When I was a younger journal- ist in North East England, there was a joke going the rounds that Nissan had decided to set up on Wearside because one of the company executives thought he’d heard a shipyard worker speak Japanese. His hosts at North East Shipbuilders – the last remaining – shipyard of the once- many on the River Wear were astonished. “What did he say?” he asked. The Nissan executive told him he’d clearly heard the man say “Hiyeh, Marah, hoya hammah ower heyah.” In North- East dialect, that translates as “Hey, my friend, throw your hammer over here.” A silly story that reflects an age when far eastern languages were seldom if ever heard in the United Kingdom. In fact, few foreign languages of any kind were heard up there in the North East. My school French teacher once told the class in exasperation, when we were being especially dense, “you’ll probably never meet a Frenchman but you need to learn this to pass your exam”. The British have always been suspicious of foreigners and that may account for the UK’s seemingly suicidal decision to break links with its largest trading partner, the European Union. So where does that leave us with the Chinese tech giant, Huawei?
That rather depends, at least in part, on how close the UK remains to the Euro- pean Union. “Huawei is more commit- ted to Europe than ever before,” said Abraham Liu, Huawei’s Chief Repre- sentative to the EU Institutions. “We are looking forward to our next 20 years here. That’s why we have decided we want to set up manufacturing bases in Europe – so that we can truly have 5G for Europe made in Europe.” This was said at a big event at the Concert Noble in Brussels to mark Chinese New Year, in front of 450 invited guests. The future belongs, for now, to 5G (5th Generation), of the 5G revolution as quickly as possible, Huawei offers by far the fastest solution. Despite threats that having Huawei develop the network could compromise intelligence sharing, British Prime Minister Boris Johnson has given it the go-ahead, at least for what are called the ‘non-core’ (less security sensitive) parts of the 5G network, an idea that has been heavily criticised, as you will discover. The US and Australia have already banned Huawei from involvement in their 5G networks and the other partners in the “five eyes” security network – New Zealand and Canada – remain undecided. The US attitude seems the most extreme, with National Security Advisor Rob- ert O’Brien being quoted as saying: “They are just going to steal wholesale state secrets, whether they are the UK’s nuclear secrets or secrets from MI6 or MI5.” If that sounds vaguely hysterical, O’Brien went on to say: “It is somewhat shocking to us that folks in the UK would look at Huawei as some sort of a commercial decision. 5G is a national security decision.” In May last year Trump signed an executive order, bar- ring US companies from using telecom equipment made by companies that, in his view (and that of O’Brien, one assumes) pose a national security risk. In other words, Chinese companies. It’s a view dismissed by Huawei’s Liu as: “politically motivated suspicion”. Huawei’s own reaction to the UK deci- sion is, of course, one of considerable relief. “Huawei is reassured by the UK government’s confirmation that we can continue working with our customers to keep the 5G roll-out on track,” says the company’s media service. “This evidence-based decision will result in a more advanced, more secure and more cost-effective telecoms infrastructure that is fit for the future. It gives the UK access to world-leading technology and ensures a competitive market.” The statement includes a little bit of fur- ther reassurance: “We have supplied cutting-edge technology to telecoms operators in the UK for more than 15 years.”
The problem for most people (myself included) in making decisions regard- ing 5G and its inherent risks is that its benefits are told in the language of jargon. Consider this list of its advantages over 4G from Qualcomm’s web- site: “Scalable OFDM numerology with 2n scaling of subcarrier spacing; Flexible, dynamic, self-contained TDD subframe design; Advanced, flexible LDPC channel coding; Advanced massive MIMO antenna technologies;
Advanced spectrum sharing techniques.” I’m sure it means lots to the techies but it rather leaves the rest of us more confused than before. And as for Britain’s decision to go ahead with Huawei, Johnson has said that the Brit-ish people deserve access to the latest technology and there’s really no via-ble alternative to Huawei. He told the Guardian newspaper “We want to put in gigabit broadband for everybody. Now if people oppose one brand or another then they have to tell us what’s the alternative.” Huawei currently controls around 28% of the infrastructure market, so he has a point. PC Mag also quotes the head of MI5, Sir Andrew Parker, who, in an interview with the Financial Times, said there is “no risk” that the decision to use Huawei would compromise US-UK relations. Intelligence sharing, he said, “is, of course, of great importance to us. And, I dare say, to the US, too, though that’s for them to say. It’s a two-way street.”
