Before mobile carriers can offer subscribers download speeds 10 to 100 times faster on future 5G networks, they’ll have to prove to the Federal Communications Commission the next generation of wireless networks is cyber secure.
The FCC published in the Federal Register this week proposed rules to guide wireless carriers in the deployment of 5G, approved unanimously during an agency vote in July. As Fedscoop noted Wednesday, those rules set basic cybersecurity security standards for 5G networks.
According to the rules, any carrier seeking licenses for high-band 5G spectrum “is required to submit to the commission a statement describing its network security plans and related information, which shall be signed by a senior executive within the licensee’s organization with personal knowledge of the security plans and practices within the licensee’s organization.”
The plan must include “a high-level, general description” of how the carrier will safeguard on-demand network availability and subscriber data from unauthorized access, disclosure, modification or destruction across virtually the entire network; from handsets to networks, devices inside the network to each other, the carrier’s network to another carrier’s network, and handset to handset “with respect to telephone voice and messaging services.”
Carriers must also detail their “anticipated approach to assessing and mitigating cyber risk induced by the presence of multiple participants in the band” and “cybersecurity standards and practices to be employed, whether industry-recognized or related to some other identifiable approach.”
Competing 5G providers will have to demonstrate they can coordinate their cybersecurity efforts by safeguarding the communications of mobile devices not even under their control. The agency also wants to see providers work with the cybersecurity industry at large, incorporate automated threat-detection systems and share data about threats with each other, saying plans “should include comment on machine-to-machine threat information sharing.”
Carriers will have three years after acquiring their 5G licenses to detail their plans, which must be submitted no later than six months before they plan to deploy their networks to the public. Those seeking to comment on the rules will have until Sept. 30, with reply comments due on Halloween.
The proposed standards come almost two weeks after FCC Chairman Tom Wheeler said that ongoing, cybersecurity will be one of the first regulatory considerations in the next generation of networks.
“That’s why, in our new 5G rules we have – for the first time – required that new network design must deal with cyber from the outset,” Wheeler said in a speech at an Aspen Institute policy conference. “In this new network that will drive the 21st century, cybersecurity will be a forethought, not an afterthought.”
Wheeler said the FCC would avoid issuing specific regulations “thus allowing the technology to evolve as rapidly as possible … while maintaining the ability to step in with regulation if necessary.”
The agency’s rules were built on the cybersecurity framework set down by the National Institute of Standards and Technology — the same guidelines federal agencies and commercial companies look to for establishing best practices in information security.