GSA supports National Strategy to Secure 5G with new acquisition guidance

GSA’s Acquisition Guidance for Procuring 5G Technology supports an ongoing, multi-agency effort to document and share best practices for optimal 5G deployments.

National Strategy

As discussed in past posts, the Federal Government views 5th generation (5G) wireless technology as a future driver of the global economy. It also views the security of 5G information and communications technology and services infrastructure, and the data transmitted and stored on it, as a key national security interest. In addition to protecting data on the network, a trusted, secure supply chain is also paramount. We cannot ensure the security of 5G networks if untrusted equipment or software is allowed to control any part of them.

The National Strategy to Secure 5G is our country’s game plan to manage the risks associated with next generation wireless technologies and the new use cases they open up. GSA’s role is to establish acquisition processes and facilitate federal agency adoption of 5G infrastructure with appropriate security safeguards and adherence to national policies. The desired outcome is a resource that helps agencies identify their standards, specify security controls, and catalog other relevant requirements to provide a secure 5G infrastructure.

GSA guidance

Screenshot of the front page of the "GSA Acquisition Guidance for Procuring 5G Technology" with a white and navy background. There is a colorful technology graphic at the bottom right of the screen.
Download the PDF at buy.gsa.gov or order physical copies at cmls.gsa.gov.

The subject matter experts behind our Wireless Mobility Solutions contracts applied this directive to the early 5G use cases they were observing at various agencies. We coordinated extensively with the interagency Federal Mobility Group, and we incorporated valuable input from experts in other agencies and industry. The result is our Acquisition Guidance for Procuring 5G Technology, a plain-language white paper that charts the progression of 5G in the public sector, outlines its core standards, explores government use cases, and delves into acquisition strategies that balance flexibility with security requirements. In particular, the Guidance features:

  • Tools and strategies for contracting 5G – A model acquisition process that details how technical staff should go about defining requirements and how contracting staff should use them to structure a solicitation.
  • 5G use cases in government – A living list of 5G use cases and pilot programs applicable to the public sector;
  • Standards for 5G – A detailed accounting of the international and U.S. standards that are used to determine requirements for 5G;
  • General background – A plain language narrative describing the evolution of cellular technology, the capabilities 5G offers, its relevance to the public sector, efforts underway to secure it, and its potential to shape future telecommunications products and services.

The wheel keeps turning

A six-sided "5G Wheel" in shades of purple depicting what the GSA Acquisition Guidance for Procuring 5G Technology features: Technology, Standard, Security, Policy, Acquisition, and Use Case.
The “5G Wheel” is one model of visualizing the components that enable resilient deployments.

We’ve previously described our “5G for Government” strategy as the understanding of six core concepts: Technology, Standards, Security, Policy, Acquisition, and Use Cases. Use cases are the real-world applications that agencies are pursuing, or want to achieve. Acquisition is the nuts and bolts of getting the solution in place in the most efficient and effective way. Once you understand the technology, know the standards, consider the security aspects, and are up-to-date on governmentwide policies, then it’s time to plan and execute. If you think of this strategy as a circle or wheel, the Use Case is the end of one cycle and the beginning of another. Each rotation strengthens our collective understanding of what makes a 5G deployment secure and successful. The Acquisition Guidance for Procuring 5G Technology is GSA’s first effort to distill this collective knowledge into a usable format to help government technology managers, their contracting offices, and trusted industry partners buy, build, and use secure 5G systems. As a living document, the Guidance will be frequently reviewed to keep pace with changing technology, ensure governmentwide cybersecurity requirements are accurate, and incorporate feedback from stakeholders. Send feedback, questions, and suggestions to wireless@gsa.gov.

Follow ITC on LinkedIn and Twitter, and subscribe for blog updates.

GSA’s Enterprise Infrastructure Solutions Instills Cybersecurity Confidence

On May 12, the White House issued the Executive Order on Improving the Nation’s Cybersecurity. This EO underlines the fundamental problem of how cybersecurity weaknesses leave critical infrastructure open to debilitating attacks. It also outlines what government agencies must do to improve their collective defensive posture, reduce risk, improve visibility and secure their infrastructure.

