The advent of 4G technology in 2006 and subsequent Smartphones completely changed the world of communication. Now 5G, which will be able to support billions of newly connected sensors and new classes of devices, stands to make an exponentially larger global impact. With 5G’s expanded accessibility to internet services across all industries, it’s even more imperative to highlight privacy issues, national security and defense risks.
Wireless carriers are investing billions of dollars into 5G technology, requiring an entirely new approach to network infrastructure and management. Once up and running, 5G will support the Internet of Things (IoT) devices, self-driving cars, smart city deployments, emergency services, healthcare systems, energy, oil and gas, aviation, pharmaceuticals and others.
However, this does not come without risks.
With all this data—personal, corporate, economic and government—traveling across a new network designed to be easier to access, the 5G network is at greater risk of espionage, infiltration and theft. Such criminal activity will impact our national economy, not by one big catastrophic event, but through smaller and smaller, practically invisible events.
Distributed Denial of Service attacks (DDoS) are already becoming more widespread. One of the most notorious—the 2016 Dyn cyberattack—was facilitated by unsecured IoT devices, specifically, security cameras, printers, and baby monitors. The hacker groups Anonymous and New World Hackers allegedly took control of thousands of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet, and used it to launch sustained attacks against the cloud service provider.
Huawei and the Chinese government
Huawei, based in China, is the world’s largest network services provider and at its current growth it is on track to become the world’s largest 5G network provider.
The challenge is that no Chinese company is fully independent of China’s government, which reserves the right to require companies to assist with intelligence gathering. Huawei CEO Ren Zhengfei is a former technologist in the People’s Liberation Army. As his business grew, so did international concerns about whether China could use Huawei equipment to spy on companies and governments around the world.
In 2003 Cisco accused Huawei of stealing intellectual property. The companies settled out of court. However, over the years Huawei has been accused of stealing other firms’ intellectual property and violating international economic sanctions.
Chinese government stealing GE intellectual property
On April 23 the FBI indicted a former GE engineer and a Chinese businessman, charging them with economic espionage and theft of GE intellectual property. “Xiaoqing Zheng of New York and Zhaoxi Zhang of Liaoning Provide, China…received financial and other support from the Chinese government and coordinated with Chinese government officials to enter into research agreements with Chinese state-owned institutions to develop turbine technologies.”
This is not an isolated incident, looking at recent history:
- a U.S. Navy contractor and stole highly classified data.
- Lockheed Martin for its F-35 warplane design and undersea warfare systems.
- 2008 presidential election campaigns of John McCain and Barak Obama.
- White House networks 2015.
- Australian companies through Operation Cloud Hopper, even though they signed a bilateral agreement pledging not to steal each other’s commercial secrets.
- OPM Breach 22 million records of federal employees were stolen.
- US company Boyusec conducted espionage against the US government backed by the Chinese government.
It no wonder that in a recent national intelligence brief it was stated that China is the number 1 collector of US national secrets and private sector intellectual property.
How other countries are responding
In March the UK government identified concerns about the engineering quality of Huawei systems. Specifically, the report stated it “identified poor software engineering" and a lack of "cybersecurity hygiene."
Additionally, the technical director at GCHQ’s National Cyber Security Centre has called Huawei’s security “very, very, shoddy” and their “engineering like it’s back in the year 2000.” In response Huawei stated they are allocating two billion dollars to address these issues.
Why is the world’s largest manufacturer of telecommunications equipment so far behind the rest of its competitors? Or was this “poor design” done on purpose? Digital back doors are the least of the concerns. It’s easier to poorly design a system so that it is inherently less secure and more susceptible to intrusion and illegal access. Companies can then have some plausible deniability when breaches happen. Plus, China could use the 5G network to conduct espionage.
Yet despite the evidence, in April 2019 the British Prime Minister said the British government would allow limited deployment of Huawei technology to support the 5G implementation across the United Kingdom.
Australia on the other hand, aligned themselves with Japan, Taiwan and the U.S. and denied Huawei and ZTE access to the Australian economy. In an interview with CNBC, former Australian Prime Minister Malcolm Turnbull said the decision was based on "hedging against future risks" on the high-speed networks.
As business owners, citizens and policymakers consider the value and impact of 5G across the US, here are seven questions that need to be considered:
- Should the 5G network providers (AT&T, Verizon, Sprint, T-Mobile) be responsible and accountable for cyber breaches or attacks that travel across their network?
- What responsibilities should be placed on the supply chain that supports 5G services?
- Should there be an “off” switch, that could be used in case of a large breach? This could stop and contain an attack and limit the impact.
- Should 5G providers be required to create redundant and resilient systems in case of outages etc.?
- Should the 5G services provided to local, state and federal agencies be segmented from 5G networks that are providing consumer services?
- When the theft of personal data or corporate data occurs because of poor network security who will be responsible for remediation and remuneration to customers?
- How can 5G providers secure economic, defense and national security data?
These are challenging questions. However, they need to be answered. 5G promises a lot of innovation, an innovation that we have not yet begun to realize. However, when building out new technology and the Engineering and planning of worst-case scenarios before they happen is always a wise decision. We need to ensure that we as a nation, as consumers, as citizens who are all responsible for cybersecurity, consider, analyze and ask and answer these questions.
Have a different POV? Submit it by hitting the POV button below.
Interested in engaging with experts on issues like this in The Cipher Brief's new Cyber Initiatives Group? Drop an email to Editor@thecipherbrief.com to be the first to get information about the new group launching in June.
Read also Who Should Give the Kill Command?