TALKING TOUGH, THINK- ING COMPROMISE
The EU has also been agonising over involving Huawei in its 5G plans, with the European Commission opting for compromise. According to the South China Morning Post, “the EU plan, which closely mirrored rules set out by Britain allowing a limited role for Huawei, stopped short of barring the company from the next-generation communications network designed for near-instantaneous data transfers.” Which will probably come as a relief in European capitals, if not in Washing- ton. “Those guidelines were the fruit of months of agonising within the EU,
which has struggled to find a middle way to balance Huawei’s huge domi-nance in the 5G sector with security concerns pressed by Washington. A ban on Huawei will now ultimately be up to member states, but the European Commission’s middle road recommendations give cover to European capitals to resist pleas from Washing- ton.” The controversy was addressed at that Chinese New Year event, of course. “Huawei welcomes that the EU has added clarity to the process. Now we can jointly plan ahead to make sure 5G deployment in Europe will happen according to the highest Cybersecurity standards,” said Sophie Batas, Huawei Director for Cybersecurity and Data Privacy.
Tamara Tafra, Counsellor for Cyber Issues at the Permanent Representation of Croatia to the EU, noted that “2020 is an important year for rolling out 5G in the EU and the Croatian Presidency of the Council of the European Union fully supports this objective”. Croatia, of course, had just taken over the rotat- ing EU presidency.
Huawei’s Abraham Liu told the Con- cert Noble gathering: “The global sup- ply chain depends on collaboration and building mutual trust. Companies should be treated fairly and equally. A competitive market benefits everyone.” Few would disagree with that, but over- coming the obstacles, mainly raised by Trump and his team, has posed a few problems along the way, admits Liu: “The recent decisions by the UK Government and the EU with the toolbox enabling Huawei to continue to be a major participant in the 5G roll-out, support this. Their emphasis on a fact- based, fair approach to a multi-vendor model, founded on verification as well as trust is what we believe should be the standard globally.” However, the European Commission, not untypically, has left a final decision on using Huawei to individual member state governments. It has recommended merely that they “limit” the use of “high risk” companies, not ban them as the Trump administration had demanded during a lengthy campaign. “The recommen- dations are as far as the European Union can go in dictating policy to its member nations,” reported the New York Times, “whose governments will have the final word on whether and how they want to let Huawei help build their next generation of wireless telecommunications networks.”
What the EU has agreed to is what they call, to which Liu referred and in typical Euro-speak, “the 5G Toolbox”, whose objectives are to identify a pos- sible common set of measures capable of mitigating the main cybersecurity risks of 5G networks. They are also supposed to provide guidance for the selection of measures which “should be prioritised in mitigation plans at national and at Union level,” says the Commission. Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, said: “We can do great things with 5G. The technology supports personalised medicines, precision agriculture and energy grids that can integrate all kinds of renew- able energy. This will make a positive difference. But only if we can make our networks secure. Only then will the digital changes benefit all citizens.” Meanwhile, Thierry Breton, Commissioner for the Internal Market, said: “Europe has everything it takes to lead the technology race,” except, we must assume, huge tech companies capable of building the systems adequately and in time. He continued: “Be it developing or deploying 5G technology – our industry is already well off the starting blocks. Today we are equipping EU Member States, telecoms operators and users with the tools to build and protect a European infrastructure with the highest security standards so we all fully benefit from the potential that 5G has to offer.” The Commission stresses that “While market players are largely responsible for the secure rollout of 5G, and Member States are responsible for national security, 5G network secu- rity is an issue of strategic importance for the entire Single Market and the EU’s technological sovereignty. Closely coordinated implementation of the toolbox is indispensable to ensure EU businesses and citizens can make full use of all the benefits of the new technology in a secure way.”
