PINDROP BLOG

FCC Looking for Help Securing 5G, IoT Devices

SAN FRANCISCO–The FCC is appealing to the security and cryptographic communities for help in defining new security standards for both the forthcoming 5G wireless network and the exploding number of smart devices that make up the IoT.

David Simpson, the chief of the FCC’s public safety and homeland security bureau, said in a discussion at the RSA Conference here Thursday that time is of the essence to get the work done on these problems. As newer protocols and devices are rolled out every day, many of them are being put forth with little or no thought given to security.

“The time to address this with 5G is right now,” Simpson said. “We’re seeking a dialogue cybersecurity professionals to make sure we’re addressing the right things and that the 5G protocol addresses the right security things. Verizon and AT&T have already begun development on 5G networks, but wait a minute. We haven’t had the security discussions yet.”

The 5G standard is in the development phase right now, and Simpson said that one of the key issues that needs to be addressed is encryption.

“Should we define a single encryption standard for this space? That’s a very legitimate question. The standards body should be wrestling with that,” he said. “My personal feeling is that we will want to support several categories of encryption in the standard over time. Put me in the strong end-to-end encryption category for things that are high risk.”

Simpson said there are cryptographers involved in the 5G standards process, but there’s plenty of room for more.

“My concern is that the standards development in the IETF are done at this stage very much by people who are focused on getting the capability out, because that’s the monetary piece that’s right in front of their face,” he said. “The security ROI that’s over the horizon isn’t the focus.”

Much of what’s been discussed at the conference this week has involved IoT and device security in some form or another, and Simpson said there’s an urgent need for more attention on the topic.

“We want to bring cryptographers into the space now to get to the larger ecosystem who knows how important encryption will be in the IoT. There’s room for an evolved security posture there,” he said.