back to article Europe publishes 5G risk assessment; America scrawls ‘Huawei’ on the side of a nuke and goes for a ride

The European Union has published a risk assessment of next-generation 5G mobile networks and concluded that everyone needs to think differently about security, given fundamental changes in how the new networks will operate. In response, America has scrawled the name “Huawei” on the side of a nuke, pulled a Stetson on and …

  1. Will Godfrey Silver badge
    Unhappy

    Unfortunately

    Some countries don't 'get' either sarcasm or irony so are likely to use the Vulture's comments as further verification of their stance. Also, continuing to tell people to take no notice of the man behind the curtain.

  2. Oengus Silver badge

    China?

    He notes that the reference to “non-EU countries” in the report “clearly includes China,” ...

    “In this context, several Member States attribute a higher risk profile to suppliers that are under the jurisdiction of third countries conducting an offensive cyber policy.”

    The US would read China, China would read US and other countries would read both China and USA. Both countries can influence companies headquartered in their territories and both have a history of spying on anyone and everyone regardless of the legality.

    1. 's water music Silver badge

      Re: China?

      TBF I doubt that there is any country that wouldn't do this. The limiting factors are more to do with having a domestic supplier who is a material player in the networking kit market and having the geopolitical clout to be able to exploit any intelligence gleaned. I know the UK would be all over it like a rat up a drain pipe. Probably still hoping that the US might offer something in return

    2. big_D Silver badge

      Re: China?

      Exactly. The report essentially says that, to be safe, we should only buy equipment from Nokia and Ericsson, and then only when 100% of the supply chain is within the EU.

      No parts from China and no parts from the USA. But that doesn't have the same ring for Americans as Huawei bad, USA good.

    3. Anonymous Coward
      Anonymous Coward

      Re: China?

      "The US would read China, China would read US and other countries would read both China and USA."

      The companies able to provide a "5G solution" are basically (90% of the market):

      - Ericsson (European)

      - Huawei (China)

      - Nokia (European/US)

      - ZTE (China)

      While other companies equipment will be used in a solution (such as Cisco/Juniper/etc routers/switches to bring a more US flavour, Japanese/South Korean radio equipment), North American telecoms equipment manufacturers have already consolidated into European companies (Nortel to Ericsson, Lucent to Alcatel-Lucent to Nokia).

      While security is the publicly discussed topic, this is effectively a question of continuing to support both Ericsson/Nokia because they will be undercut on price by the Chinese and the market will likely reduce from 4 suppliers to 3, and it won't be one of the Chinese suppliers dropping out.

  3. Adrian 4 Silver badge

    design

    I get that using equipment from a carrier that you don't trust has possibilities of DoS and maybe metadata. But if you're concerned that the equipment can sniff your communications, aren't you Doing It Wrong ? Why would you want to expose stuff that could be end-to-end encrypted ? Aren't network technicians just as much a risk as the OEM ?

    1. iron Silver badge

      Re: design

      You're forgetting that you aren't supposed to use end-to-end encryption because it funds terrorism, pirates movies and eats babies.

    2. simonlb Silver badge

      Re: Everything under control

      Network technicians may pose a small risk but allegedly *cough* *cough* you should be more concerned about certain US TLA operatives intercepting your network kit and adding additional undocumented functionality after it has left the factory and is in transit to you.

    3. Anonymous Coward
      Anonymous Coward

      Re: design

      The risks to be assessed are:

      1 - possibility of firmware having a bug that allows unauthorised monitoring of communications (i.e. unintentional)

      2 - possibility of firmware having a backdoor that allows unauthorised monitoring of communications (i.e. unintentional)

      3- possibility of suppliers staff accessing unauthorised information (either intentionally or unintentionally)

      4 - system availability requiring supplier support

      The risk of 1 will be similar between suppliers. With "untrusted suppliers", the risk of 2/3 is marginally higher but can be mitigated by designs creating more separation of responsibilities and supervision/monitoring by the telco. I would argue that the differences between a "trusted" and "untrusted" supplier should be close to zero.

      For 4, I would point at O2's Ericsson certificate issues (https://www.theregister.co.uk/2018/12/06/ericsson_o2_telefonica_uk_outage/) as an example of the real risk with these systems. Operating these systems in the event of a country being sanctioned or worse would present significant risks.

      Which then moves the conversation onto international relations, who you really trust and what are possible future issues and can you run the 5G network independently from the supplier.

      1. Giovani Tapini Silver badge
        Black Helicopters

        Re: design

        Statements 1, 2, and 3 have a redundant "un" in front of authorised...

      2. Mike Pellatt

        Re: design

        .....can you run the 5G network independently from the supplier

        The answer will inevitably be "no". Well, you theoretically could. But I very much doubt that it will be practically achiveable.

  4. d3vy Silver badge

    "He notes that the reference to “non-EU countries” in the report “clearly includes China,”"

    Yes... but it also includes the US....

    1. Anonymous Coward
      Anonymous Coward

      ""He notes that the reference to “non-EU countries” in the report “clearly includes China,”"

      Yes... but it also includes the US...."

      Yes... But it also includes the UK...

      1. d3vy Silver badge

        "Yes... But it also includes the UK.."

        Not at the time the report was written so probably not actually.

      2. katrinab Silver badge
        Mushroom

        Except, there aren't any viable UK suppliers of telecoms equipment. Maybe Viglen's Bordan Tkachuk could produce a Broadcom licence for his Internet Service Protocol. That seems to be the best we have to offer.

  5. LDS Silver badge
    Devil

    "and that means huge replacement costs"

    Which means telcos will select the cheapest supplier regardless of the security of the products.

    1. Anonymous Coward
      Anonymous Coward

      Re: "and that means huge replacement costs"

      Unless forced to by government policies.

      1. LDS Silver badge
        Devil

        Re: "and that means huge replacement costs"

        Just like Volkswagen with engine emissions limits?

        Without strong auditing, they will try to bypass any policy that will impact "shareholder value" and especially "executive bonuses".

        1. Anonymous Coward
          Anonymous Coward

          Re: "and that means huge replacement costs"

          I would disagree that it will require strong auditing - importing a couple of hundred million dollars worth of kit will be make it pretty easy to notice in the following 3-12 months. Combine that with the limited number of telcos (i.e. there's 65 operators/VMNO's to police in the UK) and existing EU environmental requirements for electrical goods (i.e. under current EU import/export requiremnts, I'm ignoring the unknowns of Brexit) I would expect minimal additional effort to ensure compliance.

          The question is whether the additional costs of deploying non-Chinese 5G kit are acceptable to operators and consumers if forced upon them by government. And whether anyone could stomach the cost of replacing existing kit. I think the answer is maybe and no...

          1. LDS Silver badge

            Re: "and that means huge replacement costs"

            As the paper reports, these systems will be much more "dynamic" and "software defined", so it's not just assessing what has been bought and from where - but their security when installed, configured and maintained.

            And the risk of "fake tests" to show their are secure when they are not once deployed exists.

  6. Chris G Silver badge

    Fair trading

    Most of the issue about Huawei is about fair trading, it's not fair that they hold a large number of 5G patents, can undercut American companies and have an unfairly large hold on the industry world wide. So the US is doing what it always does with foreign competitors who are a threat to its hold on world markets, that is, everything they can to bring it down as they can't control it. Of course the security issue is also important, the monopoly on that should also be US based with a little help from sidekicks with 'Special Relationships'.

    1. John Brown (no body) Silver badge

      Re: Fair trading

      "they hold a large number of 5G patents"

      Are these foreign patents the US have chosen to recognise thanks to treaties, patents issued without due diligence by the USPO or, since it's 5G, mainly software patents that some jurisdiction don't accept anyway?

      1. Anonymous Coward
        Anonymous Coward

        Re: Fair trading

        I'm not sure about the patent jurisdiction that the patents were filed in, but Huawei/Hisilicon (a Huawei subsidiary) appear to have around 50% of the 5G patents filed as of 2018:

        https://files.lbr.cloud/254270/conversions/figure_4_4-full.jpg

        I suspect some of those patents will be handset/fab related, but that is a significant head start on costs assuming FRAND. My (incorrect) asusmption would have been many of the 5G patents would have been held by existing 2G/3G/4G holders.

        Huawei are suggesting they will sell their patents to a western company to address some of the issues holding back 5G.

        1. Roland6 Silver badge
          Pint

          Re: Fair trading

          > My (incorrect) asusmption would have been many of the 5G patents would have been held by existing 2G/3G/4G holders.

          You mean the vast majority of 5G patents aren't of the form: "...xyz...in a 5G network".

          Where xyz refers to something previously patented in a 2/3/4G network...

      2. Yet Another Anonymous coward Silver badge

        Re: Fair trading

        They are standards patents that you need to use to implement 5g standards.

        Just like video codecs, everyone involved makes sure that the standard requires that you use their patents, they then all cross license them to make sure nobody new can get in the club

        Unfortunately we now have governments who think that they are above industry cartels

    2. eldakka Silver badge

      Re: Fair trading

      it's not fair that they hold a large number of 5G patents, can undercut American companies

      Why are either of those unfair?