OVER THE MOON
We shouldn’t forget the massive advances made by China in technological terms over recent years. In January this year, China managed a techno- logical first by successfully landing a spacecraft, the Chang’e-4, on the far side of the Moon. No other nation has tried that and it presents particular challenges, all of which they have over- come: the landing site can neither be seen nor contacted by scientists back on Earth; data must be self-generated by an intelligent lander and bounced off a satellite circling the Moon. It’s an achievement that reflects the ambitions of Chinese leader Xi Jinping and explains why scientific companies in China are getting lots of investment. The country has spent and continues to spend billions on developing machines deep underground to track down nutrinos and dark matter. It has also invested heavily in a variety of institutes set up to investigate such arcane scientific fields as quantum communications, genomics and renewable energy. China is – and wants everyone to know it is – a leading player in the field of technology. Its spending on research and technology expanded ten-fold between 2000 and 2016, and it now plans to build the world’s larg- est particle accelerator, built within a shielded loop with almost four times the circumference of the Large Hardon Collider on the French-Swiss border. It will require outside investment; even China isn’t that rich. But it continues its work on quantum mechanics and its possible uses in computers and
cryptography. In fact, China is a world leader in the field. Chinese scientists are well to the forefront in gene editing techniques and stem-cell research, too, and they are working on new types of compact nuclear reactors that will be cheap and yet still able to generate vast quantities of electricity. It’s all laudable stuff made possible by China’s wealth and facilitated by Xi’s global ambitions.
Germany has yet to make a final decision on getting Huawei involved in its 5G network. Its position is complicated by the fact that German car makers such as Daimler, Audi, BMW and VW export a lot of vehicles to China; it is a very major market for German-made vehicles. But to gain that access, the automobile companies are having to work closely with Chinese tech com- panies, including Huawei, and Ger- many fears losing its control. Germany has come under enormous pressure from the Trump administration, which sees Huawei as a potential ‘Trojan horse’, opening a back door to espio- nage. Washington is also suspicious of Europe’s commitment on security. On the other hand, China is also pre- pared to turn the screws, as the New York Times reported: “If Germany were to make a decision that led to Huawei’s exclusion from the German market, there will be consequences,” Wu Ken, China’s ambassador to Ger- many warned last month. “The Chinese government will not stand idly by.” Does that sound like a threat to you? That is how it is being interpreted in Germany: exclude Huawei and your access to the massive Chinese market could suffer. Caught between Beijing and Washington, what is Germany to do? The signs are that Angela Merkel will choose Huawei over Trump. Her carmakers have too much to lose oth- erwise and Germany has a lot to gain from 5G.
The potential for software to have weak spots is clearly greater in 5G, as the European Commission acknowledges. “With 5G networks increasingly based on software,” says its website, “risks related to major security flaws, such as those deriving from poor software development processes within suppli-ers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.” ‘Threat actors’, I suppose, are simply potential participants who may pose a threat. It’s worth noting, however, that when Huawei equipment was given a close examination by Britain’s GCHQ intelligence centre, no such loop-holes were found. GCHQ’s only criticism concerned poor build quality, which Huawei said it would address. Hardly a ringing endorsement but nor is it likely to generate fears about disrupting nuclear power stations or stealing state secrets. The Commission’s assessment does look at other kinds of potential threat, how- ever, such as “an increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attack paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed, are considered as the most serious ones and the most likely to target 5G net- works.” Certainly, we have seen weaknesses exploited by state-sponsored operators to disrupt or destroy import- ant on-line services, usually to extract money but sometimes just to annoy or inconvenience the country concerned. In the past however, the weakness has often come down to a failure in basic maintenance or a failure to update to a more modern operating system. The Commission suggests this stems in part from an over-reliance on a particular supplier. “A major dependency on a single supplier increases the expo- sure to a potential supply interruption,” says the Commission, “resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.”
