This article is adapted in part from written testimony the author submitted to the Joint Committee on the National Security Strategy of the Parliament of the United Kingdom.
The promise of 5G, the next generation of wireless communications technologies, is alluring. New capabilities enabled by much greater bandwidth at higher speeds and lower latency than is possible today are expected to transform the economy and society of the United States. These include autonomous vehicles, telemedicine, and a true “Internet of Things” that connects millions of devices, machines, objects, and people. 5G also has important national security applications, such as improving military communication and situational awareness. The fact that, at present, there is no American company that can provide a complete 5G rollout is a concern. As such, the United States should consider new approaches to 5G that increase interoperability, security, vendor diversity, and operator growth.
A common refrain is that 5G could be among the most consequential technological innovations in human history, ushering in a fourth industrial revolution in a few years’ time. While such exuberance should be tempered by the fact that this transformation will almost certainly need longer time to take place, the fact remains that 5G will be the backbone of the global internet economy. It is essential, then, that 5G networks are secure, reliable, robust, and resilient.
There is ample reason to worry that this might not be the case. American officials have significant concerns about the integrity of global 5G networks. These concerns are valid due to the prominent role that Huawei—a large Chinese telecommunications firm—plays in the international telecommunications sector and the nascent 5G rollout. Huawei seeks to capitalize on its outsized market share (29 percent) for telecommunications equipment by quickly securing new 5G contracts around the world.
The concerns over Huawei are not new-publicly known examples date at least as far back as 2001-nor are they exclusively American ones. The governments of Australia and the Czech Republic are early thought leaders in articulating the risks associated with having Huawei equipment on a country’s 5G networks. An EU risk assessment on the cybersecurity of 5G networks published in October 2019 makes note of the same vulnerabilities and risk scenarios that U.S. officials have, although the EU report does not refer to China or Huawei by name.
There are three broad categories of concern associated with 5G generally and Huawei specifically: security, critical infrastructure integrity, and supply chain diversity. Security concerns primarily include cybersecurity and espionage. Poor software development poses undue risk, and Huawei has been shown to have exceedingly insecure practices. This unease is especially acute with 5G because the technology will be fully intertwined with the digital economy, with potential life or death consequences given its role in vital infrastructure. There are also traditional espionage concerns as many actors could use 5G networks for spying. Huawei’s murky relationship with the Chinese Communist Party, China’s intelligence law that requires companies to cooperate with the country’s security agencies, and the lack of legal recourse to resist doing Beijing’s bidding make Huawei a particularly undesirable partner. More serious than safeguarding data is the potential for critical infrastructure disruptions. 5G will be the backbone of communications needed for the American power grid, water supply, and transportation infrastructure. An attack in even one of these fields would be crippling.
Finally, the supply chain for 5G kit is worryingly limited. There are only two major non-Chinese suppliers of radio access network (RAN) equipment: Nokia of Finland and Ericsson of Sweden. Samsung of South Korea is a distant third. Given the importance of RAN to future critical digital infrastructure, the industry is too consolidated to ensure sufficient supply chain security.
What can be done to address these risks, and to safeguard American economic and national security as well as technological competitiveness? One far-reaching strategy would be for the United States to work with allies and other like-minded countries to reshape the telecommunications landscape. The status quo of the current hardware-focused market is not sustainable.
The United States should promote more open and more interoperable communications technologies. Encouraging a shift to a software-focused approach will likely yield benefits in security, cost, supply-chain diversity, and more competitive markets. This open architecture approach is based on a concept called network virtualization—the ability of software to simulate hardware to achieve greater efficiency and scalability. Networks should consist of proprietary software for functions like switching, routing, and firewalls that run on vendor-neutral hardware and standardized interfaces. Software from various vendors would provide the desired degree of differentiation.
A virtualized network approach yields four advantages that address key concerns over the current 5G telecommunication market.
1. Greater vendor diversity: Barriers to entry for telecommunications equipment design and manufacturing are great, particularly when competing with Chinese corporations that receive lavish subsidies from the Chinese government. The software industry’s barriers to entry, however, are lower. The monetary value of the 5G service market is projected to be worth over $85 billion by 2024, at a 31.9 percent compound annual growth rate; this factor, along with the software industry’s low barrier of entry, will likely encourage new entrants to the telecommunications market. The United States and its partners and allies have robust software industries and could thus readily transform the industry. The anticipated vendor diversity would result in secure and robust supply chains to the benefit of everyone.
2. Interoperability: A major issue with 5G roll-out is that new equipment from vendors do not often work well with the legacy (4G) equipment of other vendors. With network virtualization, interoperability becomes vendor-agnostic because every software product needs to be compatible to function on the network. Therefore, it will become much easier for an operator to work with multiple vendors if it so chooses.
3. Security: Transparency and standardization of security will be necessary because vendor products must be interoperable. Marketplace competition incentivizes superior security practices for vendors to differentiate themselves from their competitors. Software security can also be more readily verified and monitored. Cybersecurity firms such as Finite State have demonstrated that it is possible to do this at scale.
4. Operator growth: Operators of virtualized networks would benefit from new opportunities in scaling and differentiation. With this new approach it would be possible for an operator to build a modular product based on software offerings from multiple vendors. For example, one operator may decide to focus primarily on enabling automation in manufacturing facilities and supporting logistics. Another may wish to focus on offerings such as virtual and augmented reality. This flexibility would encourage existing operators to provide tailored services to specific customers, allow for expansion into new business areas, encourage new operators to enter the market to meet demand for new capabilities, and provide customers with greater choices and better pricing.
The United States has several means to underscore its interest in virtualized networks as part of a broader strategy to ensure secure and resilient telecommunications networks and to encourage secure and diverse supply chains:
– Signal support for efforts like the O-RAN Alliance and the Telecom Infra Project. These international groups of telecom operators and technology companies promote the development of RAN virtualization, open architecture, and standardized interfaces.
– Hold Congressional hearings to explore strategies and funding for network virtualization.
– Create tax incentives for deploying such technology.
– Publish a comprehensive “5G and Beyond” strategy that incorporates network virtualization as a core element.
– Use the purchasing power of the American government. For example, the Department of Defense could become an early adopter of virtualized network solutions.
The pursuit of an open architecture model would do much to mitigate the vulnerabilities with which the United States and like-minded nations are grappling. Concerted efforts to reshape the telecommunications landscape through network virtualization promise significant economic and national security advantages. Prudent and decisive decision-making today will help to ensure a more prosperous and secure future.
. . .
Martijn Rasser is a senior fellow at the Center for a New American Security.