Sprint technicians work on the installation of 5G technology next to fiber cables on top of a building in New York City, U.S. on June 11, 2019. (Shannon Stapleton/Reuters)

US Military to Develop 5G After OIG Blames China Cyber-Espionage Acts

By Chriss Street

The U.S. Department of Defense is starting a secure 5G microelectronics initiative after a declassified Inspector General report blamed China for supply chain cyber-espionage.

The day after the Office of Inspector General (OIG) released a heavily redacted report identifying numerous cybersecurity vulnerabilities associated with U.S. military purchases of ‘Commercial Off-the-Shelf Items’ (COTS) that contain Chinese electronics, Undersecretary of Defense for Research and Engineering (R&E) Michael Griffin told Space and Missile Defense Symposium, “What I want to bet on is the ability of the United States and our Western allies to out-innovate adversaries.”

Griffin stated that the R&E arm of the Pentagon will see a $311 million spike in its budget to $459 million next year, as its “Trusted and Assured Microelectronics” supply chain initiative expands to incorporate fifth-generation (5G) and Internet of Things (IoT) network, 5G modems, and end-user devices into military systems and capabilities.

Griffin said Pentagon leadership is “ever more convinced—especially with all the news centering around Huawei and who will and won’t buy their hardware, and whether we will or won’t—that assured microelectronics is a key priority.” As a result, the Department of Defense has upgraded the priority for development of secure 5G network supply chain to the same level as hypersonics, directed energy, and a space sensor layer vendors for systems to deal with advanced Chinese missile threats.

He also stated that “trade wars with China” are not in his job description, but Chinese infiltration of the microelectronics supply chains have forced the Department of Defense (DoD) to take a broader view of hardening network security, because the IoTfex will eventually dominate the management of supply depots, ports, airfields, and autonomous vehicles in the event of hostilities, according to Breaking Defense.

Griffin emphasized sourcing U.S.-built hardware will not necessarily resolve the DoD cyber-espionage risks, because international supply chain components allow adversaries multiple access points to conduct surveillance and inject software threats into systems.

Upgrading 5G to the DoD’s highest levels of research and engineering follows the OIG detailing how military small-dollar purchases adding up to $32.8 million bypassed Congressional bans against purchasing Chinese-made Lenovo computers, Lexmark printers, and GoPro cameras with known cybersecurity vulnerabilities. According to the OIG:

Lenovo, China’s largest computer company, has been the subject of multiple Congressional, Department of Homeland Security, and other federal government agency cybersecurity risk warnings. The U.S. State Department banned Lenovo use on its classified networks after reports that its computers were manufactured with hidden hardware or software used for cyber espionage. The Department of Homeland Security in 2015 issued warnings regarding pre-installed spyware, and the Joint Chiefs of Staff Intelligence Directorate issued a 2016 warning that Lenovo computers and handhelds could introduce compromised hardware into the DoD supply chain that may pose a cyber espionage risk to classified and unclassified DoD networks.

The U.S. ‘National Vulnerabilities Database’ lists Lexmark, a U.S.-based company that is now owned by a consortium of Chinese firms, as having 20 cybersecurity vulnerabilities that could allow storing and transmitting sensitive network access credentials in plain text; plus allow execution of malicious code on the printer. Lexmark vulnerabilities could allow remote attackers the ability to launch cyber espionage or denial-of-service attacks on a DoD network.

Vulnerabilities for GoPro action cameras, designed to film and share video in real-time through wireless or Bluetooth connections, include remote attacker access to the stored network credentials and live video streams. By exploiting the vulnerabilities, a malicious actor could surveil or record video streams and pictures without the user’s knowledge.

The OIG declassified report redacted numerous sections discussing national security cyber espionage sources and uses. Sections were also redacted regarding the inherent cyber espionage risk of small-dollar purchases of Chinese-made video surveillance equipment from Hangzhou Hikvision Digital Technology Company and Dahua Technology Company.

Chriss Street is an expert in macroeconomics, technology, and national security. He has served as CEO of several companies and is an active writer with more than 1,500 publications. He also regularly provides strategy lectures to graduate students at top Southern California universities.