The European Union Agency for Cyber Security, ENISA, says that as networks have developed and moved on through the various levels of complexity and application, so, too, have the threats. It provides a useful synopsis: “In the first generation (1G) of mobile networks, mobile phones and wireless channels became a target for illegal cloning and masquerading. In the second generation (2G), message spamming became common, not only for pervasive attacks but also for injecting false information or broadcasting unwanted marketing information. In the third generation (3G), IP- based communication enabled the migration of Internet security vulnerabilities and threats into the wireless domain. With a growing demand for IP based communications, the fourth generation (4G) enabled the proliferation of smart devices, multimedia traffic, and new services into the mobile domain. This development led to a more complex and dynamic threat landscape 4,5 (an intermediate step between 4G and 5G). With the advent of the fifth generation (5G) of mobile networks, security threat vectors will expand, in particular with the exposure of new connected industries (Industry4.0) and critical services (connected vehicular, smart cities etc.).” Yes, quite: nobody wants to see their self-driving vehicle hijacked by a homicidal lunatic, or a simple instruction to turn on your heating at home in your absence being changed into an instruction to unlock the cat flap or turn on the washing machine.
Again, the Commission has been considering all of this and issued a communication that includes this paragraph: “The dependence of many critical services on 5G networks would make the consequences of systemic and widespread disruption particularly serious and, given the intercon- nected nature of the digital ecosystems, could have significant impacts beyond national borders. As a result, ensuring the cybersecurity of 5G networks is an issue of strategic importance for the Union, at a time when cyber-attacks are on the rise, more sophisticated than ever and coming from a wide range of threat actors, in particular non-EU state or state-backed actors. Regarding the security of critical infrastructures as 5G, the approach chosen is to define, for the first time, a common European approach. This approach is in full respect of the openness of the EU internal market as long as the risk – based EU security requirements are respected.”
Reading all of these carefully couched statements, larded with caveats galore, one gets the impression that no-one, not even the Commission or ENISA, really knows what to expect and just what the risks may be. While teams of experts have been busily working out what they think COULD go wrong, groups of hostile foreign countries and cyber criminals have been sitting down and, with more definite focus, working out what really WILL go wrong (with their help) and how best to achieve it. If I may quote here what is known as Murphy’s Law: “Anything that can go wrong will go wrong.” The law is named after Captain Edward A. Murphy, incidentally, who worked on an US Air Force project to see how much deceleration a human can survive in a crash. I dread to think what caused him to utter those discouraging words.
In the Commission’s official response to the 5G question, there is no men- tion of Chinese companies in general, nor of Huawei or ZTE, the other front-runner, in particular. Indeed, the proposal is very general but member states would do well to note it. As the European Council on Foreign Relations points out: “The competencies of the commission in the area of network security are limited, and the suggestions in the toolbox are non-binding. But, there is a strong case for member states to implement the measures, given that they were devised by the NIS Cooperation Group, the entity tasked with drafting an EU response, which is composed of representatives of member states, the commission, and the EU Agency for Cybersecurity and where they all work jointly on the group’s proposals. In other words, when drawing up new national rules on network security, it is virtually not an option for member states to fail to take account of the risk-mitigation measures that the NIS Cooperation Group has devised.” The document stresses the very problems highlighted by Boris Johnson when he agreed to accept Huawei as a supplier of “non-core” facilities: there are too few alternatives, although this is no excuse for not taking action to put that right, perhaps by encouraging European competitors to the Chinese. “Contrary to the often-repeated assumption that this limited supply implicitly calls for a role for Chinese vendors, the opposite holds true: the current dominant role of Chinese kit in European existing 3G/4G infrastruc- ture in many member states is a problem and this situation should, according to the EU recommendation in the toolbox, be mitigated in 5G networks. At the same time, the diversity of the supply should be guaranteed by targeting subsidised vendors directly with anti-dumping/anti-subsidy measures,” says the ECFR, which also sees an opportunity to give a welcome boost to EU-based tech firms: “The EU appears set to use the tools it has available to enhance European technological sovereignty. This includes EU Research & Innovation Funding programmes as well as industrial policy tools and the foreign direct investment screening mechanism, which was one of the key achievements of 2018-19, designed in light of Beijing’s market-distorting practices and demonstrating the possibilities of united European action.” This does not mean, of course, that in the longer term the EU will turn away from Chinese suppliers: “An outright ban on high-risk vendors will unlikely lead to the best and most favourable economic results. Its reasonable suggestion is that each member state, depending on its specific timeframe of deployment, should devise a plan for reducing dependencies.” It would seem Huawei has little to worry about in the short to medium term, anyway.
