A new report by cyber intelligence company Oxford Information Labs warns that genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. Meanwhile, other countries are taking more measured approaches to minimise security risks.A new report on 5G and geopolitics by Oxford Information Labs details the complex landscape of 5G security. Importantly, it draws out how a variety of proven technical concerns around the quality of Huawei security practices and equipment are drowned out by the US’ Twitter diplomacy.
Critical international dialogue on genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. This includes issues like network resiliency, attack surfaces, remote access, and the move to software-defined networks. These issues parallel other concerns around further market consolidation of network providers and the potential reality of a global, vertically integrated Chinese tech monopoly. Meanwhile, the report highlights new evidence of how other countries are taking more measured approaches to deal with the 5G Huawei controversy.
The US risks alienating allies, including the essential Five Eyes partnership, by threatening to limit intelligence-sharing with those who use Huawei. The country has not helped itself by flip-flopping on its Huawei ban after declaring a ‘national emergency.’ In return, this fuels naysayers who claim the US is only making a fuss to influence its ongoing trade war instead of addressing genuine security issues.
The US approach could worsen global cybersecurity in the name of national security. This is compounded by the fact that the evolution from 4G to 5G will be more complex than previous evolutions in mobile technology. For instance, rather than cookie-cutter networks, 5G implementations will be highly specialised and vulnerable to software exploits.
One of the report authors, Emily Taylor, explains, ‘5G, will massively increase the cybersecurity threat landscape. There will be at least 20 times more infrastructure and untold numbers of connected ‘things’ with terrible cybersecurity protections.’
Taylor also highlights that the concerns and rumours around Huawei’s relationship with the Chinese government have never been proved. She adds, ‘The US is hinting that it knows more than it can say publicly, but so far, no convincing evidence has come to light of the two being in the league. Meanwhile, serious and systemic risks arising from the low quality of Huawei’s products and code are getting little or no attention.’
Not only are the US’ actions preventing a global dialogue and failing to convince potential allies, but it is also hastening China’s national strategy to become a global technological superpower. Technological self-sufficiency is a cornerstone to this strategy. For instance, just three months after President Trump placed Huawei on the Entity List resulting in the company’s Android licence being suspended, Huawei announced its own operating system, HarmonyOS. Huawei has also reportedly stockpiled ARM chips to use while looking for home-grown alternatives.
Furthermore, the US fails to acknowledge that many countries (including Five Eyes partners) already use Huawei in their 4G networks, making an outright ban unfeasible. Governments and network operators need to take into account local constraints, international relations, and existing infrastructure when choosing 5G providers.
The result is a variety of soft and hard power approaches ranging from outright bans, such as in Australia and the US, to more influential means and last-ditch veto powers. Italy is one example of the latter.
This brings us to a rather important question: how do we harness the benefits of 5G without compromising national security or global markets and avoid diplomatic tussles?
Compared with the US, other countries are taking more thoughtful, less dramatic steps. These include adopting security assessments, promoting vendor diversity, creating new alliances between like-minded countries, or ensuring that governments have a larger say in 5G procurement.
There is also a line emerging between periphery ‘equipment’ and the core hardware and software of 5G networks. The United Kingdom may be an example of this approach when a formal position is announced later this year. One way to create a line between network ‘core’ and ‘periphery’ is to require security assessments prior to procurement. Such an approach allows for early adoption of 5G while excluding unfavourable providers from more sensitive (and harder to secure) parts of the network like data centres and software code.
There are real cybersecurity and geopolitical risks arising from the roll-out of 5G. Unfortunately, these are not the ones grabbing the headlines even though hard evidence of Huawei’s technical shortcomings continue to emerge. For countries to benefit from this exciting new technology while limiting cyber risks and encouraging competition, a more thoughtful, evidence-based approach is necessary.
Written by Stacie Hoffmann, Digital Policy & Cyber Security Consultant at Oxford Information Labs Ltd
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xmlPosted on: September 2, 2019