Introduction

The first iPhone was released in 2007 and 4G connections rolled out a year later. With the wide scale adoption of smartphones and accessibility to 4G, mobile applications took off. Yet, the cybersecurity implications were not thought of until the incidents started occurring. Few raised alarms about foreign interference in elections by manipulating social media. The sale of American data to unregulated data brokers that can then be bought by law enforcement agencies was one of a dystopian future. The widespread use of Bitcoin, first developed in 2009, and the thousands of virtual currency iterations since then helped give rise to devastating ransomware attacks. And with the return of great power competition, the United States and its allies had to confront the daunting challenge of ensuring the semiconductors, software, and hardware underpinning the technology of the 4G-tech ecosystem were free from adversarial malfeasance. All these issues were brought on, more or less, by the onset of 4G devices and applications.

With the deployment of 5G towers and cells throughout the United States, 5G-capable phones and devices will increasingly proliferate. But the true benefits of 5G will be those technologies that take advantage of reduced up/down data streams, especially those using augmented reality, virtual reality, and mixed reality applications—collectively known as extended reality (XR). These applications will become accessible through a single, or set of metaverses, which will allow users to engage with a near-infinite number of XR applications. These metaverses will be a collection of virtual ecosystems that allow users to interact with each other and their surroundings in a creative and collaborative manner in virtual spaces or physical environments that are digitally manipulated by static or mobile devices.

The benefits of these metaverses and the associated XR technologies could be numerous, including advanced telehealth, improved training for emergency responders, and better digital government services. Importantly, XR technology is not necessarily an emerging technology, but one that has been around for decades. Indeed, the U.S. military has relied on XR technology since the 1950s to train fighter pilots and to help them navigate the skies.

While these applications and devices will bring significant benefits, they will be accompanied by the cybersecurity challenges that pervaded the 4G ecosystem. These same cybersecurity challenges will be compounded due to the increased amount of data produced by the metaverse and a broader attack surface for malicious cyber actors to exploit. Cybersecurity practitioners will once again be confronted with data privacy concerns, online radicalization, mis-dis-mal-information, disruptions to critical infrastructure, virtual currency theft, digital identity management challenges, and supply chain disruptions. The security of the technology comprising the headsets and other devices that enable access to the metaverse, and the origin of XR apps themselves, will become a topic of concern. Just as the United States and Western nations are concerned with Chinese apps and information and communications technology products today, the same will hold true for XR applications as China increasingly seeks to be a leader in this field.

Unfortunately, the over-commercialization of the term “metaverse” has impeded honest conversations about the implications of an insecure metaverse and the technologies associated with it. As a result, U.S. policymakers run afoul of repeating past mistakes: failing to secure technology before it ushers in a new era of national security concerns.