GSMA (finally!) takes a stand on Huawei security debate

GSMA MWC 2018
Image credit: GSMA

ITEM: The GSMA has finally – sort of – weighed in on the Huawei 5G controversy with a carefully worded statement that advocates greater vendor competition and greater industry-government cooperation to address security concerns.

The statement is ostensibly directed at the European Commission – who are reportedly considering a full-on ban of Huawei gear in 5G networks – as well as individual country lawmakers considering similar bans. The US government has been pressuring European governments to institute a Huawei ban, and reportedly plans to boost its delegation size at Mobile World Congress next week for further anti-Huawei lobbying. Reuters reported earlier this month that GSMA Director General Mats Granryd proposed adding the Huawei debate on the agenda for the organization’s next board meeting on the sidelines of MWC, although it’s not yet known if his proposal was adopted.

In any case, the statement – released last Thursday – is the closest the GSMA has come to directly addressing the issue. While the GSMA doesn’t mention Huawei by name, it makes clear that Europe will only realize the promised benefits of 5G evolution if operators have a competitive supplier ecosystem to shop from:

As with 4G, robust competition amongst network infrastructure suppliers is essential to European operators’ ability to deliver innovative services to European citizens and businesses at competitive and affordable prices.

… actions that disrupt the equipment supply for the various segments of the network (access, transport and core), will increase costs to European operators, businesses and citizens; delay 5G deployment by years across Europe and potentially also jeopardise the functioning of existing 4G networks upon which 5G is intended to be built.

As for the dreaded security issue, the GSMA says:

To safeguard this investment, retain competitiveness and data affordability, as well as maintain consumer trust, mobile operators have always prioritised network integrity, will never compromise on security and already have a proven track record of deploying secure 4G networks.

Put another way: operators aren’t stupid, you know – they don’t want insecure networks either, and they have time-proven processes in place to ensure that their networks will provide robust security, and that the equipment they select won’t jeopardize that security in any way.

Meanwhile, to assure lawmakers and regulators about 5G security, the GSMA said it is “assembling a task force of European operators to identify ways to enhance and extend existing schemes for developing security standards and best practices” in cooperation with independent third parties, as well as industry groups like the 3GPP, for example. It also recommended that governments and mobile operators “work together to agree what this assurance testing and certification regime for Europe will be, so that it ensures confidence in network security while maintaining competition in the supply of network equipment.”

Manageable risk

5G hyperbole aside, the GSMA’s position is sensible, if predictable – the organization (and its operator members) has historically advocated a free-market approach, and opposed any policy decision that hinders or delays network rollouts in any way whatsoever. The new statement is consistent with that philosophy.

It’s also sensible that the industry and government officials sit down and work out ways to vet equipment and come up with ways to ensure both sides that any security concerns can be mitigated without resorting to a full ban.

For example, regulators in some markets suspicious of Huawei in the past have allowed operators to deploy its gear in 4G networks as long as they stick it in the edge and not the core. For some security agencies, the concern with 5G is that its architecture blurs the distinction between the edge and the core. However, that’s not an unsolvable problem – something that UK security chiefs are already starting to admit. GCHQ’s National Cyber Security Centre says that while it thinks Huawei’s equipment has problems, they’re fixable problems, and any potential threat could be contained.

Of course, while industry-government cooperation in vetting 5G security is a good idea, the question is whether such an initiative could mitigate the general paranoia that is driving the US-led anti-Huawei campaign in the first place. After all, the US position isn’t that Huawei’s 5G gear is buggy – it’s that Huawei’s equipment is intentionally buggy on behalf of its secret masters in the Chinese government who will one day in the future order Huawei to help it infiltrate US networks, spy on US citizens, launch cyber attacks, shut down critical infrastructure and cause self-driving cars to mow down pedestrians. Or whatever.

The GSMA statement doesn’t address this, although admittedly I have no idea what the GSMA – or anyone else – could do or say to assure the current US government that its fears are unfounded or overblown. Still, if the mobile industry as a whole can demonstrate to European regulators – and the rest of the world – that any conceivable security concern regarding Huawei can be contained without resorting to a full-on ban, the US will find itself more isolated on the issue.

It will be interesting to see if the GSMA takes the issue further at MWC next week – either with a more explicit statement (which is doubtful) or by expanding its security cooperation initiative globally rather focusing on Europe. If nothing else, maybe this year’s keynotes and panel sessions will be lively and provocative for a change.

Likes
Please feel free to share

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.