The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) presented a recently released research and development funding project to secure mobile network infrastructure at an Industry Day event May 16.
The solicitation stemmed from a study on mobile device security that S&T conducted and submitted to Congress. It found that given current and emerging threats to Federal use of mobile devices, there needs to be security improvements to the mobile device ecosystem.
More specifically, S&T identified the following threats to mobile network infrastructure that it’s looking to industry now to help them solve:
- Air interface eavesdropping;
- Attacking virtualized infrastructure to degrade or deny service;
- Exploiting Signaling System 7 (SS7) – the global standard and data exchange protocol used to connect public switched telephone network, 2G, and 3G carriers internationally – to monitor or redirect phone calls or text messages;
- Capturing or modifying sensitive data in transit sent over the network with insufficient or no encryption; and
- Accessing backend systems and exfiltrating of sensitive data when unauthorized.
There are three technical topic areas (TTAs) that the project has divided its issue points into. The first looks to address 2G, 3G, and 4G network protections.
The second area is two-fold: first, it wants to build 5G network security and leverage 5G to create solutions that meet government security needs, and second, it seeks end-to-end protection of network traffic “including a development of a standard secure voice and video capability for unclassified government communications.
CISA National Risk Management Center (NRMC) Senior Advisor Sarah Ellis Peed highlighted the emergence of 5G networks and devices, adding that building upon preexisting security features, bolstering supply chain risk management, creating interoperability with 5G technologies, and tackling new network vulnerabilities are critical in this area.
The third TTA looks for solutions that improve government visibility of network traffic from mobile devices to identify potential attacks or malware in devices.
The solicitation states that proposals that address first and second TTAs will earn a maximum award of $2.75 million, while solutions for the third TTA will receive an award capped at $2 million.
Proposals for the solicitation are due June 26, and S&T will announce the proposals it selects on Sept. 24.