“Essentially our approach is as follows: We are not taking a pre-emptive decision to ban any actor, or any company,” government spokesman, Steffen Seibert, told a news conference in Berlin yesterday.
The country’s Federal Network Agency is slated to be publishing detailed security guidance on the technical and governance criteria for 5G networks in the next few days.
The next-gen mobile technology delivers faster speeds and lower latency than current-gen cellular technologies, as well as supporting many more connections per cell site. So it’s being viewed as the enabling foundation for a raft of futuristic technologies — from connected and autonomous vehicles to real-time telesurgery.
But increased network capabilities that support many more critical functions means rising security risk. The complexity of 5G networks — marketed by operators as “intelligent connectivity” — also increases the surface area for attacks. So future network security is now a major geopolitical concern.
German business newspaper Handelsblatt, which says it has reviewed a draft of the incoming 5G security requirements, reports that chancellor Angela Merkel stepped in to intervene to exclude a clause which would have blocked Huawei’s market access — fearing a rift with China if the tech giant is shut out.
Earlier this year it says the federal government pledged the highest possible security standards for regulating next-gen mobile networks, saying also that systems should only be sourced from “trusted suppliers”. But those commitments have now been watered down by economic considerations at the top of the German government.
The decision not to block Huawei’s access has attracted criticism within Germany, and flies in the face of continued US pressure on allies to ban the Chinese tech giant over security and espionage risks.
The US imposed its own export controls on Huawei in May.
A key concern attached to Huawei is that back in 2017 China’s Communist Party passed a national intelligence law which gives the state swingeing powers to compel assistance from companies and individuals to gather foreign and domestic intelligence.
For network operators outside China the problem is Huawei has the lead as a global 5G supplier — meaning any ban on it as a supplier would translate into delays to network rollouts. Years of delay and billions of dollars of cost to 5G launches, according to warnings by German operators.
Another issue is that Huawei’s 5G technology has also been criticized on security grounds.
A report this spring by a UK oversight body set up to assess the company’s approach to security was damning — finding “serious and systematic defects” in its software engineering and cyber security competence.
Though a leak shortly afterwards from the UK government suggested it would allow Huawei partial access — to supply non-core elements of networks.
An official UK government decision on Huawei has been delayed, causing ongoing uncertainty for local carriers. In the meanwhile a government review of the telecoms supply chain this summer called for tougher security standards and updated regulations — with major fines for failure. So it’s possible that stringent UK regulations might sum to a de facto ban if Huawei’s approach to security isn’t seen to take major steps forward soon.
According to Handelsblatt’s report, Germany’s incoming guidance for 5G network operators will require carriers identify critical areas of network architecture and apply an increased level of security. (Although it’s worth pointing out there’s ongoing debate about how to define critical/core network areas in 5G networks.)
The Federal Office for Information Security (BSI) will be responsible for carrying out security inspections of networks.
Last week a pan-EU security threat assessment of 5G technology highlighted risks from “non-EU state or state-backed actors” — in a coded jab at Huawei.
The report also flagged increased security challenges attached to 5G vs current gen networks on account of the expanded role of software in the networks and apps running on 5G. And warned of too much dependence on individual 5G suppliers, and of operators relying overly on a single supplier.
Shortly afterwards the WSJ obtained a private risk assessment by EU governments — which appears to dial up regional concerns over Huawei, focusing on threats linked to 5G providers in countries with “no democratic and legal restrictions in place”.
Among the discussed risks in this non-public report are the insertion of concealed hardware, software or flaws into 5G networks; and the risk of uncontrolled software updates, backdoors or undocumented testing features left in the production version of networking products.
“These vulnerabilities are not ones which can be remedied by making small technical changes, but are strategic and lasting in nature,” a source familiar with the discussions told the WSJ — which implies that short term economic considerations risk translating into major strategic vulnerabilities down the line.
5G alternatives are in short supply, though.
US Senator Mark Warner recently floated the idea of creating a consortium of ‘Five Eyes’ allies — aka the U.S., Australia, Canada, New Zealand and the UK — to finance and build “a Western open-democracy type equivalent” to Huawei.
But any such move would clearly take time, even as Huawei continues selling services around the world and embedding its 5G kit into next-gen networks.