Posted on October 10, 2019 at 1:08 PM
The European Commission and the European Agency have grave concerns about the 5G network. They cite the reliance on a single supplier and the larger amount of software that 5G relies on as an increased amount of risk for attack. Essentially, they think 5G has too many badly made moving parts to be safe for use at this point in time.
In dramatic plays, the term “Dramatic Irony” describes events where the viewers know what is happening, even if the actors portraying the play act as if they don’t. There was a very large amount of dramatic irony in a report published by the European Commission and the European Agency for Cybersecurity.
This report came out on Wednesday and pointed out various security issues that would lead to the full adoption of the 5G network. The report states that a redesign of 3G and 4G networks are needed and, in one of the most amazing displays of dramatic irony within politics yet, didn’t mention Huawei even once.
The main issue the report cites is the heavier reliance on software within 5G. Things like network visualization and slicing are cited, with the lack of relevant skills within telco companies will force them to rely on the supplier for assistance.
The report puts extra stress on the vulnerability of relying on the supplier. Taking great pains to specify that a supplier not within the EU would give them more trouble than without. Again, not a single whisper of Huawei is in this report.
The report stated that an increase in the role of services and software a third party provides will lead to a greater risk of exposure to various vulnerabilities that can derive from an individual supplier’s risk profile.
The report continues on for a bit like this. First saying that major security flaws, like those based on poorly developed software processes, would make it easier for actors to embed malicious code into the programs. These pieces of code can insert a backdoor in a wide range of products and have negative effects around the affected areas. The poorly developed software could even make it difficult to detect these backdoors altogether.
The report goes on even more, by citing the aspects beyond just the technical. The report urges countries to assess 5G on a “nontechnical” vulnerabilities 5G presents. Things like a strong link between the 5G supplier and its government are presented as such a type of vulnerability. Another example was given by way of whether or not the supplier has a regulating body ensuring proper moral conduct, or if the EU have data protection or security agreements with this completely unnamed third country.
The report specifically cites a chain of possible events where the third country where the supplier is based, could potentially put pressure on the 5G supplier to help the country facilitate cyberattacks to whoever makes use of said supplier’s 5G technology.
They expand on this thought, stating that this degree of exposure is directly related to the extent to which the supplier has access to the 5G network that was established. Particularly, the access to sensitive assets.
The amount of beating around the bush within this report is rather impressive.
Australia decided to ban Huawei, the implied supplier within this new report, due to a variety of reasons. One of the reasons was the fact that there was a clear lack of separation between the core and edge networks.
Last year, Huawei claimed to have developed a network with clearly separated core and edge networks, but the report seems to go against this claim.
It stated that as the development phases of 5G continue to go forward, aspects of the network that were traditionally less sensitive are started to gain new prominence. These newly-sensitive elements could potentially be things like certain elements of the radio-access part of the network. This all depends on the way they handle user data or perform smart functions.
The report lastly warns individual telcos to increase internal security within their systems. They need to be on top of patch management even as they struggle with a clear lack of properly trained staff.
The report states that a 5G network will be composed of a large number of virtual devices. These devices can each individually be remotely accessed throughout the network. This newfound vulnerability will become all the more apparent as third party suppliers start to perform maintenance.
As impressive as the political tiptoeing was, it’s important to remember a few facts about this report. This report is scared that a sole supplier will monopolize the 5G industry and exploit it due to its close ties to the government of its host state.
Furthermore, the report has concerns about the sheer amount of moving parts added to the 5G network. Be it telecommunication or a box full of gears: the more moving parts there are, the higher the risk of something going wrong. At worst, this report will only delay 5G until other suppliers can build up a healthy competition against Huawei. As a consumer, these problems will probably sort itself out before long. Huawei can’t hold a monopoly in this industry for very long.