The political minefield that is 5G network security

Ray Le Maistre
By Ray Le Maistre

Aug 24, 2020

  • US administration’s ‘Clean’ campaign gathers strength...
  • ...while RAN vendors, including Huawei and ZTE, pass security audit
  • Situation is giving ‘Muddy Waters’ a bad name

As the world continues to eschew peace and harmony, the world of next generation mobile broadband networks has been sucked into a political vortex that is making it harder by the day for decision-makers to figure out whose voice to trust when it comes to the security of 5G network technology.

And to make it even harder for enterprises, network operators, regulators, government officials and neutral advisors (if such beings exist any more), there’s no shortage of big name support for some of the more aggressive positions.

The US State Department’s ‘Clean Network’ program is a case in point. 

“The Clean Network program is the Trump Administration’s comprehensive approach to safeguarding the nation’s assets including citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party,” according to the State Department’s website: You can get the full details here.

As is widely documented, the US regards Huawei, ZTE and other technology developers from China and other ‘malign actors’ as security threats, and is keen to see the rest of the world shun these companies (particularly Huawei, which is still the largest global supplier of telecoms network infrastructure and, in the second quarter, was the leading global supplier of smartphones).

This is all very well: The US administration is doing what it believes is right for the citizens it represents. 

But its campaign is not restricted to US borders, as the graphic above shows, and as was clear when Secretary of State Mike Pompeo unveiled the program at the beginning of August. It is assigning ‘clean’ status to network operators around the world (see the graphic above). One of the many messages this sends is that the US administration has handed itself the role of being the global 5G security police force, a role that under any normal circumstances would be taken on by an independent body comprising representatives of multiple nations with knowledge of communications networking technologies and access to independent testing regimes.

Still, the program has attracted public support from the likes of NEC and VMware, while Japanese operators KDDI and SoftBank have stated they are happy to be designated as running ‘clean’ networks.

At the same time, the GSMA, which represents hundreds of mobile operators, and 3GPP, the body responsible for 5G specifications developments, been developing the Network Equipment Security Assurance Scheme (NESAS), an initiative “focused on the vendor aspects of the supply chain [that] provides a security assurance framework to improve security levels across the mobile industry. NESAS has been developed following established practices and schemes that provide security assurance.”

As part of NESAS, the GSMA organized independent audits of the way vendors undertake their business and announced today that “Ericsson, Huawei, Nokia and ZTE, have successfully completed an assessment of their product development and lifecycle management processes.”

Commenting on the development, the GSMA’s CTO Alex Sinclair noted: “The GSMA recognises the support and participation of Ericsson, Huawei, Nokia and ZTE who have satisfied the scheme’s security requirements via an independent security audit and we congratulate them on achieving this important first step… By committing to NESAS, vendors are helping network operators, and other stakeholders make informed decisions about secure product development.”

Ericsson, Huawei and ZTE were proud enough of the achievement to issue statements announcing they are compliant with this stage of the NESAS: See this statement from Ericsson and this one from Huawei plus this one from ZTE for more details.

The next step in the program involves the testing of vendor technology by qualified labs following 3GPP guidelines.

Does this mean that all technology from those four companies is guaranteed to be secure? Of course not, but as Sinclair pointed out it provides a starting point for network operators to build from as they decide on which technologies they will consider for their network and subject to their own testing regimes. It will also provide other interested parties with an indication of which companies are prepared to engage in such assessments. 

Network security is absolutely critical to the communications sector and to all that use it: Those making decisions about such matters need to be able to do so using qualified information from trusted sources, but that is becoming harder to do as political pressure becomes part of the equation.

The US administration, in deploying marketing 101 tactics and reaching (uninvited) beyond its jurisdiction, is muddying the 5G waters in a way that, ultimately, will not help anyone, including the companies it thinks it will help by engaging in such crusades: The current course of action is only likely to reduce the total addressable market of US companies (not expand it), and slow down the pace of technical developments and innovation. None of that is good for the industry or for those that use communications networks.

On a lighter note, while Pompeo et al might be (in my view) muddying the waters, this seems like a good time to recall what a life-affirming musical artist Muddy Waters was… check out this vintage performance… 

- Ray Le Maistre, Editorial Director, TelecomTV

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.