The View from Seoul: How the US Huawei Ban Highlights the Risks of 5G > Articles

Skip to container

팝업레이어 알림

팝업레이어 알림이 없습니다.

A JOURNAL OF THE EAST ASIA FOUNDATION GO TO WWW.KEAF.ORG

사이트 내 전체검색
Articles
The View from Seoul: How the US Huawei Ban Highlights the Risks of 5G
By Sun-sook Park

Article 14 of China’s National Intelligence Law, passed in 2017, granted intelligence agencies the authority to demand businesses and citizens to “provide needed support, assistance, and cooperation” for any intelligence work. This was a watershed event in international relations, for not only did it undermine international norms, it threw global markets into turmoil by blurring the line more than ever between companies such as Huawei and the Chinese government. The lack of transparency surrounding Huawei’s connections to the Chinese Communist Party (CCP) and the Chinese military, 1 along with its obligations under the National Intelligence Law, have led US authorities to ban Huawei equipment due to espionage concerns. 2 However, the timing of the Huawei ban compels us to ask the question — why wasn’t this issue brought up earlier, before Huawei dominated the 3G/4G markets?

 

The advent of the 5G era, with the vast benefits and risks that accompany it, has compelled the US to break from its usual pattern of Chinese engagement. The current trade war is markedly different than past US-China trade tensions, and is being waged on much more aggressive and hawkish terrain. US claims of Chinese “economic aggression” by way of physical and cyber-theft of American technologies and intellectual property, demands for structural reform in China, declaring a national emergency on information security, pinpointing a specific Chinese company as an “adversary,” and, in particular, Washington’s pressure on its allies to join the anti-Huawei campaign all signal a new phase in US-China competition under the flag of 5G.

 

The 5G challenge


One can summarize the significance of 5G in one word: hyperconnectivity. 5G is not merely an extension of 4G, but is the key to unlocking a pivotal moment for the world economy. It represents the beginning of a new age in connectivity, where a myriad of things — people, families, industries and devices — can connect and communicate both instantaneously and simultaneously. The speed and intricacy of 5G means that future industries such autonomous vehicles, renewable energy and remote surgery will open new doors for innovation and productivity. Its potential turns it from a mere buzzword into something carrying enormous macroeconomic and geopolitical advantages. The arrival of 5G will also herald a new age in military technology and a potential shift in the balance of power as we know it. It is for this reason that 5G has become the Achilles heel in US-China trade tensions and why the US is targeting Huawei.

 

He who controls 5G controls the world because of the overwhelming importance of telecommunications grids and networks for a nation’s prosperity. US President Donald Trump’s aggressive stance signifies that he is keenly aware of the importance that 5G holds for the US — however, the question of whether his “anti-Huawei alliance” is a feasible strategic choice remains unanswered.

 

5G and technological sovereignty


In the digital age, minimizing vulnerabilities in national telecommunications networks is not only the key to protecting data, but is a matter of national sovereignty. The ability to fully secure networks will be necessary in order to fulfill the state’s obligations. In order to protect the digital rights of its people and businesses, states must be able to maintain full control over secure, robust networks.

 

5G networks hold the promise of revolutionizing the digital economy, but they also carry a host of cybersecurity risks that governments must address. There are two main camps in the international debate surrounding why 5G warrants so much caution: first, 5G’s inherent weaknesses due to its structural design, and second, the nature of the sectors that 5G will power render it highly sensitive. In order to deliver data packets instantaneously, 5G networks require high-volume communications with low latency. The distance between network components — sensors, antennas, base stations, etc. — needs to be shortened to create a tightly knit web of communication. In the past, the centralized nature of prior generations meant that sensitive functions only occurred in the core of the network — as long as the core was safe, the network was safe. However, 5G networks are decentralized, with certain core functions being carried out on the periphery. Thus, the argument is, the web-like structure of 5G carries inherent security risks: the blurred lines between core and non-core functions could mean that one vulnerable antenna on the periphery could jeopardize the entire network. In this argument, the greater number of components required to set up 5G networks exponentially expands not only the number of vulnerable points, but also exacerbates the consequences of a single attack. There is no global consensus on this argument, however — while France has emerged as a strong proponent of the structural design argument, the UK maintains that core and non-core functions will still play very distinctive, separate roles in 5G, choosing its security scrutiny on “core” components.

 

The second issue relates to where 5G will be deployed — while previous mobile network generations were used mainly for voice and data services, 5G will become the basic building block powering critical sectors that require the most stringent standards of security. The damage that a malicious actor with access to a 5G network could wreak on sensitive areas such as connected cars, remote surgery, and especially national security/military operations is unfathomable.

