{"id":49150,"date":"2019-07-17T06:00:30","date_gmt":"2019-07-16T20:00:30","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=49150"},"modified":"2019-07-16T17:35:18","modified_gmt":"2019-07-16T07:35:18","slug":"weighing-the-risks-in-building-a-5g-network","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/","title":{"rendered":"Weighing the risks in building a 5G network"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"708\" class=\"alignnone size-full wp-image-49152\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957-205x142.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957-768x531.jpg 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>The global debate has shifted beyond why we shouldn\u2019t trust Chinese telecommunications company Huawei to why we can\u2019t trust any equipment vendor. How can we trust US companies after the Edward Snowden <a href=\"https:\/\/www.businessinsider.com.au\/snowden-leaks-timeline-2016-9?r=US&amp;IR=T\" target=\"_blank\" rel=\"noopener noreferrer\">disclosures<\/a>? Doesn\u2019t the US also spy?<\/p>\n<p>One way to look at mobile telecommunications networks is to divide them into two parts: a \u2018core\u2019 where sensitive functions such as billing and subscriber management occur, and a less sensitive radio access network, or RAN, which manages how towers talk to handsets.<\/p>\n<p>In the RAN equipment sector, Huawei\u2019s competitors are Ericsson, Nokia, Samsung and NEC. Beyond the RAN in the rest of a 5G network there are many other vendors, including US companies such as IBM, Hewlett-Packard, Juniper and Cisco.<\/p>\n<p>In the past, the Australian government excluded \u2018high-risk vendors\u2019\u2014vendors the government had security concerns about\u2014from the core of critical networks. In 2012, for example, Huawei was <a href=\"https:\/\/www.reuters.com\/article\/us-australia-huawei-nbn\/australia-blocks-chinas-huawei-from-broadband-tender-idUSBRE82P0GA20120326\" target=\"_blank\" rel=\"noopener noreferrer\">banned<\/a> from Australia\u2019s National Broadband Network, and this informal policy was applied to Australia\u2019s 4G mobile network. Huawei equipment was used in the RAN but not in the core of Australian networks.<\/p>\n<p>But the <a href=\"https:\/\/asd.gov.au\/speeches\/20181029-aspi-national-security-dinner.htm\" target=\"_blank\" rel=\"noopener noreferrer\">assessment<\/a> by the Australian Signals Directorate, Australia\u2019s signals intelligence and information security authority, was that \u2018the distinction between core and edge collapses in 5G networks\u2019 and so \u2018a potential threat anywhere in the network will be a threat to the whole network\u2019.<\/p>\n<p>Given that we can no longer restrict vendors to the low-risk part of our telecommunications infrastructure, how should we think about the decision to trust a foreign vendor with supplying equipment for our 5G network?<\/p>\n<p>For all vendors of critical infrastructure, there\u2019s what I call product risk\u2014the risk that a product won\u2019t perform as described, is insecure and will have bugs or flaws that will affect its security and reliability. Some vendors may have better processes than others and therefore make better or more reliable products and have lower levels of risk. A technical assessment of products from different vendors would be useful to determine the relative levels of product risk.<\/p>\n<p>Coercive state policies are a second, separate source of risk that should be considered. A state may coerce or compel a vendor in a way that could damage another state\u2019s critical infrastructure or make it less secure. Everyone thinks of back doors, but that\u2019s only one type of coercion. An engineer could be compelled to give up passwords or to provide network infrastructure diagrams. Or an employee could use their access to the system to change something consequential, but perhaps in a way that is difficult to detect. This is a geopolitical risk that really should be examined at the national level as it\u2019s not clear to me that individual companies can make risk assessments of this kind.<\/p>\n<p>Without an entirely indigenous supply chain, there\u2019s always some element of this type of geopolitical risk, so decisions must be made to reduce or manage the risk. That sometimes means choosing the lesser of two evils.<\/p>\n<p>A number of factors make me think that the risk from Chinese vendors is far higher than it is with vendors from the US and most other countries.