GSA’s Information Technology Category (ITC) tracks cybersecurity trends and is involved in conversations with industry experts on this topic. We incorporate the EO’s technological goals in our contract solutions, like Enterprise Infrastructure Solutions Contract, or EIS.

When it comes to network security, Zero-Trust Architecture (ZTA) is the gold standard. We even published a Zero Trust Architecture Buyer’s Guide to help agencies build toward it. EIS is featured prominently in the guide, because it offers baked-in security “building blocks” to create customizable solutions.

Managed Security Services

The EIS Managed Security Service (MSS) is a comprehensive service that protects an agency’s information technology assets—hardware devices, network, software, and information—from malicious attacks. It includes capabilities such as authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management. MSS comprises the following sub-services: Trusted Internet Connections Service (TICS), Managed Prevention Service (MPS), Vulnerability Scanning Service (VSS), and Incident Response Service (INRS).

Managed Network Services

The EIS Managed Network Service (MNS) enables an agency to outsource a portion or all of its network planning, design, implementation, maintenance, operations and customer service as a strategic move to improve IT services and lower costs.

Software Defined – Wide Area Network (SD-WAN) Services

SD-WAN services provide significant benefits by giving agencies central security management and visibility, the ability to segment networks where security policies can be tailored per application and data type, and identity-based user access.

Managed Trusted Internet Protocol Services (MTIPS)

MTIPS version 2.2 provides security for all external connections to public Internet, Extranet, and Cloud Service Providers. As agencies look to implement the Cybersecurity and Infrastructure Security Agency (CISA) TIC 3.0 guidance, MTIPS may be complemented with additional EIS services to achieve the updated security capabilities of a TIC 3.0 Traditional TIC solution.

FedRAMP Authorized Software-as-a-Service (SaaS) Tools

SaaS gives an agency access to applications hosted in the cloud. The provider manages the security, availability, and performance of the applications as part of their service. Using SaaS allows an agency to reduce the time, expense, and risk associated with the installation and maintenance of software on agency computers. EIS SaaS meets all federally required security standards for Cloud services.

EIS delivers solutions to agencies that will meet CISA’s latest Trusted Internet Connections (TIC) 3.0 guidance and ZTA requirements which include the Core Zero Trust Logical Components described in the National Institute of Standards and Technology (NIST) Special Publication 800-207. GSA continues to collaborate with CISA to provide guidance to agencies advancing legacy networks towards a zero trust architecture.


In the past decade, the typical federal agency network has evolved from being static with a known perimeter to mobile-friendly with nodes across the country. We are now regularly reminded that security solutions must correspondingly evolve to secure agency data and be able to ensure the safe transport of information to and from cloud applications, data centers, and remote users. If they don’t, the U.S. will continue to be vulnerable to malicious actors all over the world.

The Cybersecurity EO prioritizes “accelerated movement to secure cloud services; centralized and streamlined access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and investment in both technology and personnel to match these modernization goals.” EIS already supports these by supplying SD-WAN services, 5th Generation (5G) telecommunications technology, Internet of Things (IoT) offerings, and Cloud-based security solutions.

Using EIS to buy IT infrastructure ensures a greater degree of consistency in the government’s telecommunications and network infrastructure services. It also consolidates the government’s purchasing power, driving lower prices on products and services that to satisfy complex security, flexibility, and visibility needs. EIS solutions offer the foundation needed to adapt to evolving threats and continue accomplishing your mission. The sooner agencies transition, the sooner they can take advantage of the secure solutions available on EIS. Accelerate your transition progress by Taking A.I.M. at EIS.

Public Sector 5G Strategy Series – Part 1: Technology

The Wheel Is Turning

If you’ve scrolled through social media or watched live TV lately, you’ve likely seen an ad for 5G. If you find yourself wondering why there is so much conversation about 5G –you are not alone. Is it worth all of this attention?

We think so. 5G is set to revolutionize the world’s telecommunications infrastructure, paving the way for even greater use of autonomous devices and expanding the number of interconnected devices in the Internet of Things (IoT).

In October 2019, GSA held its first public event about 5G, where government and industry experts gave us a compelling look at the rollout of next generation networks, discussed how they’ll support IoT applications, and outlined the steps necessary to secure this new hyperconnected future.

