In an interview with The Cipher Brief last October, former Chief of the U.K.’s GCHQ and Cipher Brief expert Robert Hannigan explained that one of the biggest questions over the next 10 to 20 years will be how countries like the U.K. manage the supply chain, “particularly the hardware and software supply chains that are increasingly moving to the east?”
Robert Hannigan, Former Director, GCHQ
Former Director, GCHQ
"China already manufactures most of the world’s hardware, whatever the label on it, and is increasingly at the forefront of lots of the world’s leading technologies like artificial intelligence. Look at what they’re investing in, AI, and they will be world leaders in aspects of that, not everything, but in some aspects by 2030. And we’ve got a choice in the West, do we just cut ourselves off from some of this, or do we find a way of managing the risk?"
Bottom Line:
5G is more dependent on artificial intelligence than previous networks and requires more infrastructure. Because of this, equipment and infrastructure companies will play a much larger role in the operation of the 5G network than they did in previous networks, leading to national security concerns.
Background:
- 5G—the fifth-generation of mobile network technology—will enable better use of the radio spectrum to allow for more stable connections, quicker data download and upload speeds, and wider coverage. It also is expected to reduce the current latency time to milliseconds.
- 5G allows for nearly instantaneous connection for larger amounts of data across more devices, including virtual reality and artificial intelligence tools. It is the first cellular network built to accommodate data transmission between devices such as robots, drones, and driverless cars, which will allow anything from a company to an entire city to be operated with less human intervention.
- Major cellular network companies plan to launch their 5G networks in 2019. Companies in China, Japan, South Korea, and the United States currently are at the forefront of 5G technology. The most prominent companies in the 5G market are Huawei, Intel, Ericsson, Nokia, and Qualcomm.
- Concerns are growing that China and other countries with prominent telecommunications companies could use their presence throughout the network to collect data on users and to launch cyber operations.
- The major concern surrounds China’s Huawei—a multinational telecommunications equipment and electronics manufacturer that countries around the world use to run their cellular networks.
- The United States is urging NATO members and other partners to ban Huawei from building infrastructure for their 5G networks, citing evidence that Huawei is affiliated with China’s intelligence and security services.
- Canadian officials arrested Huawei’s Chief Financial Officer Meng Wanzhou on December 1st at the request of the United States. The United States unveiled charges against Huawei and Meng on January 28, 2019 for misleading banks and violating US sanctions. The United States as of early February 2019 was trying to arrange an extradition treaty with Ottawa so that she can be brought to trial.
James Lewis, Sr. Vice President and Program Director, CSIS
"The U.S. is actually doing pretty well in 5G, both in getting ready for deployment, in standards, and in building technology. The problem comes from the collapse of the U.S. telecommunications equipment suppliers years ago – an amazing strategic blunder. We now depend on foreign suppliers, two of whom are Chinese companies with close ties to the Chinese State."
The National Security Risk
Michael Sulmeyer, Director, Belfer Center's Cyber Security Project, Harvard University
"Though the roll-out of 5G across IOT devices may enable far greater connectivity than we've seen before, the risks to national security can still be best viewed through the traditional information security framework that considers the confidentiality, integrity, and availability of data. If and how 5G increases or reduces risks across these three categories may very well have more to do with how its associated technologies are configured when deployed, rather than 5G technology itself being any more or less risky than previous generations."
James Lewis, Sr. Vice President and Program Director, CSIS
"We can divide the risk of using Chinese 5G equipment into several parts. First, the 2017 Chinese intelligence law requires all Chinese companies to cooperate with the state in espionage, when asked. Huawei already has very close ties. Second, providing core networks gives a knowledge advantage than can help Chinese signals intelligence. This comes at a time when Chinese cyber espionage has reached unprecedented levels. Third, China could use its authority over Huawei to get it to disrupt crucial services in the foreign user’s country in the event of a crisis – core telecom equipment is directly connected to the manufacture, to allow it to send software patches and updated, and the updating function could be used for malicious purposes."
Right now, most networks are so badly secured that the Chinese don’t need to use supply chain infection to hack a target, but it’s probably comforting to them to know a poisoned supply chain is in their back pocket should the U.S. ever manage to make networks more secure.
Looking Ahead:
There are a number of important questions moving forward. “How much control will end users have over the privacy and security of their own data and systems that utilize 5G? Will carriers and service providers share that control with individual users, or will individuals find it even harder to shape what happens to the data they generate online”, asks Sulmeyer.
James Lewis, Sr. Vice President and Program Director, CSIS
"What the U.S. needs is a coherent strategy for coordination with key allies on how to deal with the risks from using Chinese equipment. This goes beyond a simple ban, which is unattractive to some. We need standards for secure telecom networks equipment, agreement on how best to mitigate the risk of using Chinese equipment, and a better understanding of what happens when we connect a secure national network to one using Huawei."
Michael Sulmeyer, Director, Belfer Center's Cyber Security Project, Harvard University
"Does the current international security and economics environment warrant a role for the U.S. government in how 5G technology is adopted in the United States, relative to the role it played when 4G/LTE networks became prevalent? What are the risks that come with the U.S. government setting some initial standards or even suggested guidelines regarding security and privacy?"
Get more Cyber/Tech analysis from The Cipher Brief....
Don't just read it, engage with the experts at The Cipher Brief's 2019 Threat Conference March 24-26...
