5G, security risks, and a way forward
5G, the fifth-generation standard for broadband cellular networks, will soon appear on our phones if it hasn’t already. Its potential is stunning, faster speed and shorter latency — the gap between data receipt and transfer — which will make it possible to extend the Internet of Things (IoT) to, for instance, self-driving cars whose devices need to communicate commands in fractions of seconds. If smartphones changed our personal lives in ways we could not predict, 5G could change our societies and shape our future beyond our imaginations.
Yet the rub is that what makes 5G a dramatic improvement over 4G also makes it less secure. Those security concerns are inherent in 5G; they don’t derive just from concern that China’s Huawei will dominate the 5G market. To mix metaphors, three of 5G’s superpowers are also Achilles’ heels.
Currently, most cellular networks operate using low-band spectrum, in order to cover large geographical areas with minimal interruption. The use of a high-band spectrum is rare: While it is faster, it cannot travel long distances. The 5G architecture offers a mixed spectrum, but also the ability to slice the network; together they offer flexibility and adaptability, which is essential to serve a wider range of devices. Add to the mix the Multipole-Input, Multipole-Output (MIMO) ability, and you have a massive number of targets to attack.
What is called “virtualization” compounds the risk. 4G centralized communications in hardware nodes, while 5G, in essence, replaces hardware-based network functions with dispersed, software-based ones, in order to optimize the network for efficiency, flexibility, and capacity. One thing we know for certain is that any software can be hacked, and so the shift to software inevitably expands the surface of cyberattacks. Worse, if the virtualization layer is breached, all network functions come under direct attack with potentially disastrous consequences.
The third “Achilles heel” is open-RAN, or “radio access network,” which permits interoperability among RAN equipment from different vendors. It is touted as the saving grace for the United States, which has no national player in a market dominated by China’s Huawei, with Nokia, Samsung and Ericsson trailing behind. Whether open-RAN is dream or reality remains to be seen. It could temper Huawei’s dominance, thus muting concerns about both China using 5G for intelligence purposes and fears that, as with 4G before it, the companies that dominate 5G will lead the standard-setting for it. The novelty of 5G means that the leaders of the 5G era will have control over networks in ways that we cannot predict
Yet multiplying vendors also would multiply the security threat. At a minimum, it would be hard to keep a consistent and coherent approach to security by designing to prevent deliberate flaws. Moreover, if 5G network infrastructures were collaboratively created by different operators — or if a single 5G network were shared by multiple mobile operators — attackers could disrupt routine activities by assaulting one of the low-protection network slices.
Given the novelty and complexity of 5G, many countries will source 5G equipment and expertise, thus raising the risk that potentially untrustworthy vendors will gain access to networks. The magnitude of this risk is compounded with 5G, as the network will be connected to a large number of devices, and critical systems and might create a single point of failure, opening the opportunity for malicious actors to attack multiple devices in different industries all at once.
Given its importance, it is hardly a surprise that 5G has become embroiled in geopolitics. As large-scale virtual networks make societies more interconnected and interdependent, the competition between great powers has transformed. The traditional geopolitical struggle to control fixed territories has moved to the virtual world. Network flows, unlike fixed territorial units, cannot be contained or controlled, only influenced. Thus, states gain power in networks by building and cultivating dependencies. First-mover advantage becomes critical.
As U.S. companies have all but abandoned cellphone infrastructure, the United States was left in the position of warning friends and allies that Huawei was a security risk without having anything to offer as an alternative. Hence the attraction of open-RAN. The U.S. argument is that Huawei’s close ties to the Chinese government raise suspicions about its intentions to influence 5G networks. Will Huawei use its 5G dominance to fundamentally reshape the internet to promote authoritarian values? China’s approach to internet governance promotes a structure that is closed, fragmented, top-down, and tightly controlled by the state. Censorship is prominent and data privacy is not a priority. Thus, the rising influence of Huawei and China in the wireless industry would drive internet governance and architecture, allowing China to proliferate technical standards, policies, norms, and even an internet architecture and vision that could challenge Western democratic values.
Despite security concerns over Huawei’s affiliation with the Chinese government, and despite the U.S. pressure and sanctions, Huawei is spreading around the world. The geopolitical context, neat and predictable during the Cold War, is now multi-polar, volatile, and complex. Alignments are opportunistic and situational. To make matters more complicated, private sector and international organizations have entered the game as independent players.
In navigating 5G’s tangle of convenience, security risk and geopolitical competition, two watchwords should guide U.S. policy.
The first: Cooperate with allies. In some respects, Europe is ahead of the United States in rolling out 5G. Moreover, many U.S. allies have taken the point about Huawei as a security risk, yet continue to be attracted to the company for sheer economic reasons. Open-RAN can be part of the response but so, too, would be encouraging the other western suppliers.
The second: Prioritize security from the start. Security risks are inherent in the architecture of 5G; they are not just an artifact of Huawei’s dominant market position. They need to be a first thought, not an afterthought.
Gregory F. Treverton is co-founder and chairman at the Global TechnoPolitics Forum. He stepped down as chairman of the U.S. National Intelligence Council in January 2017. He is a senior adviser with the Transnational Threats Project at the Center for Strategic and International Studies (CSIS) and is a professor of the practice of international relations and spatial sciences at the University of Southern California.
Pari Esfandiari is the co-founder and president at the Global TechnoPolitics Forum. She is a member of the advisory board at APCO Worldwide and served on the at-large advisory committee (ALAC) at ICANN. She was a nonresident senior fellow at the Atlantic Council’s GeoTech Center. She is a serial entrepreneur, internet pioneer, and an avid environmentalist.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.