Future proof: Securing the wireless 5G grid

136

As 5G comes to the US power grid, we need a better way to safeguard our critical infrastructure, argues Robert Spalding.

The US energy grid, and all of the critical infrastructure that supports it, is about to get a lot smarter. That does not mean a lot safer.

The nationwide deployment of 5G wireless networks is bringing sweeping change to almost every corner of the economy. Compared to existing 4G and 4G/LTE networks, 5G service is about a hundred times faster and five times more responsive – with average data latency of about 10 milliseconds. For consumers, this presents an opportunity to embed our dumb devices with the intelligent edge sensors needed to automate home energy consumption, control lights by detecting room occupancy and program our white goods to run outside of peak-load times.

For utilities, 5G offers much the same opportunity to eliminate resource inefficiencies by automating power generation, distribution, storage and control systems. A data-driven grid is more resilient, is better at provisioning and redundancy, is able to provide real-time fault detection and response, and is more effective at base- and peak-load management. 5G will also likely improve service to rural and other remote territories, all while generating more accurate smart metering data.

5G adoption will strain an ageing energy infrastructure

That sounds promising until we stop to consider two factors working against this utopian vision. For one, the US has not seriously invested in critical infrastructure for 30 years, which may help explain why the American Society of Civil Engineers consistently gives US infrastructure a grade of D+. As we saw last winter with the deadly Texas energy grid failure, our systems break when placed under stress, and yet we are simultaneously asking them to increase their complexity and digital interconnectedness.

“… THE US HAS NOT SERIOUSLY INVESTED IN CRITICAL INFRASTRUCTURE FOR 30 YEARS…”

The second issue is the inherent security threats embedded within the 5G wireless standard. 5G was designed by an international coalition of technology companies, with heavy input from state-owned Chinese firms. As an open-source, commercial standard, 5G suffers from a general lack of encryption and is riddled with vulnerabilities, nearly 800 of which have yet to be resolved by the governing 3GPP standards body. This raises concerns relative to the influence China may have exercised over an industry standards-making body – and the number of backdoors and man-in-the-middle vulnerabilities through which unsecured data can be siphoned off or manipulated.

Bad actors have already shown the extent to which they will go to disrupt critical US infrastructure. Look no further than the Colonial Pipeline ransomware hack in May this year, which brought the largest fuel pipeline in the US to its knees, or the Christmas 2020 domestic terrorist attack in Nashville, Tennessee, which knocked out an AT&T communications node and crippled regional internet service and first responder networks.

“ONE CONSEQUENCE OF THE WAY OUR NATION’S TELECOMMUNICATIONS AND COMPUTING NETWORKS INTEROPERATE IS THAT THEY LEAVE TOO MUCH ROOM FOR INTENTIONAL – AND EVEN UNINTENTIONAL – INTERFERENCE.”

Then there is the sheer complexity of 5G implementation. While it is undeniably faster than its wireless predecessors, 5G creates many more routing points that must be secured. The speed and volume of 5G data means that network security monitors must be at least as fast. And this doesn’t even begin to take into account the millions of industrial IoT edge sensors that are deployed throughout the US power grid, each of which provides a potential home for malware to roost.

Shrink the threat surface by consolidating telecoms network and data centre infrastructure

One consequence of the way our nation’s telecommunications and computing networks interoperate is that they leave too much room for intentional – and even unintentional – interference. A power plant manager who chooses to email sensitive files to his home computer without first encrypting them may have no nefarious intent but is breaching security nevertheless. Likewise, data piped from an IoT sensor across 5G networks may travel hundreds of miles before it reaches the data centre, leaving a trail that hackers can easily exploit.

To date, most data security software has been applied as an afterthought – as a patch to the outside of the network. A better approach is to provide security from the inside, beginning with the data layer, to ensure trust is maintained throughout the data value chain.

This can be achieved by combining the communications network and data centre into a single, hardened piece of infrastructure. The close physical proximity of the radio tower and server has several advantages over today’s disaggregated equipment configuration. First, by consolidating the two into one hardened infrastructure we dramatically simplify the job of physically protecting it. Second, data can be encrypted at the source, both at rest and when in motion. Third, we naturally reduce latency and backhaul costs by eliminating the need to ship data across the country to and from data centres run by people whose job is not to ensure the safety, security and reliability of the US energy grid.

THE SPEED AND VOLUME OF 5G DATA MEANS THAT NETWORK SECURITY MONITORS MUST BE AT LEAST AS FAST.

In the end, you have built a secure, local computer environment where you trust the power plant, the power plant trusts itself and it trusts the infrastructure equipment. The infrastructure equipment does not trust anyone else. It does not trust the internet. It does not trust the cellular service provider. This hybrid model is then governed by redundancies such that a single person is never allowed to run the network or perform unattended software updates. In addition to securing a trusted grid, the collocation of computer and internet connectivity yields intelligence that plant operators can use to reduce costs and increase operational efficiencies. In effect, this delivers all the benefits of Amazon without having to trust someone else’s data centre.

To be clear, this hardware model augments – it does not replace or compete with – AT&T, Verizon, T-Mobile and other wireless carriers. It is a secure, intelligent firewall that encrypts data traffic, monitors endpoints for anomalous behaviour, detects and profiles known good behaviour and creates a barrier to future attacks – in real-time, not after the fact.

At SEMPRE, we employ what we call zero-trust principles in personnel, material and procedures to ensure the integrity, reliability and survivability of critical infrastructure and data – something we call SEMPRE surety. This is what led us to develop the SEMPRE Tower. It is based on the idea that a hardened 5G telecommunications and computing infrastructure can be adapted by the energy industry to help it take advantage of the speed, low latency and intelligence that 5G offers without succumbing to its vulnerabilities.

About the author

Brigadier General (ret) Robert Spalding of SEMPRE
Image: SEMPRE

Brigadier General (ret.) Robert Spalding is the founder and CEO of SEMPRE, a technology company committed to securing America’s critical infrastructure. Prior to his role at SEMPRE, General Spalding served in senior positions of strategy and diplomacy within the Defence and State Departments for more than 26 years.