17 September 2018

Australia’s Actions Against Chinese Firms Ignite 5G Security Debate

By Dan Strumpf and Mike Cherney

Australia’s move last month to bar Chinese telecommunications-equipment manufacturers from the country’s 5G rollout over fears of cyberspying triggered debate over the security risks of the technology. Officials in Canberra, the Australian capital, cited national-security concerns as they ruled out bids from companies that they said could be used as agents for foreign governments—language that effectively banned Huawei Technologies Co., the world’s largest maker of telecommunications equipment, and its chief Chinese rival, ZTE Corp.ZTCOY 3.63%

Canberra’s reasoning was based on the belief that 5G networks will be more vulnerable to security breaches because they will be less centralized than current networks, with more sensitive network activity occurring in a multitude of locations closer to users. Japanese authorities are studyingthe prospect of a similar ban.

While ZTE has declined to comment on the decision, Huawei has vigorously disputed it, and the Australian government’s rationale is drawing scrutiny from some telecommunications companies and outside experts. The debate underscores broader concerns about the security of 5G networks, which are expected to facilitate a dizzying expansion in the number of internet connections and devices in the coming years.
Toward the edge

The U.S. has been taking an increasingly tough line on Huawei and ZTE. Washington has pulled the companies’ smartphones from U.S. military bases and stopped the companies from selling to the government. ZTE was subjected to a crippling monthslong ban on purchasing U.S. components for violating the terms of a settlement resolving earlier violations of U.S. sanctions on Iran and North Korea. And The Wall Street Journal reported in April that the Justice Department was investigating whether Huawei violated U.S. sanctions on Iran. Huawei declined to comment.

Both companies have been effectively blocked from major U.S. telecom networks due to fears their gear could be used by Beijing to spy on Americans, which the companies have long denied.

Canberra’s argument for keeping the Chinese companies out of its 5G networks hinges on a key distinction in the equipment used in telecommunications networks—equipment in the “core” and the “edge.”

The core refers to centralized equipment like data centers, which perform sensitive functions like access control, and voice and data routing. The edge is equipment on a network’s periphery like base stations and roadside boxes, which connect the core to consumer devices.

While previous generations of mobile networks provided clearer distinctions between edge and core, in 5G networks, sensitive core functions will migrate to the edge, Australian officials and outside experts say. This will help facilitate the faster speeds and greater number of internet connections of 5G networks, but Canberra says it also creates new vulnerabilities. Eventually, according to Australian officials, the distinction between core and edge “will disappear.”

“The shift introduces new challenges for carriers trying to maintain their customers’ security, as sensitive functions move outside the highly protected core environment,” according to the statement announcing the government’s decision.
The security debate

Huawei disputes that 5G networks are fundamentally different from existing networks. “There is no fundamental difference between 5G and 4G network architecture,” the company said in a statement. “The core networks and access networks are still separated.”

Although several independent experts confirm that some core and edge functions will merge over time in 5G, creating new security challenges, others say it’s not certain that the distinction will vanish altogether, they say.

“The simple answer is that Huawei is right,” says Mark Gregory, an associate professor at RMIT University in Melbourne, Australia, who focuses on telecommunications. The government’s rationale “is nonsense. It’s technically incorrect and it’s built upon a whole range of premises that are just wrong.”

Australia’s Department of Home Affairs, one of the agencies that issued the decision, declined to elaborate on it.

It’s true that to facilitate some types of technology promised by 5G, more network functions will have to move from the core to the edge, according to telecom experts.

Take self-driving cars, which will require superfast, continuous connections to keep vehicles running smoothly. Moving core functions to the edge will help speed along these connections, says Anand Prasad, chairman of the security working group of 3GPP, the international telecommunications industry group that sets 5G standards. Huawei and ZTE are members of that body, along with telecommunications companies from around the world.

“You decrease the communication delay by bringing the core network functions and applications close to the edge,” Mr. Prasad says.

This creates vulnerabilities, he says. But a network’s security “is dependent on several factors, including the product implementation and network design,” he says. “5G itself won’t create the security issues.”

Phil Marshall, chief research officer at Tolaga Research, a mobile-industry research firm, says that distributing more functions to the edge can actually boost network security in some instances—for example, a less centralized network would be less vulnerable to so-called distributed denial-of-service attacks, where a network is overrun with junk traffic.

No comments: