Europe publishes 5G risk assessment; America scrawls ‘Huawei’ on the side of a nuke and goes for a ride The European Union has published a risk assessment of next-generation 5G mobile networks and concluded that everyone needs to think differently about security, given fundamental changes in how the new networks will operate. In response, America has scrawled the name “Huawei” on the side of a nuke, pulled a Stetson on and …
He notes that the reference to “non-EU countries” in the report “clearly includes China,” ...
“In this context, several Member States attribute a higher risk profile to suppliers that are under the jurisdiction of third countries conducting an offensive cyber policy.”
The US would read China, China would read US and other countries would read both China and USA. Both countries can influence companies headquartered in their territories and both have a history of spying on anyone and everyone regardless of the legality.
TBF I doubt that there is any country that wouldn't do this. The limiting factors are more to do with having a domestic supplier who is a material player in the networking kit market and having the geopolitical clout to be able to exploit any intelligence gleaned. I know the UK would be all over it like a rat up a drain pipe. Probably still hoping that the US might offer something in return
Exactly. The report essentially says that, to be safe, we should only buy equipment from Nokia and Ericsson, and then only when 100% of the supply chain is within the EU.
No parts from China and no parts from the USA. But that doesn't have the same ring for Americans as Huawei bad, USA good.
"The US would read China, China would read US and other countries would read both China and USA."
The companies able to provide a "5G solution" are basically (90% of the market):
- Ericsson (European)
- Huawei (China)
- Nokia (European/US)
- ZTE (China)
While other companies equipment will be used in a solution (such as Cisco/Juniper/etc routers/switches to bring a more US flavour, Japanese/South Korean radio equipment), North American telecoms equipment manufacturers have already consolidated into European companies (Nortel to Ericsson, Lucent to Alcatel-Lucent to Nokia).
While security is the publicly discussed topic, this is effectively a question of continuing to support both Ericsson/Nokia because they will be undercut on price by the Chinese and the market will likely reduce from 4 suppliers to 3, and it won't be one of the Chinese suppliers dropping out.
I get that using equipment from a carrier that you don't trust has possibilities of DoS and maybe metadata. But if you're concerned that the equipment can sniff your communications, aren't you Doing It Wrong ? Why would you want to expose stuff that could be end-to-end encrypted ? Aren't network technicians just as much a risk as the OEM ?
Network technicians may pose a small risk but allegedly *cough* *cough* you should be more concerned about certain US TLA operatives intercepting your network kit and adding additional undocumented functionality after it has left the factory and is in transit to you.
The risks to be assessed are:
1 - possibility of firmware having a bug that allows unauthorised monitoring of communications (i.e. unintentional)
2 - possibility of firmware having a backdoor that allows unauthorised monitoring of communications (i.e. unintentional)
3- possibility of suppliers staff accessing unauthorised information (either intentionally or unintentionally)
4 - system availability requiring supplier support
The risk of 1 will be similar between suppliers. With "untrusted suppliers", the risk of 2/3 is marginally higher but can be mitigated by designs creating more separation of responsibilities and supervision/monitoring by the telco. I would argue that the differences between a "trusted" and "untrusted" supplier should be close to zero.
For 4, I would point at O2's Ericsson certificate issues (https://www.theregister.co.uk/2018/12/06/ericsson_o2_telefonica_uk_outage/) as an example of the real risk with these systems. Operating these systems in the event of a country being sanctioned or worse would present significant risks.
Which then moves the conversation onto international relations, who you really trust and what are possible future issues and can you run the 5G network independently from the supplier.
I would disagree that it will require strong auditing - importing a couple of hundred million dollars worth of kit will be make it pretty easy to notice in the following 3-12 months. Combine that with the limited number of telcos (i.e. there's 65 operators/VMNO's to police in the UK) and existing EU environmental requirements for electrical goods (i.e. under current EU import/export requiremnts, I'm ignoring the unknowns of Brexit) I would expect minimal additional effort to ensure compliance.