<\/p>\n<p>The first has to do with the rule of law. In China, legislation tends to support the Chinese Communist Party rather than being independent of it. Chinese companies and individuals <a href=\"https:\/\/www.aspistrategist.ru\/huawei-and-the-ambiguity-of-chinas-intelligence-and-counter-espionage-laws\/\" target=\"_blank\" rel=\"noopener noreferrer\">can be compelled<\/a> to assist in intelligence-collection efforts. Prominent Chinese citizens <a href=\"https:\/\/www.theguardian.com\/film\/2018\/oct\/04\/fan-bingbing-mysterious-disappearance-chinese-film-star-elite\" target=\"_blank\" rel=\"noopener noreferrer\">disappear<\/a> without explanation. In the US, by contrast, technology companies have publicly opposed state lawful access orders\u2014for example, the <a href=\"https:\/\/www.wired.com\/story\/the-time-tim-cook-stood-his-ground-against-fbi\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Apple v FBI<\/em> case<\/a> over a locked iPhone and a <em><a href=\"https:\/\/www.theverge.com\/2018\/2\/26\/17052946\/microsoft-email-supreme-court-case-law-enforcement\" target=\"_blank\" rel=\"noopener noreferrer\">US v Microsoft<\/a><\/em> case on extraterritorial data\u2014so there\u2019s at least some transparency. Anecdotally, I\u2019ve heard that tech companies in China may \u2018go slow\u2019 on government access orders\u2014but they never say no.<\/p>\n<p>Second, there\u2019s the Chinese state\u2019s history of wide-ranging cyberespionage. I\u2019m particularly talking about <a href=\"https:\/\/ustr.gov\/sites\/default\/files\/Section%20301%20FINAL.PDF\" target=\"_blank\" rel=\"noopener noreferrer\">theft of intellectual property<\/a> for commercial gain; in some cases the People\u2019s Liberation Army has <a href=\"https:\/\/www.justice.gov\/opa\/pr\/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor\" target=\"_blank\" rel=\"noopener noreferrer\">created databases<\/a> for Chinese companies to sift through the intelligence that it has gathered for them. Regardless of the scope of US espionage, there are no examples of the US directly aiding its own companies in that way.<\/p>\n<p>Third, China has a history of supply-chain attacks in which vast numbers of devices are compromised to reach a small number of targets. The <a href=\"https:\/\/www.reuters.com\/article\/us-china-cyber-hpe-ibm-exclusive\/exclusive-china-hacked-hpe-ibm-and-then-attacked-clients-sources-idUSKCN1OJ2OY\" target=\"_blank\" rel=\"noopener noreferrer\">Cloudhopper attack<\/a> involved the Chinese Ministry of State Security\u2019s compromising of contracted IT service providers to steal corporate secrets from their customers. When CCleaner, a software utility tool, had its update process <a href=\"https:\/\/www.vice.com\/en_us\/article\/7xkxba\/researchers-link-ccleaner-hack-to-cyberespionage-group\" target=\"_blank\" rel=\"noopener noreferrer\">subverted<\/a>, the computers of 700,000 customers were infected in order to upload more complex malware to just <a href=\"https:\/\/blog.talosintelligence.com\/2017\/09\/ccleaner-c2-concern.html\" target=\"_blank\" rel=\"noopener noreferrer\">tens<\/a> of individual computers in high-tech companies and telcos, including Intel, Microsoft, Cisco and Vodafone. Similarly, the Taiwanese hardware company ASUS had its software update tool <a href=\"https:\/\/www.vice.com\/en_us\/article\/pan9wn\/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers\" target=\"_blank\" rel=\"noopener noreferrer\">compromised by Chinese hackers<\/a> and half a million innocent customers were affected to reach just hundreds of target computers.<\/p>\n<p>By contrast, the US approach to compromising supply chains\u2014<a href=\"https:\/\/arstechnica.com\/tech-policy\/2014\/05\/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant\/\" target=\"_blank\" rel=\"noopener noreferrer\">intercepting shipments<\/a> destined for target organisations\u2014is extremely precise. From the perspective of an innocent bystander, the Chinese approach undermines trust in the entire tech ecosystem; the US approach is far less likely to cause collateral damage.<\/p>\n<p>Finally, taking an Australian perspective, when it comes to the constellation of non-China-based 5G equipment vendors\u2014in the US, Finland, Sweden, Korea and Japan\u2014it\u2019s very difficult to imagine ourselves in a military conflict with these countries anytime soon. But we could very plausibly end up in a conflict involving China within a matter of weeks or months.<\/p>\n<p>An accident in the South China Sea or some confrontation in the Taiwan Strait could lead the US and China into conflict. Washington would probably ask for our assistance, even if just for moral support\u2014and we\u2019ve never said no when the US has asked. In such a scenario I find it impossible to believe that China wouldn\u2019t seriously consider using our networks against us\u2014if it had access.<\/p>\n<p>So it is all about trust, but I think there are very good reasons to trust some countries more than others.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The global debate has shifted beyond why we shouldn\u2019t trust Chinese telecommunications company Huawei to why we can\u2019t trust any equipment vendor. How can we trust US companies after the Edward Snowden disclosures? Doesn\u2019t the &#8230;<\/p>\n","protected":false},"author":618,"featured_media":49152,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[2268,52,2267,1369],"class_list":["post-49150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-5g","tag-china","tag-huawei","tag-telecommunications"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Weighing the risks in building a 5G network | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weighing the risks in building a 5G network | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The global debate has shifted beyond why we shouldn\u2019t trust Chinese telecommunications company Huawei to why we can\u2019t trust any equipment vendor. How can we trust US companies after the Edward Snowden disclosures? Doesn\u2019t the ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-16T20:00:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-16T07:35:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"708\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tom Uren\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Uren\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg\",\"width\":1024,\"height\":708,\"caption\":\"LUOYANG, CHINA - FEBRUARY 27: China Mobile 5G signal tower is seen outside Luoyang Municipal People's Congress conference center on February 27, 2019 in Luoyang, Henan Province of China. The 5G network has been applied in the live broadcasting of Luoyang Municipal People's Congress and Luoyang Municipal People's Political Consultative Conference. (Photo by VCG\/VCG via Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/\",\"name\":\"Weighing the risks in building a 5G network | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#primaryimage\"},\"datePublished\":\"2019-07-16T20:00:30+00:00\",\"dateModified\":\"2019-07-16T07:35:18+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weighing the risks in building a 5G network\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\",\"name\":\"Tom Uren\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"caption\":\"Tom Uren\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Weighing the risks in building a 5G network | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/","og_locale":"en_US","og_type":"article","og_title":"Weighing the risks in building a 5G network | The Strategist","og_description":"The global debate has shifted beyond why we shouldn\u2019t trust Chinese telecommunications company Huawei to why we can\u2019t trust any equipment vendor. How can we trust US companies after the Edward Snowden disclosures? Doesn\u2019t the ...","og_url":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2019-07-16T20:00:30+00:00","article_modified_time":"2019-07-16T07:35:18+00:00","og_image":[{"width":1024,"height":708,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg","type":"image\/jpeg"}],"author":"Tom Uren","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tom Uren","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2019\/07\/GettyImages-1132495957.jpg","width":1024,"height":708,"caption":"LUOYANG, CHINA - FEBRUARY 27: China Mobile 5G signal tower is seen outside Luoyang Municipal People's Congress conference center on February 27, 2019 in Luoyang, Henan Province of China. The 5G network has been applied in the live broadcasting of Luoyang Municipal People's Congress and Luoyang Municipal People's Political Consultative Conference. (Photo by VCG\/VCG via Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/","url":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/","name":"Weighing the risks in building a 5G network | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#primaryimage"},"datePublished":"2019-07-16T20:00:30+00:00","dateModified":"2019-07-16T07:35:18+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/weighing-the-risks-in-building-a-5g-network\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Weighing the risks in building a 5G network"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a","name":"Tom Uren","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","caption":"Tom Uren"},"url":"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/49150"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/618"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=49150"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/49150\/revisions"}],"predecessor-version":[{"id":49156,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/49150\/revisions\/49156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/49152"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=49150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=49150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=49150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}