The Belgian National Security preliminary draft law and royal decree that have been submitted for public consultation and concerned with the security of fifth-generation mobile networks (5G) is believed to be a cynical media manipulation tactic, to slip in a public consultation over a Christmas holiday period in the middle of a Covid-19 crisis, when public and media attention are focused elsewhere.
Whilst every government has a duty to ensure that any deployed 5G Technology is safe enough to use as a communication medium by its citizen and the government, the way the Belgian Government is proceeding seems clearly to be create a law which prevents two out of the five possible.5G equipment suppliers from providing equipment for Belgium’s proposed new 5G network.
The capability of 5G is immense and will affect every area of the economy, which is why the Belgian government why is worried about the inevitable security issues that come with the deployment of 5G technology.
The issue is so sensitive at this time that the CEO of one leading Belgian mobile operator spoke to this website only on the condition of strict anonymity.
He told EU Reporter
“It should be clarified that while the debate around 5G supply chain is around the generic “security”, what matters for the Governments is not much the resilience to attacks such as denial of service or the protection from frauds, but rather if the vendor has included back doors that allow a foreign power to extract sensitive data or even cause the network to malfunction.
While the existence of such backdoors cannot be completely ruled out, of all the major suppliers Huawei has been the only one to give access to their source code to the UK National Cyber Security Centre [1].”
He said “If a backdoor was present, the inspection of the source code would have most likely revealed it. What was found instead is a number of malpractices and general sloppiness, that is lack of adherence to best practices when writing software.
As Huawei is unique in having given access to their software it is impossible to know how competitors fare in this regard.
Cases like Ericsson letting security certificates expire or widespread use of old version of SSL seem to suggest that Huawei may not be the worst offender.
As for the generic security all vendors need to implement the technical specifications created by 3GPP and failure to do so would result in the product not able to correctly function in a multi-vendor network.
In summary, while security will never be guaranteed 100% and while it would be naïve to rule out categorically the existence of backdoors, of all the vendors Huawei is the one who has gone the greatest length to reassure their customers.
A common conspiracy theory is that the US government has attacked Huawei because they refused to provide them with a backdoor. Of course, this is just a conspiracy theory.
Coming to the cost of retiring Chinese equipment, this is very significant not only in the short term but more so in the long term. In the short term the main issue could be that existing suppliers could not meet the demand and new suppliers would produce low quality hardware (see debate on OpenRAN).
In the long run things don’t look good at all. As the diagram below shows Huawei is investing in R&D almost double what Nokia and Ericsson invest combined. It is well known that Huawei products are by far the most advanced, supporting the largest number of features and that a lot of the technology behind 5G writes on Huawei IPRs.
If Huawei is pushed out of the EU market completely, they could retaliate by leveraging their IPR portfolio directly with mobile network operators (today they are in cross licensing agreements with other suppliers) or they could even create their own standard for say, China, South East Asia, Africa, LatAm. (by the way, I know that the Chinese government was very unhappy with Huawei international ambitions back in early 2000s). This would result in a slower pace of innovation as well as in higher costs owing to the reduced economies of scale.”
Another mobile operator CEO told EU Reporter “It seems that Brussels is being pressurized by the USA to block certain 5G suppliers
If the process of defining the High-Risk Vendor list is not made transparent, it could result in gravely impacting the swiftness of 5G rollout and the cost of 5G equipment could go remarkably high. Who is going to suffer from this situation the most? Of course, the consumer…
Another possibility of secretly defining the High-Risk Vendor list is to allow only a handful of 5G Suppliers to participate in 5G rollout and therefore to create a monopoly in otherwise a free market. This in turn would destabilize the market and will end up demotivating new entrants to do business in a biased market.”
Brussels must realize that we are in a critical time of 5G infrastructure deployment. The government should act now to ensure that they implement a technology-neutral environment in which all the suppliers can fairly compete against each other.
[2] https://twitter.com/tomrebbeck/status/1228344034961317890
