This article, by Sherri Ramsey, originally appeared in The Huffington Post UK on June 4th, 2019.
On the heels of President Trump’s Executive Order that would ban Chinese telecommunications equipment maker Huawei from the United States, the company held a flashy event in London to mark the launch of its newest phone. This came as the President prepares next week to urge Theresa May to eliminate the firm from the development of 5G wireless networks in the UK.
Despite warnings from New Zealand and Australia, and continued calls from U.S. officials to ban Huawei equipment from 5G networks, the UK Government earlier this month determined that Huawei will be permitted to play a role in its development of 5G – a decision that could have lasting implications for the security of the UK’s telecommunications networks.
What does “5G” – or fifth generation – actually mean? It is a quantum leap in communications technology. For the first time, the entire world, from governments to businesses, will be connected seamlessly, with artificial intelligence and machine learning integrated into almost every facet of life. While the economic and social implications are becoming clearer, this technology also has serious implications for military interests and national security. The introduction of a new, and fundamentally different, technology like 5G brings massive cybersecurity complexities and thus, risks.
Huawei has spent the last several years establishing its dominance at an astonishing rate, installing equipment in wireless networks worldwide. Its success in part, is due to the Chinese firm offering its equipment to countries at below market costs (The Chinese government has been accused of subsidising this activity). As U.S. Acting Defense Secretary Patrick Shanahan said of countries working with Huawei, “As they pursue economic advantages of purchasing low cost equipment, they’re forgoing security.”
In March, the UK’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, a subset of the UK’s National Cyber Security Centre, again warned of significant vulnerabilities and “defects” in Huawei’s networking equipment. The Board determined that the UK government could only “provide limited assurance” that all risks to “national security” could be “sufficiently mitigated long-term.”
The reported software flaws in Huawei’s 5G equipment should elicit considerable apprehension as they’ve been cited as significant “cyber security and availability risks.” In layman’s terms, nations should be concerned that Huawei’s 5G networks are potentially susceptible to exploitation and attack by hackers, cyberterrorists, or even nation states.
The discussion and debate regarding Huawei’s equipment cannot be kicked further down the road: it needs to happen now. In fact, it should have been happening a decade ago.
At the crux of the security concerns are three variables. The first, is that China’s 2017 national intelligence law compels companies, such as Huawei, to fully cooperate with the government’s intelligence operations, in essence making the “private” company an extension of the government. While Huawei protests claims that it reports to the Chinese government, the HCSEC findings make it clear that the privacy of information that flows across and through Huawei products cannot be ensured.
The second is that many countries around the world have little choice when it comes to 5G equipment vendors. Huawei’s equipment is already in half of the world’s 4G networks and has been designed so that it is not interoperable with other vendors.
Further, Huawei is the only company unwilling to come to the table on interoperability and as a result the global supply chain is at risk of being monopolized by their products. This would mean all future network generations worldwide would be dependent on China’s Huawei.
The final issue is intelligence cooperation. The UK sits at a unique intersection of NATO, European intelligence services, and the “Five Eyes” network of the US, UK, Canada, Australia and New Zealand. Due to their vulnerabilities, there is no guarantee that the information gathered via Huawei technology could be trusted. Fighting terrorism – domestic and overseas – relies on intelligence cooperation.
While the UK Cabinet has indicated Huawei could play a role in developing non-core technologies in the UK, President Trump has chosen an outright ban of the technology.
Is there a way to bridge this widening transatlantic rift? The answer is yes, but time is of the essence. Together, we should first focus on breaking any sort of end-to-end control by a single equipment manufacturer within the global network. We must demand interoperability by all equipment manufacturers, to limit the exposure and the potential for one global provider. Furthermore, the U.S., U.K., and other global partners must strongly participate in all international forums that foster universal standards for 5G (particularly those that prioritise security, such as the proposals set forth during the Prague 5G Security Conference).
This is not a panacea. Difficult conversations will still be needed in Washington, London and elsewhere in the coming months. These first steps could, however, ensure that global mobile communications will be protected for subsequent generations. The security of the 5G network is finally getting the attention it deserves.
Sherri Ramsay is the former Director of the U.S. National Security Agency/Central Security Service Threat Operations Center (NTOC) and a former member of the Armed Forces Communications Electronic Administration (AFCEA) Board of Directors. She currently works as a cyber-security consultant