Going forward, we’ll be sharing a series of posts outlining how we expect 5G will drive change across government, and what agencies should do to prepare. 5G means different things to different people, so our “5G for Government” strategy is best visualized as a wheel composed of six core concepts:

  • Technology
  • Standards
  • Security
  • Policy
  • Acquisition
  • Use Cases

This post will look at the evolution of the technology enabling 5G, and more importantly, the types of devices, applications, and services that will soon depend on it.

New Tech, Same Trends

The first cellular telephones hit the market in the mid-1970s and offered wireless voice calling over an analog network. In the early 90s, this first generation cellular technology, using analog telecommunications standards, transitioned to a 2G digital network, allowing both voice and data to travel wirelessly between devices.

3G and 4G gave us mobile internet and streaming video, respectively, leading to the rise of the smartphone and entirely new industries, such as mobile application development and cross-platform analytics.

Remember when you couldn’t open an email attachment on your phone or send a photo—let alone a video—over a wireless network? When did that change?

Most people could not tell you which network generation enabled what feature, only that devices became faster, applications more data dependent, and new services arose as capabilities increased.

The same will be true for 5G, but due to its engineered flexibility and vast capacity for high-speed data transfer, the changes will come sooner and reach far beyond communications.

Why 5G Is Different

Since 5G is still new to the market, what we can say about its current technology is limited. Indeed, many experts will tell you that 5G was designed to support applications and services that are still largely confined to a laboratory setting. For now, when we look at the technology, we can only compare it to what’s currently on the market, but when we do, it becomes apparent that we’re just seeing the tip of the iceberg.

Changing Devices

Take the smartphone, for instance. Right now, a phone on a 4G network downloads data at approximately 12-36 megabits per second (Mbps). A 5G enabled phone clocks in at 50 Mbps at minimum. Phones on the fastest commercial networks can reach 1,000 (1 gigabit) per second, and average speeds are expected to exceed 10 Gbps as the technology matures.

How does it reach these speeds? 5G transmitters use higher frequency radio waves, some in or near the millimeter wave band of the electromagnetic spectrum. Bandwidth is much more plentiful there, which greatly increases the capacity and speed of data transfer. Instead of a single cellular antenna, the 5G phone contains multiple receivers, allowing it to process all this data over multiple streams, in parallel. You could liken it to filling a glass of water from the bottom up, and the top down, at the same time. 

Smaller, More Flexible Networks

Like their predecessors, 5G networks are digital cellular networks, in which the service area covered by providers is divided into a mosaic of small geographical areas called cells. While conventional cell phone towers are hundreds of feet tall, millimeter wave antennas are only a few inches long. Though an individual antenna may only cover a small area, multiple antennas can work together as phased arrays to beam data straight to the user. This technique, known as beamforming, is one of many ways that 5G networks can be optimized to improve performance while it serves huge numbers of devices.

Open To Innovation

Small but mighty, 5G networks could be used to provide general home and office internet connections. A technique called network slicing could be used to segment a larger 5G network into highly customizable “slices,” managed and operated independent of the infrastructure owner, tailored to unique business needs. When used in conjunction with software-defined wide area networking (SD-WAN), 5G could replace outdated cable connections in government offices, campuses, and military bases.

Edge computing is another exciting concept made practical by 5G. This technique involves creating a cloud-based IT service environment at the edge of the cell, leveraging its unique properties and raw power to move computational workloads physically closer to the user. Theoretically, sophisticated edge computing could eliminate the need for physical hard drives and bulky device components, as the actual computing would occur in the cloud and beam compiled data directly to a screen or user interface. Battery sizes would shrink, ushering in new opportunities for wearable and drone technology.

Hypercharged wireless internet and robust cloud computing are just the start. The high data rate and low latency of 5G are envisioned as opening up many new applications in the near future. The use of data-heavy virtual and augmented reality applications in healthcare and research is one promising example. Another is 5G’s facilitation of fast machine-to-machine interactions in the coming Internet of Things . For example, computers in vehicles would continuously communicate with each other, sensors on the road, and real-time, artificial intelligence) generated directions using 5G. This is the kind of “smart grid” cities will have to deploy to support self-driving cars. Over time, communication capabilities and computing power will combine and extend across networks and devices, and information and computing power will be instantaneously available. This will encourage a wave of innovation in applications, services and functions built to run on the new infrastructure. 

Lightning speed, expanded capacity, and massive connectivity are the defining characteristics of current 5G networks and enabled devices. These conditions are ideal for emerging technologies to take root.  

More than that, 5G is widely expected to be a defining stage in the global evolution of IT in general, affecting almost all parts of industry and society. In subsequent posts, we’ll take a look at the standards on which it will all be built and explore the security considerations around its deployment. 

###

Until then, please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

GSA, Customers, and Vendors Meet in Texas for 2019 ITC Acquisition Summit

This August, we brought nearly 300 representatives from government and industry together for our 2019 IT Acquisition Summit. Collaborative events like this are critical to our success in supporting agency missions across government.

We met in Fort Worth, home of GSA’s Greater Southwest Region 7, which spans Texas, Louisiana, Arkansas, Oklahoma and New Mexico. We used a human-centered design approach to generate open communication and collaboration between GSA and our industry partners. Learning through use-cases and sharing information helps us better understand the challenges and constraints both government and industry have.

The summit was held in coordination with the Advanced Technology Academic Research Center (ATARC) and moderated by its president, Tom Suder. During the first day, attendees heard from various GSA and industry representatives on popular topics such as cybersecurity, mobility, 5G, emerging tech, and IT modernization. 

Dennis Shingleton, member of the City Council and mayor pro tempore, opened the summit with a boisterous Texas-style welcome.

I moderated the kick-off session with panelists Bill Zielinski, Assistant Commissioner of the IT Category; Anahita Reilly, Chief Customer Officer of the Office of Customer Experience; and Dominic Sale, Assistant Commissioner of the Office of Operations for Technology Transformation Services. They discussed GSA’s approach to IT modernization, category management, and shared services.

An afternoon panel from the Mobility Services Category Team discussed the 5G rollout, how it will shape public-sector adoption of Internet of Things applications, and its implications for supply chain security. Allen Hill, director of the Office of Telecommunications, opened the session, and Sam Navarro, program manager of the Enterprise Mobility Program, moderated the panel. Representatives from AT&T, Verizon, MetTel, and T-Mobile discussed the state of mobile technology and how consumers of 5G determine the new ways they will use the technology.

Our summit concluded with opportunities to attend one-on-one sessions with GSA acquisition professionals and an interactive use-case workshop.

We plan on hosting the IT Acquisition Summit again in 2020 — slated for Washington, D.C. The open communication and collaboration in a focused setting foster the type of game-changing ideas we need to continue enhancing IT acquisition for the whole of government.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

*Photographs above by James Wronski, Carahsoft

GSA Leading the Way for 5G

In July, we gave you a first look at the possibilities of 5th generation wireless technology (5G) in the public sector.

Commercially, 5G devices will deliver voice, video, and data to consumers with unparalleled efficiency for broadband mobility. Providers will upgrade their networks, manufacturers will develop new types of devices, and industry will market products and services around connectivity and mobility.

For the government, a 5G future is more complex since we’ll be tasked with making these technologies useful for everyone. That’s why we’re publishing a white paper on 5G — watch for that after our 5G Technology Customer Event on Oct. 3.

What’s Next for Government 5G

As new technology comes to market, we work with agencies and industry to pair the right wireless solutions to mission needs — focusing on wireless solutions security and cost efficiency.

Schedule 70 SIN 132-53 shows the robust capabilities we bring to the government market:

  • Wireless Carrier Services
  • End Point infrastructure
  • Mobility as a Service (MaaS), a.k.a Device as a Service (DaaS)
  • Enterprise Mobility Management (EMM)
  • Mobility Backend as a Service (MBaaS)
  • Telecommunications Expense Management System (TEMS)
  • Mobile Application Vetting
  • Mobile Threat Protection
  • Mobile and Identity Management
  • Internet of Things (IoT)

10/3 GSA 5G Event

To learn more about the possibilities of 5G, join us on Oct. 3 at the GSA 5G Government Symposium. We’ll cover:

  • how 5G can help agencies meet their mission,
  • the challenges facing government as we implement this new technology, and
  • how 5G will integrate into today’s networks.

View the agenda. Join us online or in person.

Stay Tuned to 5G

For our next 5G post, we’ll explore how unlicensed and lightly licensed spectrum could affect campus networks.

Until then, please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.