      For the first point, that is how patents work. How is it unfair that Huawei is using the patent system as intended? The only way to counter this is to change the patent system as a whole, e.g. restructure patent law, better vetting of patents1, set up more categories of patents such that different categories can have different validity periods for patents so that some classes of patents can be given, say, 5 years validity, others 10 years, etc., rather than all patents being 20(?) years.

      For the second point, that's the way capitalism and international free trade and economic theory itself2 works. How is it being unfair by following standard capitalist economic theory and international trading practices? The only way to counter this is to start a tariff war3 to drive up the prices of imported goods so local companies can compete better, or to flat-out ban international trade.

      As far as I can tell, Huawei are engaging in fair trade, but the US has their panties in a knot because Huawei, and China as a whole, seem to be challenging (surpassing?) the US's dominance with high-tech international trade.

      ----------------------------------------------

      1 many patents get overturned later on, but often it can be cheaper to just pay the patent holder their licensing demands than to try and get the patent overturned.

      2 regions should specialise in what they are good at, whether that be due to labour costs, educational levels, infrastructure, sources of raw materials, and so on, and trade your products/services/expertise in those things with other regions for what they are good at.

      3 and like in any war there will be casualties such as consumers having to pay more for goods, or just plain not able to obtain certain goods, and businesses going under. And like with many wars, often no-one wins, or at best it's a pyrrhic victory.

      1. veti Silver badge

        Re: Fair trading

        It's unfair because Everyone Knows that the Chinese only copy, they don't innovate, therefore their patents can't possibly be legit.

        It'll be some time yet before any authority figure (in the USA particularly, although the EU is also not immune to this particular strain of nationalism/racism) is prepared to admit that this common wisdom is bullshit.

  7. John Mangan

    Question

    "Most importantly, the report notes that there are fundamental differences in the current 3G and 4G networks that we use for our mobile phones (and broader mobile data delivery) and the upcoming 5G networks which promise far faster and more expansive opportunities.

    Most importantly, 5G networks are reliant to a far greater degree on software and less on specialized hardware and software. This is a big plus - it means new features can be added easily and the underlying infrastructure won’t have to be overhauled or replaced to take advantage of them. But, at the same time of course, it means that 5G networks will be more open to attack."

    Which 'most importantly' is the most important?

    I tried to resist but I am weak. Sorry.

    1. Pascal Monett Silver badge

      Re: Question

      Most importantly, 5G is apparently going to transform our phone and comms network into the same security nightmare that is the Internet. I can't help but feel that this push to software-defined everything is simply the Pandora's box of fun.

      On the other hand, while US officials and politicians descend into even more depths of blind political hatred and spout things that are clearly becoming more and more biased and unfounded, I am getting the feeling that Huawei is actually a good thing to have around.

      Not to mention the popcorn festival it is watching them squirm without being able to do anything.

      1. JohnFen Silver badge

        Re: Question

        Yes.

        I've been learning as much as I can about 5G, and the more I learn about it, the more confident I am that this is something that I simply Do Not Want.

  8. DJO Silver badge

    Desicions decisions

    Oh dear, should they use Huawei who might be open to government influence but who do publish their software or Cisco who are definitely in the pocket of the US government and don't publish their software. Tricky.

    Or Nokia, anybody worried about the Finnish intelligence agencies?

    1. phuzz Silver badge

      Re: Desicions decisions

      I was going to make a joke about Nokia, but both Finland and Sweden (home of Ericsson) are members of the EU.

      Samsung on the other hand...

    2. Anonymous Coward
      Anonymous Coward

      Re: Desicions decisions

      You forgot Ericsson.

      And that Nokia is actually Nokia/Siemens/Alcatel/Lucent, so you probably get Finland/French/German/US intelligence agencies showing interest.

      1. Yet Another Anonymous coward Silver badge

        Re: Desicions decisions

        >you probably get Finland/French/German/US intelligence agencies

        If Finland has an intelligence agency they will be drunk

        Nobody has had to worry about the French since Waterloo

        Germany has more than enough problems of its own without wanting to spy on anyone

        The American intelligence agencies only spying on their own citizens

        1. phuzz Silver badge
          Facepalm

          Re: Desicions decisions

          "Nobody has had to worry about the French since Waterloo"

          Tell that to Greenpeace.

        2. Roland6 Silver badge

          Re: Desicions decisions

          >The American intelligence agencies only spying on their own citizens

          You're forgetting the special arrangement: The UK spies on American citizens, in return the US spies on UK citizens. This way the US agencies can put hands on heart and say they are abiding by the Constitution and not spying on US citizens...

