This article, by Chris Cummiskey, originally appeared in Nextgov on October 25, 2019.
The evolving cyber threat that the United States is facing—as a result of the global race to 5G—should be at the front of our minds. It’s easy to get excited about 5G and all of its promises: less latency, faster transmission speeds, and a greater ability to handle the billions of devices relying on the network. Not to mention, the possibility for self-driving cars and augmented virtual reality experiences has never been more real. However, our infrastructure is now exposed to a whole new realm of exploitation that may not have even been considered in earlier generations of network advancements.
After falling short in the race to 4G, China flexed its muscles on the 5G industry, heavily subsidizing research and development efforts. Huawei effectively and successfully marketed its low-cost, proprietary software and hardware around the world in an attempt to dominate the landscape. Although the U.S. has barred Huawei’s technologies from entering our country, our European allies have not yet taken the same precautions.
Adding to global concerns, there’s little partition between Huawei and the Chinese government—largely as a result of the 2017 National Intelligence Law, which requires organizations to cooperate with the state’s intelligence-gathering activities. There are legitimate red flags surrounding the security threats emerging from the adoption of Huawei’s systems, such as the company’s track record of surveillance and intellectual property theft. For this reason, the U.S. needs to catch up with China’s technological infrastructure and make sure we have a supply chain that isn’t left vulnerable to manipulation by foreign actors. Fortunately, there is the potential for 5G to be secure with its upgraded 256-bit encryption and stronger authentication systems.
While 5G has the capacity to be safer, we have both partners and adversaries that are moving in different directions with regards to standardization policies. This is where the notion of supply chain diversification comes into play. Requiring vendor diversity is important because it ensures that a nation is not dependent on only Huawei’s products and services; when users are all centralized on one system by one firm, a cyberattack has more widespread consequences stemming from a single access point. A diverse supply chain will also spur the competition necessary to meet the demand of the resulting competitive 5G marketplace.
Here in the U.S, we need to deepen our commitment to remaining competitive with Chinese innovations. China’s investment into R&D efforts is increasing at a faster rate than it is in the U.S., which has given China a significant leg up in 5G advancements. On the bright side, Congress is starting to recognize this as a priority and has allocated $436 million to the Defense Department to develop cybersecurity measures to adequately approach 5G communications.
This commitment to security must extend beyond a single bill and must include a fortified supply chain, as well as software and hardware integrity, which demands coordination between public sector, industry, and academia partners. The strategy needs to address every step along the supply chain, beginning with R&D. A common goal to provide a better, safer alternative for 5G buildouts than the cheap technology that Huawei offers will also serve to foster competition, ensuring consumers receive the best and safest network experience. We are still in the infancy of this conversation, and the nature of U.S. bureaucracy will dictate much of the pacing of domestic 5G development efforts; however, an early emphasis on the need for an alternative to Huawei will allow us to consider the types of investments we must make in order to progress and not be left at a competitive disadvantage with countries like China.
The incentives to enter the 5G space with an American alternative to Huawei rightfully draws urgency from U.S. investors and telecommunications companies alike. However, the U.S. entrance to the market must come with caution and a cybersecurity-centric mindset if the American people are to trust their new services. Failing to prioritize quality and reliability over short-term cost savings could cause the U.S. to face instability in the 5G space and compromise advancement and collaboration opportunities with our allies in the future.
Chris Cummiskey is a former acting under secretary/deputy under secretary for management and chief acquisition officer at the U.S. Department Homeland Security. He is currently a senior fellow with Virginia Tech’s Hume Center for National Security and Technology and is a senior consultant with Cambridge Global Advisors and the chief executive officer of Cummiskey Strategic Solutions, LLC.