Source: RUSI (Royal United Services Institution), by James Sullivan and Rebecca Lucas, February 2020.
THIS PAPER ARGUES that approaches to the security of 5G telecommunications networks should depend on national context, including the geographic location of equipment, national cyber security experience, vendor availability and cost. The main policy priority for states should be the implementation of pragmatic technical cyber risk management measures that protect against the majority of risks to 5G networks. In January 2020, the UK’s National Security Council made the decision to exclude Huawei technology from the most sensitive parts of the UK’s 5G network, while allowing it to supply peripheral components such as mobile phone masts and antennae. From a purely technical perspective, this was a practical and realistic decision that adheres to the principles of cyber risk management and reflects the expert view of the UK’s national technical authority, the National Cyber Security Centre.
This research identifies a range of measures to manage risk to 5G networks, including resilient network architecture, access management, testing and monitoring, and cyber security standards. The findings demonstrate how core and edge functions do remain technically distinct in 5G networks and highlight multiple ways to isolate and localise risks. It recognises that 5G poses new challenges for cyber security practitioners, owing to technical concepts such as virtualisation and low-latency communication, but concludes that there are measured ways to manage the risk.
The paper acknowledges that for some states, political and economic considerations may end up being the overriding factors that lead to the decision to ban a particular vendor from a particular state. This may be an entirely legitimate national approach. However, states must be clear about the extent to which political, rather than technical, factors inform their decision-making relating to 5G and other technology. Otherwise, it confuses the argument and undermines the authority of national technical experts.
Finally, the paper argues that 5G is one instance of a much wider set of issues around the globalisation of technology relating to the pivot of technology innovation from West to East. It recommends that states should rapidly identify those advanced technology areas where greater vendor diversity and/or sovereign technology is required and develop an industrial strategy to address these gaps.
To read the full paper click here