The latest version of the FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) held its first meeting to outline the federal advisory committee’s priorities. They focus on 5G network security, along with technologies like open RAN and virtualization.
FCC Acting Chairwoman Jessica Rosenworcel recently reestablished CSRIC in its eighth iteration, and this time is bringing in more participation from additional government partners as well as public interest groups, alongside industry stakeholders.
Co-chairing CSRIC VIII are Billy Bob Brown Jr., executive assistant director for emergency communications for the Cybersecurity and Infrastructure Security Agency (CISA) under the Department of Homeland Security, and Verizon Chief Information Security Officer Nasrin Rezai.
In opening remarks at Wednesday’s meeting, Rosenworcel pointed to a number of large recent breaches, including KPN, a wireless carrier in the Netherlands, that discovered calls of 6.5 million subscribers may have been susceptible to monitoring because of insecure network equipment. She also cited the SolarWinds breach, as well as last month when “a hacker stole data on more than 50 million customers from a nationwide wireless carrier.”
T-Mobile was hit with a customer data breach in August that affected more than 50 million people, after a hacker compromised servers.
“The truth is that every day in our connected digital life there are too many cyber events that have the potential to harm the safety and well-being of people and businesses across the country. And no entity is immune from this threat – whether large or small, public or private, prepared or unprepared,” Rosenworcel said.
Network security is particularly important in the transition to 5G, as networks will connect countless more devices and things, she added.
The chairwoman also cited the importance of CISA co-chairing the security council.
“CISA leads the coordinated national effort to enhance the security, resiliency, and reliability of our cybersecurity and communications infrastructure. And earlier this year, CISA co-authored a leading report on potential threat vectors to 5G infrastructure,” Rosenworcel said. “Their partnership here will help ensure a unity of effort between those responsible for protecting the country and those who own and operate the infrastructure that is so critical to that mission.”
At Wednesday’s meeting Verizon’s Rezai said there are several challenges that industry and government are all faced with. And that while technology can digitally transform lives, “that digital transformation has also come with a set of security challenges in our ability to defend and protect.”
CSRIC VIII Will focus on and examine vulnerabilities, security, and reliability, issues, which Rezai said need public and private partnership to create solutions for an ecosystem.
Brown echoed the need for cooperation.
“It really does take a constellation of partners all working together to achieve security and resilience for the nation,” Brown said during introductory remarks.
Rezai outlined six working groups for CSRIC and respective co-chairs:
- Working group 1: Focused on 5G signaling for call security, led by AT&T’s Brian Daly and Oracle’s Travis Russel.
- Working group 2: Promoting security, reliability and interoperability of open RAN equipment with co-chairs from Mavenir and the Rural Wireless Association. CSRIC will provide recommendations to advance the above stated goals and explore what new efforts can be taken to ensure secure-RAN deployments.
- Working group 3: Leveraging virtualization technology to promote secure reliable 5G networks, co-chaired by Microsoft and Dell. The working group will focus on recommendations for how vendor agnostic horizontal stack solutions for 5G can be promoted to foster a diverse, competitive and more secure 5G environment despite a wider attack surface presented.
- Working group 4: 911 service over Wi-Fi, co-chaired by Intrado and APCO. This group will explore public safety benefits, technical feasibility and cost of options for making Wi-Fi access points and unlicensed spectrum available to the public to facilitate access to 911 services, potentially as a complement to IP-based next-gen 911 environments – primary objective is on security issues.
- Working group 5: Managing software and cloud services supply chain security for communications infrastructure to help develop a mitigation strategy, chaired by VMware.
- Working Group 6: Leveraging mobile device applications and firmware to enhance wireless emergency alerts, which will be co-chaired by Qualcomm and Harris County office of Homeland Security Management.