Keeping Huawei equipment out of the US is not enough to secure 5G

The Trump administration's efforts to protect the security of fifth generation wireless networks, or 5Gs, by limiting the deployment of Chinese technology nationally and globally, combine business and cybersecurity policies. In both cases, this should not be considered sufficient.

The planned ban by the administration on Huawei and other Chinese companies to provide infrastructure for national 5G networks comes in the context of President Trump's positioning on the 5G under the umbrella of A "race" between the United States and China, a metaphor that obscures more than it sheds light on. The President will undoubtedly declare that the ban, if it comes to fruition, is an important victory in this race. It is important, however, not to be distracted by a favorable title and to consider the measures necessary to achieve the security objectives of the US national network.

Bright objects and serious safety

Huawei and other Chinese telecommunications equipment companies are subject to extensive Chinese laws and policies requiring them to participate in "intelligence work". They have deep and opaque links with a State Party that has expanded its presence in Chinese companies and has benefited from a massive campaign. against computer theft of state-sponsored foreign IP and has launched extensive national digital surveillance programs with little or no procedural constraints. In itself, the relationship between Huawei and the Chinese state should be reason enough to keep Huawei out of America's 5G infrastructure and that of our allies.

The major US wireless networks have voluntarily taken into account government warnings, which dated back to the Obama administration, by not buying Huawei equipment. In response to some small rural wireless companies having purchased Huawei hardware, the Federal Communications Commission (FCC) under the Trump administration announced that these companies should not be eligible for federal subsidies to rural areas .

But keeping Chinese hardware away from most US network infrastructure does not necessarily mean preventing foreign spying or sabotage of these networks by outsiders. We must not be fooled by a false sense of security by an enlightened and promoted decision about the material. After all, the Internet is about interconnecting disparate networks; keep the Chinese material on the outside does not mean keeping the original Chinese numerical code.

A 5G network is essentially a set of microprocessors that quickly send packets of data between them. Ensuring that these microprocessors do not run Chinese software is one thing, but protecting the software they run and the applications they run is even more important. The goal of effective 5G cybersecurity should be to anticipate and improve foreign attackers who exploit Internet connections for their own ends through any of these vectors.

Russians, Iranians, North Koreans and others have already proven their ability to penetrate American networks to cause harm – and the networks they penetrated did not use Chinese material. Focusing solely on the physical network, is to fool oneself into a false sense of accomplishment and ignore a clear record of opponents operating a non-Chinese infrastructure.

The challenge of 5G cybersecurity is all the more difficult as it is an evolution compared to 4G technology from more than ten years ago – a lifetime in terms of cyberexploitation. In the United States, the introduction of 5G mobile networks will rarely be a new construction. The expansion of the 5G usually begins with the addition of spectrum capacity and processing power to the existing 4G-LTE network to allow for higher data throughput. AT & T has named its current offering 5G "5G-E" (for "Evolution") illustrates this evolving reality. Cybersecurity for 5G must also touch previous generations of wireless technology.

In short, the challenge of 5G cybersecurity is much more complicated than simply managing network equipment and Huawei. Devices that connect to 5G can also be cyber threats. In 2016, key Internet activities were shut down, low-cost Chinese chips in security cameras and digital video recorders (DVRs) were hijacked by malicious hackers to become attacking bots, destroying several Internet domains. The Internet of Things will soon connect tens of billions of smart devices, which means that the management of the Internet supply chain is essential. Limiting Huawei is important, but not if it became the excuse "we did something" to ignore other imminent cyber-risks.

Missed Opportunities in Cybersecurity 5G

The Trump administration has already missed important opportunities to offer significant 5G cybersecurity beyond the ban on network equipment.

At the beginning of the new administration, the FCC Trump eliminated two 5G cybersecurity efforts undertaken by the commission under the Obama administration. The first of these was to demand that the new international standard for 5G incorporate built-in cybernetic protections. To support this effort, the FCC opened a formal procedure called "Notice of Inquiry" in which it asked the best US technical experts to make suggestions on how to design cybersecurity in 5G from the start. This was the first time the government required cybersecurity to be an integral part of developing a new telecommunication standard rather than an add-on, but it did not fit the FCC's anti-regulation approach. of Trump.

Under the Trump administration, the FCC also overthrew another Obama era policy and asked if it had a role to play in monitoring operators' cybersecurity programs. The agency charged with ensuring that the country's networks protect public safety and national security has instead substituted the government's anti-regulation initiative for the loss of cyber security responsibilities.

The importance of the elimination of 5G Cyber ​​Protection by the FCC Trump has been strangely enhanced by a National Security Council investigation into cybersecurity threats resulting from the new network. The study concluded that these threats were so important that the only way to maximize cybersecurity was for the government to manage the 5G network. Although the recommendation was immediately rejected, it is a powerful recognition of the importance of 5G's national security issues. At the same time, one of the critics of the CNS report – that even a government-run network is as secure as anything connected to it – reinforces the scale of the cyber threat and explains why the FCC must engage in cybersecurity efforts.

Opportunities for US Leadership on 5G

Although Huawei's administration efforts are bearing fruit in some countries, others will not be able to withstand the company's low-cost strategy. The 5G cybersecurity gap will only increase if the US limits its commitment to pressuring other countries to exclude Huawei technology from their networks. With companies in several countries playing an important role in supplying 5G network components, the United States can only achieve great things on their own. The US government should lobby for multiple stakeholders to develop common approaches to supply chain diversification, to ensure an open and transparent international 5G standardization process and to promote voluntary agreements on safety standards. Whether or not Huawei is banned from building the US 5G network infrastructure, Chinese networks and equipment will connect to US networks. The United States must therefore take proactive measures to remedy this.

US leadership on 5G must also be part of an overall US technology competition strategy. Part of this strategy is to reduce Chinese business and investment practices that benefit companies like Huawei, but undermine the fair competition of US companies whose market share and innovation advantage is eroding. China's distorted industrial policies. This is a priority both economically and nationally, given the importance of 5G technologies for the operation of military and critical infrastructure. US trade negotiators urge China to engage in structural reforms ranging from government subsidies to state-sponsored cyber espionage, for these reasons (among others).

Of course, it is possible that the crackdown on Huawei and the related efforts to protect American technology may reinforce the views in China that Trump's trade war is simply a broader effort by Washington to thwart the rise of China. This reaction could prompt China to double its aggressive government policies to reduce its reliance on US semiconductors and other technologies. For this reason, as with the cybersecurity challenge, it is critical that the United States gains the support of like-minded allies who broadly share US concerns about discriminatory business practices that distort Chinese commerce. At the same time, it is also important for the United States to seek cooperation with China in areas where enhancing the technological strengths of both countries can generate mutual benefits without undermining their legitimate security interests.

US technology and trade policy can only be reactionary. It must include aggressive leadership both to protect American networks and to promote American technology. This includes redoubled government investments in basic research and regulatory expectations that 5G security will not be decided unilaterally by those building the network. Any national effort must prioritize not only STEM skills, but also cybersecurity skills, especially in university programs and worker education.

Even though the United States is taking legitimate measures to protect national security in 5G's infrastructure and operations, they must not give in to the impulse to close the US economy to investments, capital and talent stimulating innovation, which have made the United States a technology leader. . The open US economic model – and not the China-led approach – offers the best chance of realizing the enormous opportunities offered by 5G while mitigating its multiple risks.

Source link