Managing Huawei 5G Security Risks

Huawei 5G equipment carries an inherent security risk because the gear can contain covert circuitry capable of analyzing others’ information and reporting back to Beijing, or creating a cascade of failures. Huawei ‘s tight relationship with and funding from the Chinese government and military makes it a unique cyber risk if it were deployed in a country’s network. An obvious, brute force protection would be to ban Chinese gear from public and private networks, but few countries are likely to impose an outright ban on Huawei 5G gear. Some have already succumbed to Huawei’s low price and are willing to risk chronic exposure to Chinese surveillance.

Hungary has already volunteered to be the European hub for Huawei equipment, and Germany is wavering toward use of Huawei. On the other hand, Huawei faces partial bans in France, Taiwan, Japan, and New Zealand. To limit the potential for cyber spying or for critical infrastructure damage, the US military and regulatory agencies will rely on quarantining Huawei’s telecom equipment and on smarter electromagnetic spectrum management tools.

The U.K. and France are effectively banning Huawei’s 5G tech by quarantining it away from vital parts of infrastructure, or military and intelligence activities. That can work by allowing Huawei handset gear in the portion of the Radio Access Network where individual users connect to cell towers, but not in the core network, where those towers connect and communicate to one another via a shared central node.

A new wrinkle in the argument over Huawei security comes from its extensive construction of new undersea cables. Huawei is eager to sell capacity on those cables to large companies or to telecom networks that connect to a Huawei international switching hub (part of a core network).

The U.S. military and the Department of Homeland Security have not yet announced their architectural intentions for 5G security, but the Federal Communications Commission (FCC) has made its posture clear. In response to an application from Huawei for a license to “connect calls between the United States and other nations“, an FCC official told reporters that such calls “could be intercepted for surveillance and make the domestic network vulnerable to hacking and other risks”.

Routing calls from the US to and from other countries is a switching function that requires equipment that is part of a core network. Switching gear and software are ideal places to hide surveillance capabilities and could insinuate cyber risks into an otherwise safe network.   It is likely that the FCC will not grant the license that Huawei sought. On the other hand, Huawei’s 5G handsets are likely to be acceptable, since they link the user to a US-sanctioned 5G cell site, and from here on to core network equipment.

The 5G network will use large swaths of spectrum that the FCC has designated for 5G use. Some of that so-called “mid” spectrum is intended for use shared among the public, military and satellite communications operators. Regulators and users are working on rules for spectrum assignment and use that support development by intended groups but that thwart hostile users from misuse and cyberattacks.

Detection of spectrum use by hostile entities is a capability already in use by F-35 fighter jets. When that is combined with “software-defined frequency selection”, military users of 5G spectrum can safely detect usage threats and relocate to more suitable spectrum assignments.

The public 5G scuffle between the U.S. and Huawei may diminish while the U.S. pursues a quiet welcome for Huawei handsets, despite maintaining a hardline ban on Huawei 5G core equipment. That would be more conducive to restoring a normal trade relationship with China and to low 5G handset prices. It seems possible to pursue a strategy that allows both sides to win at least partially.

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin