Home >> December 2022 Edition >> Defining Resilient + Secure Architecture
Defining Resilient + Secure Architecture
Rob Spalding, Chief Executive Officer, SEMPRE.ai

 

Infrastructure is only as good as the ability to secure the data and make it available and accessible

When SEMPRE was founded in 2019, it was premised on the belief that 5G was moving cellular infrastructure increasingly to software, away from bespoke hardware — it was a seized opportunity to rethink architecture for telecommunications.

The idea was to take non-resilient and unsecure infrastructure and make it hardened and secure. It’s been a long four years, but SEMPRE has shown that such is possible. This article is about the principles that went into developing that architecture.

When the iPhone came out in 2007, there were technologies in the phone that had yet to evolve. Today, one sees the full evolution of Steve Job’s vision, but unfortunately, infrastructure has not kept pace with software.

For example, in a sense, a smartphone can be turned into an infrastructure device by making it a Wi-Fi hotspot. Why not apply the concept to infrastructure by consolidating all the software into an autonomous, self-enclosed infrastructure node?

Like the iPhone, SEMPRE thinks of its network nodes as devices, or rather, as decentralized infrastructure architecture that can be made resilient and secure, using ORAN and other technology initiatives.

It is important to note that it is the evolution of cellular into software that makes this possible. The evolution could not have happened until 3GPP specifications introduced the widespread use of network function virtualization, software-defined networking and software-defined radios.

5G is taking all the pieces of the hardware and bringing them into software. Yet the architecture the telecom industry is using, even in the newest 5G stand-alone networks, is the same architecture used to build 4G LTE networks.

For instance, the Core Network/Centralized Unit (CU), Distributed Unit (DU) and the Radio Unit (RU) are all geographically separated. Anywhere along the way if access to any of these is severed, a cell tower won’t work.

Fragility has been built into the current system despite the fact almost the entire network is software running on Commercial-Off-The-Shelf (COTS) servers.

Software Consolidation

The first principle for creating security and resiliency is software consolidation into a single node.

The second is hardening; as zero trust is important in security and resiliency, it is not sufficient to only consolidate.

All the technology that goes into powering smartphones today can be run by software in self-enclosed autonomous infrastructure nodes that allow all the security and resiliency to be built into the node.

Pairing that infrastructure node with satellite backhaul puts the internet anywhere on Earth.

Latency and bandwidth issues are less of an issue as the datacenter is in the node for Edge processing running applications and caching data.

This creates a fiber experience at the very edge of the network with satellite constellations. In other words, cellular for the first time allows the fusion of space and terrestrial networks in a more secure, resilient, efficient, and cost-effective way.

Today network operators cannot get the most out of the network infrastructure because the industry looks at satellite networks and terrestrial networks separately. This is because the telecom industry has been highly centralized and satellite networks were thought to enable distinct use cases and customers.

Consolidating all of the capabilities of today’s networks into software can enable interesting things like having multiple satellite modems in software, thereby giving enormous flexibility and resiliency.

Secure Control Plane

Satellite networks can be used for more than a transport layer where communications are concerned.

In SEMPRE’s architecture, the control plane is run through a secure satellite constellation for globally assured secure command and control of SEMPRE’s infrastructure nodes. SEMPRE’s encrypted data plane, on the other hand, liberally uses existing constellations to ensure the most cost-effective paths for back haul. This creates a hybrid network that is both open and closed providing secure yet interoperable services to the customer.

Hardening

Consolidating software into a single. self-enclosed. autonomous network node gives the ability to

harden it against threats in a way that wasn’t possible before — threats such as EMP/HEMP events.

Hardening is not an additional expense because 5G allows one to share the Radio Access Network (RAN) at the edge. That means savings of up to 40% on Capital Expenditures (CAPEX).

Tamper resistance is another important, zero-trust feature as infrastructure nodes are physically available, without restrictions on a person simply walking up and touching one. Today we have tamper-evident seals that may give an indication that something’s been tampered with, but how often are the actual sites visited to check the seals?

Building tamper resistance into infrastructure, making it EMP-hardened, and pairing it with multiple, satellite backhaul networks enables resiliency. Today, resiliency is not built into infrastructure, and that makes our nation and our communities vulnerable. This was evident two Christmases ago when a domestic terrorist blew up his Winnebago near the AT&T switching center in Nashville, Tennessee.

Tennessee and the surrounding states lost mobile service and e911 for up to two weeks. Fully functioning cell towers didn’t work because they had lost connection to the core Network.

Encryption

Encryption is a necessity when it comes to survivable and secure infrastructure. Post-quantum encryption is important for ensuring it isn’t broken by a quantum computer.

NIST (National Institute of Standards and Technology) and the NSA (National Security Agency) are putting forward potential candidates for post- quantum encryption.

Data Model

Another principle to consider is the data model itself. Today the industry looks at security using a “rings around things” model. They put ever higher walls around data, but ultimately when one gets to that data it’s open and often unencrypted. Ensuring data is encrypted — no matter whether it is being moved, stationary or being acted upon— is an important part of resilient and survival infrastructure.

Ultimately the infrastructure is only as good as the ability to secure the data and make it available and accessible.

A New Cold War

Finally, when considering what the future holds, whether it be Russia’s invasion of Ukraine or Chinese threats to invade Taiwan, the world is witnessing a lot of nuclear saber-rattling.

This is going to accelerate as the world moves deeper into the second Cold War.

Today, the world is split into two halves — the free and the unfree.

Consider...

Nuclear weapons are still out there, and they are enormously dangerous. This will affect the satellite industry in technology, business models as well as risk.

It is important that the industry starts to consider these things and takes advantage of the consolidation of infrastructure in software and initiates the effort to fuse terrestrial and satellite networks in ways that make them more secure, resilient, cost-effective and efficient.
sempre.ai

U.S. Air Force Brigadier General (ret) Rob Spalding is the former White House National Security Council senior director for strategic planning and served in senior positions of strategy and diplomacy within the Defense and State Departments for more than 26 years. Rob is the founder and CEO of SEMPRE, a technology company created to protect and secure our most critical resource: data. Rob has served in senior positions of strategy and diplomacy within the Defense and State Departments for more than 26 years, retiring as brigadier general. He was the chief architect for the widely praised 2017


Rob Spalding

National Security Strategy and the Senior Director for Strategy to the President at the National Security Council. Rob’s innovation while serving in the White House has led to a reset in national security and public policy regarding telecommunications in the U.S. as well as across the globe.

Rob has written extensively on national security matters. His academic papers and editorial work are frequently published and cited, nationally and internationally and he is the author of “STEALTH WAR: How China took over while America’s elites slept” and “War without Rules. Rob is a skilled combat leader and a seasoned diplomat.