 

The security concerns around 5G deployment are thus not specific to Huawei or any other Chinese company. Its core lies not in politics, but is a matter of technical sophistication. Policymakers must enforce robust quality standards, and manufacturers must make mitigating product flaws their highest priority.

 

Europe’s approach to securing 5G


Early in March, the European Parliament passed a resolution expressing “deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorized access to private and personal data and telecommunications from the EU.” 3 Following the resolution, the European Commission released its Recommendations on Cybersecurity of 5G Networks, 4 which urged member states to perform national risk assessments of 5G network infrastructure, and update existing security requirements for network providers as needed. While the concerns of the EU may seem to buttress Trump’s anti-Huawei campaign, it is more appropriate to use the EU approach as a contrast to that of the US.

 

The resolution calls for a “network that is secure by default and by design,” 5 and urges member states to collaborate with the commission to “explore all available means to ensure a high level of security.” 6 The language of the resolution, especially its emphasis on “security by default and by design,” echoes the EU’s General Data Protection Regulation (GDPR), the EU’s main data privacy directive. This shows that this resolution is an extension of the EU’s GDPR commitments to protect the digital privacy rights of member states, more than an effort to curb the rise of Chinese influence.

 

On a national level, we can look to the approaches that the UK and French governments have taken on 5G security concerns. The UK Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, first established in 2014 and comprised of senior representatives from across government and the UK telecommunications sector, released its fourth annual report in July 2018. The report criticized Huawei’s flawed engineering processes and its failure to keep sufficient control over critical third-party software, concluding that the Board could offer only “limited assurance”that Huawei’s UK operations posed no threat to national security. 7

 

Norman Lamb, Chair of the UK Parliament’s Science and Technology Committee, sent a letter pressing Ryan Ding, the Executive Director of Huawei’s UK operations, over the HCSEC report. 8 In his reply, Ding noted that Huawei’s engineering had “room for improvement,” and revealed plans to invest $2 billion over five years to improve software engineering capabilities. A subsequent HCSEC report, published in March this year, found that significant security problems within Huawei were still present, such as “extensive non-adherence to basic secure coding practices, including Huawei’s own internal standard.” 9 Despite these criticisms, the Board concluded that it did not believe these defects were the result of Chinese state interference, 10 and reports on the May National Security Council meeting revealed that then-Prime Minister Theresa May had given a green light to Huawei supplying non-core equipment, putting the UK at odds with the US.

 

As mentioned earlier, the French have taken a tougher approach to 5G equipment security compared to the UK. While the UK has maintained that distinctions between the core and non-core exist in 5G, France’s opinion is that 5G is inherently vulnerable. The decentralized, web-like architecture of 5G means that even antennas — not just the core — can pose serious security vulnerabilities to the entire network. In July 2019, the French Parliament gave its final approval for the text of a new 5G security law that provides a legal framework for protecting such networks. 11 The legislation, which cites national-security concerns, would require all 5G network equipment to undergo a prior authorization system before deployment in future networks. Should the permanence, integrity, security, network availability or confidentiality of data passed through certain 5G products or networks be deemed to pose a serious risk to the defense and national security interests of France, the prime minister is authorized to reject a telecom operators’ plans to roll out a 5G network. Any operator who uses unauthorized equipment, or does not adhere to the conditions of approval, is punishable by law.

 

South Korea’s stance on 5G and the Huawei problem


In preparation for the launch of 5G services, the South Korean National Assembly began discussing the concerns surrounding Huawei equipment and 5G security guarantees in 2018. An important point to remember is that both the decision to launch 5G, 12 and the subsequent rollout of 5G services occurred well before US President Donald Trump began his anti-Huawei campaign. In response to parliamentary inquiries, the government has maintained that as a principle, “the decision to use Huawei equipment is not something that the government should, or will, dictate… Huawei, Nokia, Ericsson, and Samsung are all held to the same level of required quality standards and security provisions.”

 

The Expert Advisory Council on 5G Security, set up by the government following parliamentary calls for a policy response to 5G security concerns, has been monitoring further 5G network operations in South Korea since 2018. As of March this year, the council has finished performing a comprehensive technical review of the equipment deployed in the base stations of all three carriers — Huawei, Ericsson and Nokia — and has been convening regularly to discuss technical and policy solutions.