Johnson’s announcement of allowing Huawei only into ‘non-core’ areas of 5G has been dismissed as unfeasible by Janka Oertel, a senior policy fellow at the ECFR and Director of its Asia Programme: “While politically this sounds like a nice compromise, from a technological perspective the distinction makes limited sense in the new generation of networks,” she says in a report posted in December. “To achieve the desired combination of high speed and ‘low latency’ – which is necessary for advanced 5G applications, from autonomous driving to industrial applications in manufacturing – base stations are now more than the mere antennae they were in the past. They are becoming smart, as core functions are moved to the edge of the network and computing can take place closer to the end user in the base station. Pretending that there would be a clear-cut distinction – between a core network that can be secured and the radio access network – is an illusion.” Smoke and mirrors, then, or an attempt to get on with 5G without upsetting Washington too much? It seems unlikely that tech experts in the US will not have spotted this flaw, too.
Meanwhile, Vodafone have announced that they plan to remove Huawei equipment from core parts of its mobile network across Europe at a cost of €200-million, even though Oertel has said the move would, in all prob- ability, be technically pointless. The company has warned, however, that if other EU countries choose to fol- low the UK’s lead with a 35% cap on using Huawei equipment in non-core parts of the network, it could delay the roll-out of 5G in those countries by between two and five years. That doesn’t seem likely to be a price any of them would choose to pay. Other providers have already made clear that restricting the use of Huawei material in creating 5G networks, while new Europe-based suppliers are brought up to speed, would cost hundreds of mil- lions of euros. It’s all about trust. Do you trust Huawei? Do you trust China?
Do you trust Trump? Looking at the facts through the eyes of European media, the answers would seem to be a reluctant ‘yes’ and two definitive ‘no’s.
As for Huawei itself, its position regarding the UK decision and the European Commission’s 5G toolbox was made clear at the end of January in Brussels. “Huawei welcomes that the EU has added clarity to the process,” said Sophie Batas, Huawei Director for Cybersecurity and Data Privacy. “Now we can jointly plan ahead to make sure 5G deployment in Europe will happen according to the highest Cybersecurity standards.” In its own list of cyber security measures, Huawei points out that 5G will allow the almost 50% of the global population access to the Inter- net they cannot currently enjoy. It’s got to mean more than just a few extra friends you really don’t know on social media. As to US fears of espionage and access being gained to sensitive facilities, Huawei has an answer to that, too. “No matter whether it is a technical risk or a non-technical risk, we must make judgments and decisions based on facts. Just like this quotation from the former President of the United States, Abraham Lincoln, which is now written on the walls of the Chicago Tribune Hall: ‘Let the people know the facts, the country will be safe’.”
Donald Trump won’t agree and in this most difficult of judgements, it’s truly hard to know truth from fiction (or faction?). Here’s my prediction: 5G will bring undoubted benefits, mainly for industry and commerce but also a little for us. We’ll have street lighting that only lights up when a person or vehicle approaches and ground-level glow for cyclists; a visit to the doctor will mean accessing his/her/its avatar on your laptop; banking transactions will be done – literally – in the blink of an eye; personalised animated adver- tisements will address you by name as you walk around a supermarket, trying to persuade you to buy something you had never thought of and don’t want. Some sly financial companies will find ways to use 5G to extract more money from you and me by newly-discovered semi-illicit means. It will save a life here, it may cost one there. In fact, it will be like every other new innovation about which everyone is unsure and nervous before it arrives. And after somebody cracks quantum computing and 6G is introduced in a few years’ time, it’ll be old hat.
T. Kingsley Brooks
Click here to read the 2020 March edition of Europe Diplomatic Magazine