Date first published: 04/-9/2020
Key sectors: telecommunications
Key risks: trade restrictions; cyber
There are few technologies that are more controversial and politically explosive than 5G, the fifth-generation technology standard for cellular networks. 5G has reignited the US-China technology war, led Washington to threaten its NATO allies and resulted in a series of bizarre conspiracy theories that link its rollout with the spread of COVID-19. However, both public and government understanding of 5G is limited – which means that it is rife for politicisation by politicians opposed to Chinese expansionism and could lead to a misidentification of the risks attached to the growth of 5G networks.
What is 5G?
5G is an evolution of the existing cellular mobile network. Its advantages over existing 4G networks are increased speed, reduced latency and increased capacity. The importance of 5G is not just the improvements on 4G networks, but the potential value of the applications that can be built on top of it. Just like 4G allows the mass expansion of social media platforms like Instagram and streaming services, 5G’s largest impact is the facilitation of new products, potentially including virtual reality and augmented reality. It would allow thousands of devices (the ‘internet of things’) to send information from a smart city to a cloud, to optimise electricity use and urban management. 5G could enable vehicles to communicate with each other and a traffic management system. If all vehicles were connected to a network, and substantial volumes of data transmitted near instantly, it could effectively manage traffic, reducing bottlenecks and traffic jams, and eliminate accidents even when travelling at much higher speed.
5G is up to 20 times faster than the current 4G network – although in the real-world its performance will rarely reach that level. 5G’s improved performance over 4G is not due to ‘speed’ per se – as 4G systems are already effectively at what is known as the ‘Shannon limit’ – the limitation on the ability to transmit information within a given amount of radio spectrum at a given power. 5G’s greater benefit thus comes from using additional frequencies – although these higher band frequencies are harder to propagate, meaning that they are more likely to be interrupted and distorted by factors such as distance, walls and weather.
5G technology requires electronic instruments to overcome the propagation problem – or else it would be useless for the vast majority of users. Thus, 5G involves substantial investment into improved antennas, which allow a single base-station to talk more efficiently to multiple handsets. A related improvement is smaller cells, so that each tower is providing coverage for a smaller area. In addition, 5G will require fiberisation to support small-cell deployment in urban areas.
While such investment is plausible – particularly in crowded urban areas, it ramps up the costs of deploying a 5G network. For many private provides, the cost of building such a network may not be worth it. Even when companies are willing to build an extensive network, there are only a handful of major companies that can provide the necessary equipment. The three prime players are Finland’s Nokia and Ericsson and China’s Huawei. Huawei’s products tend to be cheaper – in part due to support from the Chinese state. Huawei also has an advantage in providing wireless backhaul, which reduces the need for extensive fiberisation.
Huawei
Huawei has the potential to dominate the 5G sector, but its status as a major Chinese company creates concerns. Huawei is technically a private company, with the majority of the firm owned by its employees. Huawei reports that no outside organisation – including the Chinese government – own shares in the company. There is a lack of transparency over what this actually means and over whether the company is actually majority owned by its employees given how such organisations operate in China. It is eminently plausible that Huawei is effectively state-controlled. Even if not, as a Chinese company it is governed by Chinese laws, which raises concerns that the firm could be forced to share sensitive material with Beijing.
There have been attempts to check the integrity of Huawei’s hardware and software. If sufficiently well designed, it could be secure enough that an outside actor could not access the network. The UK government created the Huawei Cyber Security Evaluation Centre Oversight Board to evaluate the integrity of the company’s products. It found that ‘poor software engineering and cyber security processes lead to security and quality issues, including vulnerabilities’. It noted that if a potential attacker had ‘sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly’. These errors are unlikely to all be deliberate, and are likely a consequence of the complications in designing a network. However, if such errors were known to malicious attackers – potentially including the Chinese government – they could result in either the entire network being shut-off or data stolen from it.
Several governments have allowed Huawei’s participation in the process to build a ‘peripheral network’ but excluded the company from the core. The core is where the network’s most critical controls are located and the most sensitive information is stored, while the periphery includes masts, antennas and other passive equipment. When information is encrypted it cannot be read by anyone who does not have the encryption keys. 5G technology means that voice calls and SMS texts are encrypted with keys that are stored on servers in the core and cannot be read by the access network. Confining Huawei’s participation in the periphery could then reduce the risks to data. However, some internet traffic will still pass the masts in unencrypted form – potentially allowing identification. It is also likely that more unencrypted data would be move to the periphery of the network, as it would save time by reducing the need for devices to communicate with a central core. Even if the traffic is encrypted, base stations could still see the metadata. Control over base stations also could allow the sending of malicious signals into the core, potentially jamming the entire network.
There have been widespread moves by Washington to ban Huawei’s participation from network construction entirely. However, there would still be risks if Huawei had a substantial presence in other countries’ networks. Data transmitted from the US to its partners could be accessed. At least as importantly, an attack on the core of one country could spread to other countries. In effect, if Huawei has a major market share in core countries, it will have the ability to bring down the global internet.
Washington has moved to more aggressive measures to prevent Huawei from being a dominant 5G supplier. In August, the US Department forbid non-US companies from supplying Huawei with any semiconductors based on US technology and added 38 affiliates to the Entity List. Washington’s export controls could prevent Huawei from producing the products necessary to build 5G networks – as if fully enforced it would prevent the company accessing the semiconductors that it requires. Furthermore, the US has pushed its NATO allies, including the UK, to completely exclude Huawei from their 5G networks – and indicated that it would limit data sharing with any of its NATO allies that have Huawei equipment in their networks.
The hidden risks
The focus on Huawei potentially creates two additional risks that may have been underappreciated. Firstly, preventing Huawei from building 5G networks in other major countries is likely to delay 5G deployment in those countries. Thus, China has a first-mover advantage in the development of innovative applications that will run on a 5G network. While the US still has a general advantage in technological capacity, China’s technological ecosystem is rapidly developing and could benefit from its head start to dominate emerging technologies.
Secondly, the focus on Huawei may obscure the more direct threat that 5G creates. 5G provides an increased cyber security risk, as there will be a huge number of connected devices and lots of core material will run off a 5G network. These devices are not only a target of cyberattacks but also potentially vectors through which denial of service attacks could emanate. As more critical infrastructure – including automobiles and healthcare – is based on 5G, the greater are the risks associated to this technology. Although these issues exist independently of which company or companies build the core infrastructure, they are at risk of being ignored due to a single focus on China and Huawei.