5G-Focused Legislation Aims to Improve Security in Military Telecom Infrastructure

Bipartisan legislation introduced Thursday would direct the Defense Department to pursue calculated moves to refine and secure fifth-generation information and communications technology across its military enterprise.

The DoD 5G Act, crafted by Reps. Rick Larsen, D-Wash., and Mike Gallagher, R-Wisc., calls for the creation of a comprehensive telecommunications security program, spearheaded by the defense secretary, to uncover and diminish vulnerabilities within the department’s systems and infrastructure.

“With the promise of 5G also comes greater risk,” Gallagher said in an announcement unveiling the legislation. “As the Pentagon develops advanced telecommunications capabilities, it should set a clear standard and expectation across the federal government for security and resiliency, from the supply chain on up.”

Outlined in the bill are six specific efforts the agency would be expected to carry out under the secretary’s direction through the security program. They include establishing a means to “clearly and authoritatively” communicate about foreign threats to the agency’s networks and unleashing “independent red-team security analysis” honing in on the department’s multitudes of systems, subsystems, devices and components.

In implementing the program, the secretary and involved officials would also be expected to authenticate the integrity of individuals who support the design fabrication, integration, configuration, documentation and beyond, of noncommercial 5G technology the Pentagon leverages and validate the “efficacy of the physical security measures used” where 5G-focused efforts occur. Under the legislation, Defense’s chief information officer would be mandated to use moderate or high cloud standard baselines, designated by the Federal Risk and Authorization Management Program, or FedRAMP, to evaluate the capabilities of the department’s 5G core services providers. The  Defense Information Systems Agency and U.S. Cyber Command would also be expected to create a means for the “continuous, independent monitoring of packet streams for 5G data on frequencies” to substantiate the “availability, confidentiality, and integrity” for the department’s communications systems. 

Defense would need to submit a plan to Congress highlighting its plan to implement the security program within 90 days of the bill being passed. Within 180 days, the agency would need to turn over a detailed assessment of its findings, recommendations regarding how to mitigate threats and vulnerabilities within its telecom infrastructure going forward and an explanation of how those recommendations will be applied. 

The legislation comes as multiple federal agencies are launching efforts to explore 5G’s potential, including Defense, which in early June unveiled seven new testbeds where it’s strategically experimenting with 5G installations. The department released its own 5G strategy in May, following the Trump administration’s launch of a national strategy for 5G security in March. Defense’s strategy, similar to this new legislation, directs the Pentagon to “conduct security assessments to discover, assess, and mitigate 5G vulnerabilities.”

Larsen and Gallagher also revealed in their announcement that the DoD 5G Act incorporates several recommendations that were made in a June 2019 report from Defense Science Board Quick Task Force, which described the ways in which the Pentagon should approach 5G adoption. 

“As the U.S. continues to invest in disruptive new technologies, such as 5G, it is critical [Defense] identify risks and vulnerabilities in its telecommunications infrastructure,” Larsen, who is also a senior member of the House Armed Services Committee, said. “The [bill] ensures the [agency] assesses and mitigates these risks as the department moves forward with implementation of 5G technology.”

The bill was referred to the House Armed Services Committee.