{"id":61663,"date":"2021-01-01T06:00:31","date_gmt":"2020-12-31T19:00:31","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=61663"},"modified":"2020-12-31T14:36:14","modified_gmt":"2020-12-31T03:36:14","slug":"editors-picks-for-2020-5g-choices-a-pivotal-moment-in-world-affairs","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/editors-picks-for-2020-5g-choices-a-pivotal-moment-in-world-affairs\/","title":{"rendered":"Editors\u2019 picks for 2020: \u20185G choices: a pivotal moment in world affairs\u2019"},"content":{"rendered":"
<\/figure>\n

Originally published 20 January 2020.<\/em><\/p>\n

It is disappointing that the Brits<\/a> are doing the wrong thing on 5G, having not exhausted other possibilities. Instead they have doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei\u2019s access to UK telco networks to insert bad code.<\/p>\n

5G decisions reflect one of those quietly pivotal moments that crystallise a change in world affairs.<\/p>\n

This is partly because the technology itself promises to be revolutionary, connecting not just humans but every device with a chip in it with super-fast, high-bandwidth and low-latency communications. That means if you have the keys to 5G networks, you will be trusted with the nervous system running down the backbone of every country which uses your gear and contracts you to service it. That includes critical infrastructure and safety-critical systems on which the lives and livelihoods of our citizens depend\u2014traffic, power, water, food supply and hospitals. You get to be \u2018The Borg\u2019.<\/p>\n

But 5G is also a touchstone for the coming age because it is the first in a line of revolutionary and highly intrusive emerging technologies in which China has invested heavily. Through means fair and foul, China has built world-leading companies with high-quality, competitive offerings for everything from video surveillance and industrial control systems to artificial intelligence and internet services via hyperscalers such as Tencent and Alibaba. So any decision to exclude Chinese companies from 5G is a threat to China\u2019s economic and strategic positioning.<\/p>\n

Having been caught off guard by BT\u2019s decision to use Huawei equipment in the core of its network, in 2010 the UK government set up a Huawei-funded cybersecurity transparency centre \u2018to mitigate any perceived risks arising from the involvement of Huawei in parts of the UK\u2019s critical national infrastructure\u2019 by evaluating Huawei products used in the UK telecommunications market.<\/p>\n

Australia has taken a different approach and reached a different conclusion<\/a>. I was part of the team in the Australian Signals Directorate that tried to design a suite of cybersecurity controls that would give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks.<\/p>\n

We developed pages of cybersecurity mitigation measures to see if it was possible to prevent a sophisticated state actor from accessing our networks through a vendor. But we failed.<\/p>\n

We asked ourselves, if we had the powers akin to the 2017 Chinese Intelligence Law<\/a> to direct a company which supplies 5G equipment to telco networks, what could we do with that and could anyone stop us?<\/p>\n

We concluded that we could be awesome, no one would know and, if they did, we could plausibly deny our activities, safe in the knowledge that it would be too late to reverse billions of dollars\u2019 worth of investment. And, ironically, our targets would be paying to build a platform for our own signals intelligence and offensive cyber operations.<\/p>\n

Legally compelled access to 5G vendors is game-changing for Chinese intelligence agencies because hacking is an increasingly tough business. The cybersecurity industry has lifted its game mightily over the past decade, and\u2014certainly at the high end\u2014the advantage is currently with the defender.<\/p>\n

The hardest part of hacking is the access problem. How can you get into the network? For that you typically need to find vulnerabilities in the way software operates, which can be weaponised into an exploit. Exploitable vulnerabilities are hard to find. Often they are specific to a piece of equipment or a particular network. Often you need to string a chain of exploits together. And if they are super great, the chances are Five Eyes agencies will need to disclose them, as the US National Security Agency did recently when it found a Windows 10 security flaw.<\/p>\n

As a citizen, I\u2019m glad that hacking is difficult and that Five Eyes agencies think it more important to protect their own national networks than to pursue those of their adversaries.<\/p>\n

But Chinese intelligence agencies have a mortgage on Jack\u2019s proverbial beanstalk\u2014scaled and persistent access to hundreds of foreign telco networks via legally compelled Chinese suppliers of competitively priced, high-quality technology to these telcos.<\/p>\n