 

Talks about how to best approach the Huawei issue are ongoing between the US and South Korea. In order to reach a pragmatic and specific solution, it is paramount for both parties to keep in mind the importance of the US-South Korea alliance and the long history of mutual trust that both countries have fostered over decades. Although the methods that governments choose may differ, all states share a common goal: to protect the data of our citizens and our technological sovereignty, while minimizing the perils of hyperconnectivity.

 

How events will unfold regarding 5G and Huawei remains to be seen. Only the US and South Korea have successfully deployed 5G services, and the lack of sufficient data about the distribution of 5G equipment by manufacturer makes it difficult to reliably predict how global markets will change, or identify what specific security problems will arise. The uncertainty surrounding 5G has thus led to a variety of different approaches by states, ranging from the UK’s “restricted access” strategy, which excludes Huawei from core functions but not from non-core functions, to that of France, which takes issue with both core and non-core functions, requiring operators to gain government clearance before deploying any 5G equipment.

 

In today’s world, where 5G has been deployed only in telecommunications, the UK strategy may seem pragmatic. Yet, in the future, when 5G becomes the backbone of society, powering our automotive and health industries, we may see the French approach as the answer. Ultimately, there is no way to know what the “right way” is. However, one thing is clear: full security guarantees will become a necessity for all manufacturers, not just Huawei; and scrutiny over technical robustness will only intensify in the future. Competitiveness in the 5G market will ultimately rely on how resilient one’s products are against any and all threats, and we can expect manufacturers to make this their highest priority going forward.

 


References

1 Recent reports from the Henry Jackson Society found many Huawei staff had either worked on joint projects, or had backgrounds in the Chinese People’s Liberation Army. The opacity behind the activities of Huawei’s Communist Party of China Organization is also a point of concern for many observers.


2 In response to parliamentary inquiries, Huawei Korea replied that they’d never received any demands to release information or data regarding their business operations or users by the Chinese government (December 2018).


3 “Security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them,” European Parliament, March 12, 2019, www.europarl.europa.eu/doceo/document/TA-8-2019-0156_EN.html

4 “Recommendation on Cybersecurity of 5G Networks,” European Commission, March 26, 2019, https://ec.europa.eu/digital-single-market/en/news/cybersecurity-5g-networks

5 European Parliament, “Security threats.”


6 Ibid.


7 “Annual Report 2018,” Huawei Cyber Security Evaluation Centre Oversight Board, July 19, 2018, assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/727415/20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf


8 “Security of the UK’s communications infrastructure,” UK Parliament Science and Technology Committee, Jan. 15, 2019, www.parliament.uk/documents/commons-committees/science-technology/Correspondence/190115-Chair-to-Huawei-re-Communications-Security.pdf


9 “Annual Report 2019,” Huawei Cyber Security Evaluation Centre Oversight Board, March 28, 2019, assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf


10 Ibid.


11 “Loi visant à préserver les intérêts de la défense et de la sécurité nationale de la France dans le cadre de l’exploitation des réseaux radioélectriques mobiles,” Sénat Français, www.senat.fr/dossier-legislatif/ppl18-454.html


12 On Dec. 1, 2018, South Korea became the first country to launch commercial 5G services. Of the three mobile network operators in Korea — SK Telecom, LG U+, and KT — LG U+ is the only carrier that uses Huawei equipment in its 5G operations.

Back to Issue
    5G technology is poised to open a pivotal moment for the world economy due to its promise to connect people, products and processes in ways never before seen. This hyperconnectivity carries with it massive risks and challenges due to its highly decentralized nature. In areas such as military technology, it could pose huge risks and even shift the balance of power. This is why the United States has mounted such an aggressive challenge to the leading role Huawei is playing in 5G. Hype aside, it really does change the game. But it is far from certain, writes Sun-Sook Park, that any one national approach will prevail in dealing with potential 5G vulnerabilities.
    Published: Sep 26, 2019
    About the author

    Sun-Sook Park is a member of the South Korean National Assembly.

    Download print PDF

List

No Reply


About Us Latest Issue Back Issues Article Search How to Subscribe Advertise with Us Submit an Article Forum Privacy Policy
Global Asia, The East Asia Foundation,
4th Fl, 116 Pirundae-ro, Jongno-gu,
Seoul, Korea 03035
Business Registration Number: 105-82-14071
Representative: Ro-myung Gong
Tel. +82 2 325 2604
General: info@globalasia.org
Editorial: editorial@globalasia.org
Subscribe: subscriptions@globalasia.org
Advertising: ads@globalasia.org
This website
© 2016 by the
East Asia Foundation.
All rights reserved.
EAST ASIA FOUNDATION