The Cybersecurity and Infrastructure Security Agency (CISA) today released its strategy to “ensure the security and resilience of 5G technology” in the United States.
“The promise of 5G is undeniable, but with 5G technology poised to underpin a wide range of critical infrastructure functions, it’s vital that we manage these risks adequately and promote a trusted ecosystem of 5G componentry,” CISA Director Chris Krebs said in a statement. “CISA is committed to working with partners to build a resilient 5G infrastructure, and this strategy identifies a roadmap of how we will bring stakeholders together to achieve this.”
The strategy is intended to advance the development and deployment of a secure and resilient 5G infrastructure. CISA said the 5G infrastructure it envisions should “promote national security, data integrity, technological innovation, and economic opportunity for the United States and its allied partners.”
CISA identified five strategic initiatives that align with lines of effort defined in the National Strategy to Secure 5G, which was released in March of this year.
The strategic initiatives are:
- Support 5G policy and standards development by emphasizing security and resilience.
- Expand situational awareness of 5G supply chain risks and promote security measures.
- Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
- Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
- Analyze potential 5G use cases and share information on risk management.
The strategy further identifies three core competencies – risk management, stakeholder engagement, and technical assistance – which guide CISA in ensuring that there are policy, legal, security, and safety frameworks in place to “fully leverage 5G technology while managing its significant risks.”
As a complement to its full strategy, CISA also released a 5G Basics Infographic, which is designed to educate stakeholders on challenges and risks associated with 5G. In a statement, CISA said that it intends to work the critical infrastructure community to publish sector-specific 5G risk profiles in the coming months.