Researchers at the University of California, Irvine are sharing in a $750,000 grant from the National Science Foundation to seek improvements for security on 5G mobile networks.
The government-sponsored study is the latest sign of Orange County’s growing clout in the cybersecurity world—the area’s home to numerous established and emerging businesses in the field—as well as the wireless connectivity industry, long a core technology sector for the area.
The independent federal agency has awarded the funds to a multidisciplinary team at UCI’s Cybersecurity Policy & Research Institute (CPRI), Donald Bren School of Information and Computer Sciences and BlackBerry (NYSE: BB), whose cybersecurity division, previously run under the Cylance name, has a base in Irvine.
“This phase one is the exploratory phase where we look over issues carefully and then make a larger proposal for the hardcore technology development,” CPRI Executive Director Bryan Cunningham said on Sept. 15.
Cunningham is a former Central Intelligence Agency officer and White House National Security Council attorney.
16 Teams Competing
The National Science Foundation is looking to accelerate ways to assist the U.S. government and critical infrastructure operators to communicate securely anywhere and anytime over 5G systems.
Fifth-generation wireless (5G) is the latest iteration of cellular technology, engineered to greatly increase the speed and responsiveness of wireless networks.
The UCI and BlackBerry group is one of the 16 teams that received Phase 1 grants, as the researchers seek to go on to Phase 2 support, which Cunningham says he believes will be narrowed down to five teams.
“In this case, BlackBerry is also very open to working with other companies,” according to Cunningham. He expects additional companies to join the team effort.
The Donald Bren School of Information and Computer Sciences is the University of California’s first and only computing-focused school.
Difficult, Not Impossible
“It’s not impossible. It’s not a moonshot. But it’s difficult,” said Cunningham of long sought 5G security.
“The networks are going to cross so many jurisdictions probably with a fair amount of variation in equipment and software.”
He said significant international agreements, compelling legislation or further regulation will be needed.
The UCI team will probably involve between five and 10 people, including Cunningham and computer science Professor Ian Harris. The team will expand if they get a Phase 2 award.
The first phase, involving turning their initial ideas into a proof of concept, identifying new team members and partners, and participate in an innovation curriculum is expected to last about nine months, according to the National Science Foundation.
The second phase, focusing on solution and sustainability development, will run about two years.
“I’m highly confident that we will progress into Phase 2,” according to UCI.
The aim is to “jump- start solutions to national-scale challenges” on the public networks, Cunningham said.
Secure communications are vital from everything to individual communications to disaster response and international humanitarian assistance, military work, and the safety of the power grid.
Today’s 5G networks are not able to provide customers with continuous and real-time indicators of the security of these public networks, even for higher-security connections called “secure slices.”
This makes it impossible for users to follow current best practices of Zero Trust (ZT) security, which require continuous authentication so that trust is earned rather than assumed.
The BlackBerry-UCI “convergence accelerator team” will combine expertise in “software security analysis, human-centered design, networking, cybersecurity, standards, laws, and regulations to establish a novel technical foundation for ZT cybersecurity solutions in the context of multi-stakeholder, high-security 5G networks,” the group says.Confidentiality, Integrity While properly implemented, end-to-end encryption can protect the confidentiality and integrity of transiting data, it cannot prevent compromises along the network itself.
This newly funded, multi-stakeholder research effort is designed to develop techniques for assessing the trustworthiness of software running within 5G network infrastructures.
The research will also develop technical foundations and legal and regulatory frameworks to improve 5G security.
Cunningham said UCI’s work with BlackBerry will reach across disciplines, including computer science and engineering as well as law and regulation.
CPRI’s mission is to find multidisciplinary legal, policy and technological solutions to combat cyber threats while protecting and enhancing individual privacy and civil liberties.
He calls security an “evolving, back-and-forth struggle between offense and defense” while “there will never be perfect cybersecurity.”