Research Report Supply Chain and Network Security for Military 5G Networks

NATO needs to keep itself thoroughly informed about the opportunities 5G technologies provide for improving Euro-Atlantic deterrence and defence, as well as about the security risks inherent in 5G networks. How would security risks related to public (commercial) and private (military) networks impact NATO missions and operations? If civilian or military 5G networks ever became compromised or came under the control of potential adversaries, the repercussions for NATO’s Military Instrument of Power, and for deterrence and defence, would be severe. NATO must develop ways and means to deploy 5G technology to support the Military Instrument of Power, and security risks related to them must be mitigated.

This Research Report examines supply chain and network security challenges associated with 5G technology. It discusses vulnerabilities, threats, and risks to public and military 5G networks. The report aims to raise awareness among decision-makers on how operating through public and private 5G networks can impact the Alliance’s missions and operations. It also aims to provide evidence-based information on security risks associated with 5G technology and networks, risks which may affect NATO missions and operations. The report outlines three use cases for the military use of 5G networks as follows: smart sea ports, road transportation, and public safety networks.

Resilient telecommunication networks are essential for NATO’s political and military-strategic interests. Today, NATO implements baseline requirements concerning telecommunications infrastructure and guides NATO nations’ resilience goals and implementation plans related to them. The Alliance includes trustworthiness criteria in its security policies and regulations and in the technical procurement of equipment. An improved understanding of supply chain vulnerabilities, risks, and threats is necessary in order to enable evidence-based and risk-informed decision-making by NATO nations regarding the current and future policies related to 5G technologies and infrastructure. Sharing information based on common methodologies and doing so frequently – for example, assessments about vulnerabilities, threats, and risks associated with high-risk 5G vendors – would be a first step toward increasing visibility and building consensus on security risks among the Allies.

This publication is a product of the CCDCOE. It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.

← Library