on the front end?โ
Addressing these issues and preparing the federal register and private industry for 5G requires consistent interagency and cross-industry communication, education and awareness.
โIโd say stakeholder engagement and being able to bang the drum around the interagency work and stakeholder engagement is going to be a good mechanism [for securing 5G],โ Reynolds said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Inside DODโs Push to Grow the Cyber Workforce Through Academia
Diba Hadi gives her first interview since becoming principal director of the DODโs Cyber Academic Engagement Office.
15m listen -
Agencies Tackle Infrastructure Challenges to Drive AI Adoption
Federal agencies are rethinking data strategies and IT modernization to drive mission impact and operational efficiency as new presidential directives guide next steps.
5m read Partner Content -
Generative AI Demands Federal Workforce Readiness, Officials Say
NASA and DOI outline new generative AI use cases and stress that successful AI adoption depends on strong change management.
6m read -
The Next AI Wave Requires Stronger Cyber Defenses, Data Management
IT officials warn of new vulnerabilities posed by AI as agencies continue to leverage the tech to boost operational efficiency.
5m read -
Federal CIOs Push for ROI-Focused Modernization to Advance Mission Goals
CIOs focus on return on investment, data governance and application modernization to drive mission outcomes as agencies adopt new tech tools.
4m read -
Fed Efficiency Drive Includes Code-Sharing Law, Metahumans
By reusing existing code instead of rewriting it, agencies could dramatically cut costs under the soon-to-be-enacted SHARE IT Act.
5m read -
Agencies Push Data-Driven Acquisition Reforms to Boost Efficiency
New initiatives aim to increase visibility of agency spending, improve data quality and create avenues to deploy solutions across government.
5m read -
Data Transparency Essential to Government Reform, Rep. Sessions Says
Co-Chair of the Congressional DOGE Caucus Rep. Pete Sessions calls for data sharing and partnerships to reduce waste and improve efficiency.
5m read -
DOD Turns to Skills-Based Hiring to Build Next-Gen Cyber Workforce
Mark Gorak discusses DODโs efforts to build a diverse cyber workforce, including skills-based hiring and partnerships with over 480 schools.
20m listen -
AI Foundations Driving Government Efficiency
Federal agencies are modernizing systems, managing risk and building trust to scale responsible AI and drive government efficiency.
40m watch -
Trump Executive Order Boosts HBCUs Role in Building Federal Tech Workforce
The executive order empowers HBCUs to develop tech talent pipelines and expand access to federal workforce opportunities.
3m read -
Navy Memo Maps Tech Priorities for the Future Fight
Acting CTOโs memo outlines critical investment areas, from AI and quantum to cyber and space, as part of an accelerated modernization push.
5m read