  9. Baldrickk Silver badge

    I read a comment about BT's infrastructure not too long ago... that the fibre network goes through gateways produced by two different companies, one of them Huawei.

    That one of these companies' hardware kept falling over and not providing the throughput it was designed / required to

    And that the company who's kit fell over was not Huawei.

    If we want working infrastructure, we may not have a choice... at least until other companies get their act together.

  10. phuzz Silver badge
    Coat

    ZTE

    Poor old ZTE. Their equipment is also being used, and they're a Chinese company with ties to the Chinese government, but do you hear any thing about them spying? No you don't! It's all 'Huawei this', and 'Huawei that', even though ZTE have been around longer.

    So unfair.

    Mines the one with a Zhongxing Semiconductor Co. logo on the pocket >>>

    1. Anonymous Coward
      Anonymous Coward

      Re: ZTE

      Are any big EU/US telecoms companies using ZTE?

      I'm aware of them having customers in China, the Middle East and Africa, but they tend to be smaller/cheaper than the systems sold by other vendors.

      1. Aitor 1 Silver badge

        Re: ZTE

        On the contrary, I find them to be more expensive overall.

        1. Yet Another Anonymous coward Silver badge

          Re: ZTE

          Lenovo and Motorla are also companies subject to evil Chinese Govt (tm) interference

          However they both have lots of US shareholders so it would be inappropriate to mention this.

          1. IGotOut

            Re: ZTE

            Especially as Lenovo bought IBM's business.

  11. LeahroyNake Silver badge

    Why bother

    Being an early adopter is all well and good but paying through the nose for something that is probably going to be replaced 4 maybe 5 years later for little improvement over 4g? It's just progress for the sake of money grabbing execs that think ooooo buzzword bingo.

    5g doesn't have the same range of 4g, it cannot penetrate buildings etc as good as 4g. Yes it's faster but if the backhaul is still crap and nobody has a 5g phone what's the point.

    I'm sticking with my cheap 4g Huawei thanks very much. Let the gov agencies throw crap at each other and let's all have a laugh at what they can come up with next.

  12. Jeffrey Nonken Silver badge

    https://youtu.be/r31aeE4WEbo

    (In case that's blocked in your country or some such nonsense, "You're So Vain" by Carly Simon.)

  13. Anonymous Coward
    Anonymous Coward

    Don't Let 5G in the UK, it will fry you, or the chocolate in your pocket and honey bees too.

    The signal 5G uses is a military type of microwave signal. When 5G was first used on naval craft, Personnel working near the transmitters on ships found that they began to feel warm. Chocolate bars in their pockets were melting. This was because those personnel were in fact being cooked, as were the chocolate bars in their pockets. Don’t believe me? Have a look at Ian Cranes video here: https://youtu.be/GjS3RKgBmE8

    If you dont want to click the link, go to Youtube and search for Ian R Crane

    Don’t let 5G into your country, it will destroy your sweat glands aparrently, not to mention your brain! it also kills insects - not good if you like honey or want your fruit trees pollinated! Just watch Ian’s video.

    1. JohnFen Silver badge

      Re: Don't Let 5G in the UK, it will fry you, or the chocolate in your pocket and honey bees too.

      This is nonsense.

      In my opinion, there are plenty of legitimate reasons to avoid 5G -- but this is not one of them.

    2. keb

      Re: Don't Let 5G in the UK, it will fry you, or the chocolate in your pocket and honey bees too.

      this is science based criticism and caution, not new age hype

  14. JohnFen Silver badge

    Still not seeing it

    I'm still not seeing how Huawei poses a greater security threat than US companies*. US companies, after all, have a long history of providing the US government the same amount of cooperation as what Huawei is being accused of.

    *Not just the US, of course

  15. Anonymous Coward
    Anonymous Coward

    5G, software defined networks, IPv6, IoT,,,,,,,

    Ignorant anorak here.....but what's the likelyhood that the combination of 5G, software defined networks, IPv6 and IoT.....

    *

    .....will lead service providers to move almost all software applications to the servers at the service provider (you know, like the Chromebook architecture, but on steroids)? NAT will become obsolete. Every device will have its own IPv6 address, and all IP addresses will be registered to a person.

    *

    Since all data, all key strokes, all processing will be on a corporate server, privacy will disappear completely!! Personally, I don't think Huawei is a threat....the real threat is corporations and spy agencies (same thing!) -- NSA, GCHQ, Amazon, Google, Microsoft..............

    *

    Quote from William Burroughs: "The paranoid is a person who knows a little about what is going on."

  16. rwill2

    Yes ban Cisco gear too in the EU, otherwise will be open for data leaks and corp espionage!

    https://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019