The 5G Future Is Not Just About Huawei
It is time for the United States to start thinking about systemic risk in its next-generation networks.
This week, representatives from the United States and more than 30 European Union and NATO countries met in Prague to hash out security principles for 5G—fifth-generation wireless networks. The meeting was convened by Czech Prime Minister Andrej Babis to bring like-minded nations together to agree on non-binding recommendations to safely introduce 5G within their respective countries. Nonetheless, ahead of the summit, Germany and the United Kingdom decided to allow Huawei equipment as part of their 5G networks. The United States cannot adopt this approach.
Quiet quarantines and soft bans, which would be consistent with a softening diplomatic tone toward China, won’t protect U.S. digital infrastructure. Instead, U.S. President Donald Trump should sign the pending executive order that would ban Huawei and other Chinese companies from U.S. networks. Doing so would achieve two things: First, the United States’ decision to exclude Chinese companies would provide cover for allies seeking to enact their own stringent measures against China, whether outright bans or more rigorous security protocols. Second, signing the executive order would communicate that the United States seeks to protect against systemic security risks that go well beyond Huawei—that the security of 5G networks is nonnegotiable.
It is hard to overstate the value of U.S. cover on Huawei issue. Before choosing Huawei rival Ericsson to build Denmark’s 5G network, the Danish defense minister lamented that his hands were tied when it came to legislating against Huawei. Poland also signaled in January that it wanted to take a harder line against the firm, before reevaluating its stance in recent weeks. And amid warnings of Huawei’s close relationship to the Chinese state from his country’s security services, Norway’s justice minister admitted his government was looking at “steps taken in the United States and Britain” in advance of a final decision on whether to exclude the company from building its 5G network.
The United States cannot expect smaller nations to take a hard line against Chinese companies if it is unwilling to do so itself. After all, there are costs that come with excluding Huawei equipment. Chinese government subsidies have allowed the company to unfairly undercut its rivals, which means that alternative technologies are nearly one-third more expensive, based on reported discounts of between 20 percent and 30 percent globally.
If Trump signs the executive order, the United States will be better able to tackle such price disparities between Chinese equipment and equipment from trusted vendors. A new Digital Development Bank, for example, could help smaller countries offset Chinese subsidies. Meanwhile, bold action at home would strengthen the Trump administration’s case for putting pressure on less well-resourced governments overseas. It must get its own house in order before expecting its smaller allies to right their own.
Signing the executive order is also a way for the United States to move beyond proselytizing against Huawei and start talking about systemic risk from Chinese companies. Fifth-generation wireless, with its rapid, low latency, and high throughput transmission potential, will be the linchpin in a future dominated by sensors. With artificial intelligence, the internet of things, self-driving cars, and smart cities, 5G will undergird most of the technical applications of the future. Without a secure 5G network, critical U.S. infrastructure—including its power grids and health care systems—will be vulnerable to intellectual property theft, weakened data privacy, hacking, and other disruptions.
The United States can stay safe, and also competitive, by prizing network security—in word and deed—against countries with a track record of attacking U.S. systems. It must work with partner nations to develop a framework to rigorously screen potential vendors in 5G networks. Establishing criteria to exclude untrusted vendors on the basis of a series of risk factors would help screen for the next Huawei. After all, the key to security in the 5G future is not just about Huawei. Instead, it is about the systemic risk that results from relying on tech components from countries with a history of cyberespionage and a lack of rule of law into critical infrastructure.
The United States has long warned of the dangers of Huawei equipment in next-generation wireless. Huawei executives insist on their independence from the government. Yet the reality is this: Executives of Chinese companies cannot resist their government, even if they want to. Among other precepts, Article Seven of China’s National Intelligence Law subjects Chinese citizens and organizations to cooperating with “state intelligence work.” Companies can’t really object; China lacks an independent judiciary that could hear such complaints. The same dilemma plays out for Iranian, North Korean, and Russian companies.
Thus far, the debate has centered around whether there is a secret backdoor in Huawei code that would allow the Chinese government access to third-party systems. Yet such analysis is outdated. Access could come through a seemingly benign security flaw hidden in a programming vulnerability—a so-called bugdoor. These flaws could even be surreptitiously introduced later via a software update—after Huawei has already made inroads into U.S. critical infrastructure. As such, the search for a smoking gun implicating Huawei in wrongdoing is wrongheaded. Rather, allowing Chinese companies in 5G networks is like handing the Chinese government a loaded gun, according to the U.S. National Security Agency. Banning Chinese companies outright will buy time to establish strict security criteria to mitigate the risks of all such technologies.
The administration should avoid letting the executive order languish unsigned as trade talks with China continue. The United States undercuts its own diplomatic efforts to persuade its allies to eschew Huawei and other companies as long as 5G security appears to be a potential bargaining chip in trade negotiations. Right now, the absence of a signature implies that 5G security can be bartered away for soybeans.
If Trump won’t act, Congress should pick up the mantle and pass its own legislation. The United States must be willing to go all in on 5G security if it expects its allies to make even half the commitment. These nations are unlikely to follow in its exact footsteps—and that’s okay—but it can at least light the correct path.
Kara Frederick is an associate fellow for the Technology and National Security Program at the Center for a New American Security. She previously worked for Facebook and the U.S. Department of Defense. Twitter: @karaafrederick