A new report, first of the series of three reports to be published, on Supply Chain and Network Security for Military 5G Networks advises that NATO needs to develop common criteria to assess 5G vendors’ trustworthiness. The report warns that control or interference with 5G networks by potential adversaries could lead to severe repercussions to NATO’s deterrence and defence posture.
The Director of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) Colonel Jaak Tarien emphasised the crucial importance for NATO of understanding the security of military 5G deployments and the value of developing Alliance-wide cooperation to secure these networks.
“NATO needs to be well informed about opportunities 5G technologies provide for improving Euro-Atlantic deterrence and defence, as well as about security risks inherent in 5G networks,” said Colonel Tarien.
“If civilian or military 5G networks would become compromised or under the control of potential adversaries, repercussions to NATO’s Military Instrument of Power would be severe,” he added.
The main author of “Research Report Supply Chain and Network Security for Military 5G Networks” Piret Pernik, Researcher at the CCDCOE, said that through three military use cases of deployment of 5G networks – smart sea port, road transportation, and public safety network – the study aims to raise awareness of decision-makers on how operating through public and private 5G networks can impact on the Alliance’s missions and operations.
„An improved understanding of vulnerabilities, risks, and threats related to supply chain and network security are necessary in order to enable evidence-based and risk-informed decision-making of NATO organisations and nations. Risk-assessment based decision-making and policies are pivotal to ensure resilience, reliability and security of networks,“ notes Pernik.
Pernik emphasized that security requirements for military communications may be greater than those offered by the commercial 5G service providers.
„For example, the military needs to avoid being identified, geo-localised, and jammed by an adversary; however, commercial service providers do not normally prioritise those concerns for their other customers’ needs, “ Pernik stressed.
According to another author, the Technology Branch Chief of the CCDCOE, Urmas Ruuto, sharing information frequently and based on common methodologies would be a first step on the road to increase visibility and build consensus on security risks among the Allies.
„NATO should cooperate with the industry to ensure military needs are met. NATO should also support the adoption of trusted technology globally, which would enable the Alliance to mitigate risks inherent in the technology of authoritarian countries,“ said Ruuto.
He added nations should refrain from using technology of vendors whose technology has in the past been used to undermine universal values and democratic freedoms.
The report „Research Report Supply Chain and Network Security for Military 5G Networks“ is a first of three research reports on security of military 5Goffering initial recommendations for policy-makers. The following two reports will focus on case studies and offer more profound guidance.
The project is funded by the US Department of Defence and the Ministry of Foreign Affairs of Estonia, and carried out by an international and interdisciplinary team of researchers at CCDCOE in collaboration with US cybersecurity institutions.