The question is whether the additional costs of deploying non-Chinese 5G kit are acceptable to operators and consumers if forced upon them by government. And whether anyone could stomach the cost of replacing existing kit. I think the answer is maybe and no...
As the paper reports, these systems will be much more "dynamic" and "software defined", so it's not just assessing what has been bought and from where - but their security when installed, configured and maintained.
And the risk of "fake tests" to show their are secure when they are not once deployed exists.
Most of the issue about Huawei is about fair trading, it's not fair that they hold a large number of 5G patents, can undercut American companies and have an unfairly large hold on the industry world wide. So the US is doing what it always does with foreign competitors who are a threat to its hold on world markets, that is, everything they can to bring it down as they can't control it. Of course the security issue is also important, the monopoly on that should also be US based with a little help from sidekicks with 'Special Relationships'.
I'm not sure about the patent jurisdiction that the patents were filed in, but Huawei/Hisilicon (a Huawei subsidiary) appear to have around 50% of the 5G patents filed as of 2018:
https://files.lbr.cloud/254270/conversions/figure_4_4-full.jpg
I suspect some of those patents will be handset/fab related, but that is a significant head start on costs assuming FRAND. My (incorrect) asusmption would have been many of the 5G patents would have been held by existing 2G/3G/4G holders.
Huawei are suggesting they will sell their patents to a western company to address some of the issues holding back 5G.
> My (incorrect) asusmption would have been many of the 5G patents would have been held by existing 2G/3G/4G holders.
You mean the vast majority of 5G patents aren't of the form: "...xyz...in a 5G network".
Where xyz refers to something previously patented in a 2/3/4G network...
They are standards patents that you need to use to implement 5g standards.
Just like video codecs, everyone involved makes sure that the standard requires that you use their patents, they then all cross license them to make sure nobody new can get in the club
Unfortunately we now have governments who think that they are above industry cartels
it's not fair that they hold a large number of 5G patents, can undercut American companies
Why are either of those unfair?
For the first point, that is how patents work. How is it unfair that Huawei is using the patent system as intended? The only way to counter this is to change the patent system as a whole, e.g. restructure patent law, better vetting of patents1, set up more categories of patents such that different categories can have different validity periods for patents so that some classes of patents can be given, say, 5 years validity, others 10 years, etc., rather than all patents being 20(?) years.
For the second point, that's the way capitalism and international free trade and economic theory itself2 works. How is it being unfair by following standard capitalist economic theory and international trading practices? The only way to counter this is to start a tariff war3 to drive up the prices of imported goods so local companies can compete better, or to flat-out ban international trade.
As far as I can tell, Huawei are engaging in fair trade, but the US has their panties in a knot because Huawei, and China as a whole, seem to be challenging (surpassing?) the US's dominance with high-tech international trade.
----------------------------------------------
1 many patents get overturned later on, but often it can be cheaper to just pay the patent holder their licensing demands than to try and get the patent overturned.
2 regions should specialise in what they are good at, whether that be due to labour costs, educational levels, infrastructure, sources of raw materials, and so on, and trade your products/services/expertise in those things with other regions for what they are good at.
3 and like in any war there will be casualties such as consumers having to pay more for goods, or just plain not able to obtain certain goods, and businesses going under. And like with many wars, often no-one wins, or at best it's a pyrrhic victory.
It's unfair because Everyone Knows that the Chinese only copy, they don't innovate, therefore their patents can't possibly be legit.
It'll be some time yet before any authority figure (in the USA particularly, although the EU is also not immune to this particular strain of nationalism/racism) is prepared to admit that this common wisdom is bullshit.
"Most importantly, the report notes that there are fundamental differences in the current 3G and 4G networks that we use for our mobile phones (and broader mobile data delivery) and the upcoming 5G networks which promise far faster and more expansive opportunities.
Most importantly, 5G networks are reliant to a far greater degree on software and less on specialized hardware and software. This is a big plus - it means new features can be added easily and the underlying infrastructure won’t have to be overhauled or replaced to take advantage of them. But, at the same time of course, it means that 5G networks will be more open to attack."
Which 'most importantly' is the most important?
I tried to resist but I am weak. Sorry.
Most importantly, 5G is apparently going to transform our phone and comms network into the same security nightmare that is the Internet. I can't help but feel that this push to software-defined everything is simply the Pandora's box of fun.
On the other hand, while US officials and politicians descend into even more depths of blind political hatred and spout things that are clearly becoming more and more biased and unfounded, I am getting the feeling that Huawei is actually a good thing to have around.
Not to mention the popcorn festival it is watching them squirm without being able to do anything.
Oh dear, should they use Huawei who might be open to government influence but who do publish their software or Cisco who are definitely in the pocket of the US government and don't publish their software. Tricky.
Or Nokia, anybody worried about the Finnish intelligence agencies?
>you probably get Finland/French/German/US intelligence agencies
If Finland has an intelligence agency they will be drunk
Nobody has had to worry about the French since Waterloo
Germany has more than enough problems of its own without wanting to spy on anyone
The American intelligence agencies only spying on their own citizens
"Nobody has had to worry about the French since Waterloo"
>The American intelligence agencies only spying on their own citizens
You're forgetting the special arrangement: The UK spies on American citizens, in return the US spies on UK citizens. This way the US agencies can put hands on heart and say they are abiding by the Constitution and not spying on US citizens...
I read a comment about BT's infrastructure not too long ago... that the fibre network goes through gateways produced by two different companies, one of them Huawei.
That one of these companies' hardware kept falling over and not providing the throughput it was designed / required to
And that the company who's kit fell over was not Huawei.
If we want working infrastructure, we may not have a choice... at least until other companies get their act together.
Poor old ZTE. Their equipment is also being used, and they're a Chinese company with ties to the Chinese government, but do you hear any thing about them spying? No you don't! It's all 'Huawei this', and 'Huawei that', even though ZTE have been around longer.
So unfair.
Mines the one with a Zhongxing Semiconductor Co. logo on the pocket >>>
Being an early adopter is all well and good but paying through the nose for something that is probably going to be replaced 4 maybe 5 years later for little improvement over 4g? It's just progress for the sake of money grabbing execs that think ooooo buzzword bingo.
5g doesn't have the same range of 4g, it cannot penetrate buildings etc as good as 4g. Yes it's faster but if the backhaul is still crap and nobody has a 5g phone what's the point.
I'm sticking with my cheap 4g Huawei thanks very much. Let the gov agencies throw crap at each other and let's all have a laugh at what they can come up with next.
The signal 5G uses is a military type of microwave signal. When 5G was first used on naval craft, Personnel working near the transmitters on ships found that they began to feel warm. Chocolate bars in their pockets were melting. This was because those personnel were in fact being cooked, as were the chocolate bars in their pockets. Don’t believe me? Have a look at Ian Cranes video here: https://youtu.be/GjS3RKgBmE8
If you dont want to click the link, go to Youtube and search for Ian R Crane
Don’t let 5G into your country, it will destroy your sweat glands aparrently, not to mention your brain! it also kills insects - not good if you like honey or want your fruit trees pollinated! Just watch Ian’s video.
Ignorant anorak here.....but what's the likelyhood that the combination of 5G, software defined networks, IPv6 and IoT.....
*
.....will lead service providers to move almost all software applications to the servers at the service provider (you know, like the Chromebook architecture, but on steroids)? NAT will become obsolete. Every device will have its own IPv6 address, and all IP addresses will be registered to a person.
*
Since all data, all key strokes, all processing will be on a corporate server, privacy will disappear completely!! Personally, I don't think Huawei is a threat....the real threat is corporations and spy agencies (same thing!) -- NSA, GCHQ, Amazon, Google, Microsoft..............
*
Quote from William Burroughs: "The paranoid is a person who knows a little about what is going on."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
