Page:The 5G Ecosystem Risks & Opportunities for DoD.pdf/32

devices. If China is able to collect this data, DoD should consider discrete directives to defend against these vulnerabilities that fall outside the traditional DoD systems and platforms, such as training to limit inadvertent sharing of PII through personal device use.

• In addition to these efforts, DoD should initiate testing and experimentation on its bases for future generations of wireless technology beyond 5G. This testing and experimentation will occur over a longer timeframe to ensure that the United States is prepared to lead the next generational transition. These activities can include testing for sub-6 sharing, as well as future mmWave deployment and propagation improvement.

 

Recommendation #3

 

DoD should advocate for adjusted trade policies to discourage vulnerabilities in its supply chain on the grounds that they put national security assets and missions at risk.

• The compromised supply chain issue poses a serious threat to national security by introducing vulnerabilities into networks and systems, which can be leveraged by a hostile actor to disrupt DoD operations. The spread of these vulnerabilities creates an increasingly unstable environment by lowering barriers to offensive action while weakening defensive positions.
• The proliferation of security vulnerabilities creates incentives for all nations to take offensive action in a conflict, as the barrier to offense decreases while the difficulty of defense increases. This reality is reflected in the new U.S. Cyber doctrine of “forward defense”.
• To counter this threat, DoD should advocate that trade policy reward good security/coding and penalize vulnerabilities through tariffs (“monetization” of good development practices). For example, the United States could automatically impose a heavy tariff (say, 75%) on any goods from any nation found to have backdoors or serious security vulnerabilities. This would impose a market cost for insecurity, and would also create incentives for domestic companies to fund security researchers to find vulnerabilities in competitors’ products, thereby triggering the tariff. This would improve the overall security of DoD ecosystems without having to disclose vulnerabilities found by Title 50 entities.
• The United States should encourage Five Eyes and NATO partners to adopt the same tariffs, regardless of product country of origin. The United States stands to benefit the most in a trade conflict over security of devices.
• DoD should also encourage CFIUS to block transactions of companies with a history of selling products with documented backdoors and security vulnerabilities.