The Cybersecurity and Infrastructure Security Agency (CISA) is asking researchers and entrepreneurs for information on developing a ubiquitous and robust 5G/ Internet-of-Things (IoT) Situational Awareness System (5i SAS). The system must enhance situational awareness of current platforms and identify potentially dangerous 5G components and internet-of-things devices.
Without a way to distinguish normal 5G and IoT conditions from suspicious environments, exploits on personnel or systems could go undetected and cyberattacks would be untraceable. As the introduction of 5G will enable billions of devices connected to the network with direct communication to one another, the development of a 5i SAS capability essential
For example, modified 5G smartphones could serve as 5i SAS devices because they are common in populated areas and already outfitted with a variety of sensors that could detect anomalous activity, such as irregular heartbeats, gunshots or explosions, extreme heat or changes in acceleration.
5G-enabled devices could also be enlisted to detect suspicious electromagnetic activity in secure facilities, jamming or interference on 5G or IoT channels, unexplained device downgrades from 5G to 3G, sudden radiofrequency energy spikes that can harm personnel as well as rogue networks.
In support of CISA, the Department of Homeland Security’s Small Business Innovation Program outlined features it envisions in a 5i SAS mobile device:
- Secure containers operating on a 5i SAS would require a mobile operating system platform with enough memory and computational power to perform its sensor functions without significantly affecting the normal phone or device functions (e.g., calls, text, app use, device telemetry, or GPS function, other containers).
- Mobile devices with secure containers may be capable of having several different functions in one device, such as a 5i SAS sensor, a UNCLASS smartphone (not intended to need controlled unclassified information [CUI] protections) with defences against compromised microphones and cameras, a similar CUI-use smartphone with secure voice and text apps, a laptop replacement (if mated to a dumb terminal), and optionally a classified container for Type 1 secure voice, video, and text capabilities.
- Mobile operating systems should allow for separate 5i SAS virtual containers that can operate autonomously from the user, and is centrally managed, and whose data is sent to a cloud-based data analysis engine to determine if safety or security is potentially at risk.
- If enough of these 5i SAS devices are issued, then they could not only detect unhealthy/insecure situations, they could also triangulate the physical location of suspicious IoT and 5G devices, or jamming sources, or anomalous network behaviour.
- 5i SAS may include federal and state, local, tribal and territorial (SLTT) users; so, managing need to know should be a design consideration.
- Applicable certifications and manufacturing readiness will need to be performed for commercialisation.
Although the request for the technology has been made on behalf of CISA, other federal and state, local, tribal and territorial governments may need to use it. If enough 5i SAS devices are issued, they could not only detect unhealthy/insecure situations, they could also triangulate the physical location of suspicious IoT and 5G devices, or jamming sources or anomalous network behaviour.
Considering the significance of 5G architectures to many industries, governments also need to mitigate and calculate its risks. As reported by OpenGov Asia, Cybersecurity and Infrastructure Security Agency (CISA) collaborates with the National Security Agency (NSA) and the Office of the Director of National Intelligence to outline the risks to 5G that threaten national and economic security and could impact other national and global interests. They released a paper titled Potential Threat Vectors to 5G Infrastructure. This paper identifies and assesses risks and vulnerabilities introduced by 5G.
