For the US, managing risk in the 5G supply chain means trusting the companies that provide the technology, but, for the director of the Technology Policy Program at the Center for Strategic and International Studies, “the root of the 5G problem is Chinese espionage and predatory practices.”
Today, James Lewis, Senior Vice President and Director of the Technology Policy Program at the Center for Strategic and International Studies, testified before the Senate Committee on Commerce, Science, and Transportation in a hearing called “5G Supply Chain Security: Threats and Solutions.”
Lewis believes the US is on trackto beat China in rolling out 5G technology, claiming, “China does not lead in 5G,” and that “the US is well positioned to take advantage of 5G technology, just as it did with 4G.”
“The root of the 5G problem is Chinese espionage and Chinese predatory economic practices”
However, unlike the previous 4G rollout where the US was the obvious global leader, the rollout of 5G represents the first time America has had major competition in this space with the emergence of Chinese companies like Huawei and ZTE.
“The difference this time is we have real competition, a competitor who is well resourced, with a strong technology workforce, and a long record of unscrupulous behavior,” Lewis testified.
He added that the US and China were neck and neck on 5G development, stating, “American and Chinese deployments are roughly equivalent, with 57 cities in China that have 5G as opposed to 50 in the US.”
But why does it matter if China is successful in rolling out 5G internationally?
“The root of the 5G problem is Chinese espionage and Chinese predatory economic practices,” Lewis testified.
“Chinese companies also face trust issues, since any Chinese-made device that connects to the internet could be exploited by Chinese intelligence agencies,” he added.
The US is worried that its allies will allow companies like Huawei and ZTE to build their nations’ 5G infrastructures and thus allow the Chinese Communist Party unfettered access to that data — which could include sensitive information pertaining to national security.
Given China’s history of intellectual property theft, it seems reasonable not to work with Chinese telecoms, but it gets more complicated than that.
For some countries, an outright ban of Chinese telecoms looks like a good approach to securing the 5G supply chain; however, for a country like Germany, a full ban on Chinese telecoms could have negative economic consequences.
According to Lewis, China plays hardball with the countries it deals with — threatening to retaliate economically against countries that don’t succumb to its will.
Germany is facing such a dilemma.
“If it bans Huawei, the Chinese have explicitly threatened to retaliate again German auto exports, and China is Germany’s largest market – China is playing hardball,” Lewis testified.
“German car companies have reportedly asked Chancellor Merkel not to ban Huawei. However, if Germany uses Huawei, China’s intent is to use espionage to hollow out the German industry, and in particular the auto industry,” he added.
In a case like Germany’s, a partial ban like the one the UK implemented may be its only perceivable choice.
“If countries ultimately choose a partial ban, we will need to work with them to ensure that it is well implemented,” said Lewis.
Lewis went on to say, “It is much easier to tell a story of gloom and peril, but it’s not a good guide for law or policy. There are, however, steps we need as part of a comprehensive approach to 5G.”
For Lewis, the three most difficult challenges are:
- Rebuilding the sources of American technology leadership
- Effectively partnering with allies
- Resisting China’s efforts to use espionage and predatory trade practices to attain dominance.
“These are not unique to 5G and it is important to see 5G as only a part of a larger technological competition,” added Lewis.
Alternatives to Chinese Telecoms and 5G Security Recommendations from Ericsson and Nokia
There are five companies that sell telecom network technologies:
– Ericsson, Huawei, Nokia, ZTE, and Samsung.
Instead of choosing Huawei or ZTE, the US State Department suggests going with Ericsson (from Sweden), Nokia (from Finland), or Samsung (from South Korea), because they “offer excellent equipment at competitive costs and are not subject to the whims of authoritarian regimes.”
“Huawei is not the only supplier of 5G technology, nor is it the best equipment available. In fact a review by a European intelligence agency found Huawei was the most vulnerable to intelligence exploitation because of engineering and software problems,” Lewis testified today.
“Security is inextricably tied to the successful development of 5G networks – without one, you simply do not have the other”
“Security is inextricably tied to the successful development of 5G networks – without one, you simply do not have the other,” said Boswell.
For Boswell, “Being first in 5G deployment is not merely an honorarium – it is a meaningful step toward a secure 5G ecosystem.”
The Ericsson head of security suggested that Congress could accelerate 5G deployment in the US by taking the following near-term actions:
- Increase spectrum availability, especially mid-band
- Put in place reasonable, streamlined small cell siting rules
- Develop and deploy a skilled tower workforce
- Ensure effective incentives to encourage 5G deployment in rural areas.
Boswell recommend that the Senate Committee take the following steps:
- Pass, implement, and oversee 5G security legislation
- Support actions to accelerate 5G deployment
- Continue to enable a secure and robust marketplace of trusted suppliers in the U.S. and globally
- Continue to hold hearings on the subject of 5G security
“An important element of ensuring a secure supply chain for communications equipment is guaranteeing that the trusted suppliers already providing equipment to the US market can compete at a global scale and on fair terms”
- Identify best practices in design for security, supply chain validation and post-sale support and encourage the adoption of those practices
- Rather than focus on countries of origin for component sourcing or manufacturing, specify the components or activities that give rise to the risk of exploitation or manipulation.
“Not all components and products create risk. Narrowing the focus to specific components or products with risk will assist suppliers in making critical and cooperative decisions with governments about supply chain activities,” Murphy testified.
“An important element of ensuring a secure supply chain for communications equipment is guaranteeing that the trusted suppliers already providing equipment to the US market can compete at a global scale and on fair terms,” he added.
When 5G becomes more prevalent and creeps into connected smart devices, the need for security will be even greater when all these devices start sharing data on a 5G network.
When all those sensors, cameras, and microphones are connected, who would you trust to run the 5G network powering it all?