A Multilateral Approach to 5G Safety

By Joakim Reiter, Chief External and Corporate Affairs Officer

For the past four years, Washington and Beijing have been locked in an epic battle over 5G dominance. How this saga will play out under President Biden is unclear.

In their first call, Biden and China’s Xi Jinping addressed human rights issues and Taiwan, but the leaders reportedly did not take up 5G directly. Though the administration has indicated it would be looking at adding "new targeted restrictions" on sensitive technology exports to China, its reticence to tackle 5G matters means the fate of the previous administration’s ban on Huawei, and its position on China’s role in global technology supply-chains more broadly, remains uncertain.

The supply-chain issue was long controversial between the U.S. and key allies; President Trump, along with Democrats and Republicans in Congress, asserted that Chinese equipment and technologies posed an unacceptable security threat due to the Chinese government’s ability to influence its companies and citizens worldwide. The Trump Administration decreed to allies that they immediately ban any such “high-risk” equipment and technologies altogether from their 5G networks.

The United States has legitimate concerns over the safety of current and future telecommunications networks, and the core of these concerns are broadly shared among its allies and the industry at large.

But its approach under President Trump missed the realities on the ground in Europe and elsewhere: Equipment from Chinese vendors comprises some 30-40% or more of the installed base of 4G equipment, which, in Europe, underpins our 5G networks. Any rushed ban in 5G would thus require the simultaneous reconstruction of existing 4G networks; this rip and replace of existing equipment would not only cost billions but take years to accomplish.

Truth be told, the Trump Administration got certain things right on 5G: pushing (in some quarters, at least) the promise of global Open Radio Access Network (Open RAN) and, more generally, raising the awareness of supply-chain security. Network security is a vital national interest; the Trump Administration got that part right, too.

But the dissonance in the diplomatic dialogue between Washington and European allies was always deafening, and herein lies the opportunity for President Biden, who has pledged “repair our alliances and engage with the world once again.” One promising place to start is America’s 5G policy.

In the U.S., Huawei and ZTE occupies a small (single digit) percentage of the installed equipment base, and almost all of that exists in the networks of small regional operators. In other words, if using equipment from Chinese suppliers presents an existential risk, and must be eradicated, the problem in the U.S. is relatively contained. Even so, and in sharp contrast to its diplomatic positioning, the US government has actually progressed very slowly and cautiously with its domestic plans to take out the already installed equipment of Chinese origin.

Globally, in contrast, Chinese vendors represent around half of the telecommunications equipment market. So, when an American president demands allies abstain from putting equipment from Chinese suppliers in their networks, it ignores the reality that the equipment in most cases is already in place.

Simply put, the economics of rip and replace are nearly impossible for European carriers because it would cause massive disruption to networks on which hundreds of millions of Europeans already rely on for communications and economic activity.

President Biden has promised to practice the politics of unity and multilateralism. A multilateral approach to 5G safety can be cautious and ambitious, recognizing that threats and risks can arise regardless of the country of origin. When it comes to safety, our mantra as a network operator is, “trust no one”. All equipment can be vulnerable — until and unless — it can demonstrate otherwise.

5G security is just one, albeit large, piece of the much bigger puzzle of how to secure our future connected digital societies. The reality today is that hackers, state-sponsored or otherwise, can do significant damage irrespective of the country origin of the hardware or software. The SolarWinds attack is one recent and harsh reminder of this essential point.

In fact, the “softwarization” of economies is a tremendous cyber security challenge, even in an imaginary world where all software originates domestically. Industry and governments have spent decades developing systems to trust the safety of hardware, through standards, technical regulations and certification procedures. But, as products become defined by their software, the well-oiled system for hardware assurance is quickly becoming obsolete. The reality is that there is no equivalent global, regional or even national system to ensure the safety of software, a glaring gap that must be treated with utmost urgency.

In such a world, a blunt and binary tactic of “bans” is short-sighted. The only thing we know for sure is that we will never be 100% safe. Bans won’t fundamentally enhance or improve a country’s security; in fact, it may actually degrade our collective ability to deter attacks and to improve resilience.

None of this is to argue for the status quo.

Operators are enthusiastic supporters of expanding the number of network suppliers. The global Open Radio Access Network, or Open RAN, project is promising. The goal is to produce networks that can run on general-purpose computing platforms that are interoperable, open and trusted. Open RAN will radically transform how we acquire equipment and build, run and modernize networks, changing the business models of vendors and network operators. It remains an overlooked and precious piece of the 5G safety puzzle.

As the Biden Administration plots a new path for America, it may well conclude it can solve the 5G safety conundrum—and, more broadly, lead in improving security in a digital age—by means of diplomacy, playing the lighter notes and galvanizing earnest multilateralism rather than thunderous decrees and unilateral edicts. If so, allied governments and industry can unify around a future of truly safe and resilient communications networks.

This article was first published on RealClear Policy on 29 March 2021.