Cybersecurity is all about raising the costs for the attacker. Network access through vendors\u2014which need to be all over 5G networks to maintain their equipment\u2014effectively reduces the access cost to zero.<\/p>\n

Much of the 5G debate has been about whether the core of the network\u2014where sensitive data and functions reside in a 4G format\u2014can be protected in a 5G setting. Telcos currently protect the core of their 4G networks by maintaining a physical and logical separation between the core and the less secure, customer-facing edge of the network.<\/p>\n

But with 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network.<\/p>\n

A recent Financial Times<\/em><\/a> editorial<\/a> approvingly cites testimony to UK parliamentary hearings<\/a> last year that \u2018the distinction [between core and edge] would still be valid in Britain, however; geographical differences meant its networks would be designed differently from Australia\u2019s\u2019.<\/p>\n

I struggle to understand what this means. It reminds me of the vague, faux authoritative language techies use to talk down to civilians with humanities degrees. If it means the relative size of the United Kingdom allows its telcos to avoid distributing sensitive data and functions right to the edge of the network, I\u2019m still not convinced.<\/p>\n

Geography is not a factor in how core\u2013edge works. The reality is mature 5G networks actually require the collapse of the core\u2013edge distinction. 5G can only reach its potential for speed and low latency if sensitive functions can happen at the edge of the network close to the customer. And 5G can only realise its cost-saving potential if any function can occur at the most efficient place in the network, wherever that is. In mature 5G networks, sensitive data and functions will be distributed throughout the network in a dynamic way which will be impossible to govern with certainty.<\/p>\n

Sure, many telcos (including in Australia) are already operating networks branded as \u20185G\u2019, on the basis that they deploy new, more efficient 5G radios at the edge of the network. But the hyperconnected, transformational 5G future marketed by the telcos can only be realised if there is no distinction between core and edge.<\/p>\n

Telcos could limit their 5G offerings to smart radios at the edge, but that would be like a layer cake with one layer. Who would buy that?<\/p>\n

In one sense, we should only be moderately concerned about the exposure of sensitive data which in a 5G world would no longer be protected in the network core. Even if an adversary had access to this data, implementation of strong encryption can theoretically protect its confidentiality (are my communications private?) and integrity (have my communications been altered?). This is not foolproof\u2014adversary supercomputers would have direct access to all the ones and the zeros and exploitation of poor implementation of encryption is not uncommon in the signals intelligence game.<\/p>\n

But we should be more concerned about the availability of our data and networks (can I continue to communicate?). Availability, after all, can be controlled by whoever has access to the radio network at the edge. This is a risk we face in 4G networks today.<\/p>\n

The other argument reportedly put to the UK parliamentary committee was that a \u2018diverse supply chain generally makes networks more resilient to technical and security problems\u2019. The obvious question is, which parts of your network are you prepared to put at higher sovereign risk? And, if Huawei is limited to only 35% of the network, isn\u2019t that an admission that there\u2019s a risk which might not be able to be fully mitigated through cybersecurity controls?<\/p>\n

While geography is immaterial in core\u2013edge architectures, it is relevant to another Huawei argument. The company claims Australian farmers are missing out on the revolutionary benefits their Swiss counterparts are reaping from 5G.<\/p>\n

But you don\u2019t need to be William Farrer to work out that (a) 5G communications in cyberspace rely on a very expensive physical network of closely spaced antennae, and (b) Australia is about 188 times the size of Switzerland (our summer bushfires have so far burned an area equivalent to almost five Switzerlands).<\/p>\n

That\u2019s a lot of yodelling.<\/p>\n

At the heart of Huawei\u2019s proposition is the claim that it is cheaper than its competitors. An Oxford Economics report<\/a> commissioned by Huawei last year claims that excluding the company from bidding for our 5G networks will cost Australia<\/a> up to $12 billion in GDP out to 2035.<\/p>\n

Leaving aside the obvious point that digital sovereignty and the integrity of critical infrastructure are priceless, I have not seen any independent analysis of the impact of excluding Chinese vendors from 5G. Beyond the market effects of restricting competition, any serious analysis would also need to consider the following factors:<\/p>\n