State Department's Strayer Sees Failure in 5G Equipment Market

“We have a sort of market failure that’s gone on where we have a very limited number of vendors in the radio-access network area,” Strayer said. “There is an inability of other vendors to get into that because they’re using proprietary types of technology to connect their towers and their base stations.” Stayer said the leading contenders are located outside the U.S. and advocacy isn’t aimed at benefiting any U.S. company.

The U.S. is stressing that there are alternatives to the Chinese vendors, Strayer said: “There’s a great propaganda campaign out there to try to establish that there is one company that is so far ahead of everyone else,” he said. Only the “most trusted vendors” should be allowed to provide 5G gear, Stayer said: “The first thing we’re making sure people understand is this is a security discussion, this is an economic success discussion, an economic growth discussion.” The U.S. is leading the world on 5G deployments, all using non-Chinese equipment, he said.

Strayer said the principles approved in May by the Prague 5G Security Conference (see 1905030052) are important. If countries adopt them, it will help ensure “a free and fair, transparent, and rule-of-law based technology infrastructure for 5G,” he said: “Since that conference, we’ve been talking to countries about more specifics in how you would implement those principles and we look forward to being part of future discussions.” The EU asked its members for an assessment on their telecom network security, with a Europe-wide assessment due at the end of the year, Strayer said. A number of 5G auctions are taking place and we “could see diversification in how different countries approach the issue,” he said.

Risk Adviser

The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security is the “nation’s risk adviser,” said Director Christopher Krebs. The agency’s “mantra” is “defend today, secure tomorrow,” he said. “Our ethos is working with the private sector, not prebaking a government solution. … It’s starting more at the beginning, shoulder-to-shoulder in partnership with the private sector and saying ‘Here’s what we’re concerned about. What are you concerned about?’ How do we address these things together?”

The Information and Communications Technology (ICT) Task Force his agency unveiled a year ago (see 1903190055) focused first on threat information sharing on supply-chain risks, Krebs said. The ICT also looked at the information that risk managers need and “what are the gaps, how do they break through concerns, like antitrust concerns, like liability protection concerns,” he said. The next work stream was looking at qualified manufacturers lists, he said. The fourth focus has been “how do we incentivize [original equipment manufacturer] and authorized resellers,” he said: “How do we get counterfeit products out of the procurement chain.”

“This is about laying a framework so that as we shift into 5G we have a solid foundation to make the risk-management decisions, we have the tools and techniques,” Krebs said.

John Godfrey, Samsung senior vice president-public policy, said 5G is here, highlighted by Verizon’s announcement Wednesday it’s deploying in parts of Washington, D.C. (see 1907310002): “I will be downloading movies in one second. That will be fun.” The race that matters “is the race to deploy 5G and then reap the benefits that will be innovated on top of the 5G platform,” he said.

The U.S. and South Korea are in a leading position, Godfrey said. “The equipment provider market is very competitive … even without the Chinese vendors having a strong role here or any role,” he said: Samsung, Ericsson and Nokia are supplying 5G network in the U.S. “We're looking at enterprise installations of 5G in a factory or a sports station or down a roadway for transportation” and there will be a lot more use in the IoT, he said.

The use cases and applications that will run on top of 5G, including healthcare and autonomous vehicles, make security especially critical, said Susie Armstrong, Qualcomm senior vice president-engineering. “I always joke I worry about someone hacking my pacemaker in 10 years,” she said: “It’s not really a joke.” The focus on security is healthy and “there’s lot of good work happening.” The air link is already much more secure than 3G or 4G, Armstrong said. “You still need security in your applications and use cases,” she said.

The standards aren’t done, said Peter Lord, Oracle vice president-strategic initiatives. “We’re seeing additional adoption on the radio side and then we still have to roll out the full suite of virtualized services on the back end,” he said. There’s still a lot of work to do, but also a “great opportunity for leading countries like the United States to take a real forward step and, frankly, keep our leadership,” he said. “We’re not behind.”

Overstated

Some concerns about the U.S. being behind China are “a little overstated,” said Chris Boyer, AT&T assistant vice president-global public policy. The bulk of 5G will build on 4G, he said. The two big things will be improved throughput and lower latency, he said. “We’re pushing the compute functionality and the content closer to the user, which will cut down on the latency,” he said. Higher speeds and lower latency “should unleash a whole range of new applications,” he said.

The rollout will come in waves, said Eric Wenger, Cisco director-cybersecurity and privacy policy. Different parts of the network are “going to change at different paces,” he said: “We’re already starting to see the radios change at the edge. We will see a certain amount of speed increase that comes along with that.” Below that is the transport level and then the network core, Wenger said: “When we reach the point where we start to swap out and upgrade the core … we’re going to see another dramatic increase in speed that comes with that, and performance.”

CSIS Notebook

FCC Commissioner Geoffrey Starks said the FCC has a definite role to play on 5G security. “We are the regulators … in charge of a lot of the relationships, in charge of carriers, in charge of networks,” he said. The FCC has been focused on the future use of equipment that poses a security threat, but some gear is already part of primarily smaller, rural networks and that also needs to be addressed, Starks said. “This isn’t just a future threat,” he said. The Senate is considering the U.S. 5G Leadership Act (S-1625) and other legislation, he said. “We have had some trouble finding the carriers that have this equipment in their network to raise their hand and come forward,” Starks said. “Figuring out the scope of the problem, how many carriers have it … is something that we’re trying to think through.” The FCC is also looking at whether the U.S. needs to replace the equipment that is primarily in the network core, the routers and switches, or also the gear at the edge of the network, he said. Carriers are unlikely to come forward unless money is available to replace equipment, he said. Starks said, “5G is right now is presenting a good opportunity to think of the security we need now, instead of doing it on the back end.” Americans want their networks to be secure, they don’t care which agencies take the lead, he said: “The good news for everyday Americans is that there is good playing in the sandbox now, that folks are working on these really complex, multivariable calculus problems.”

5G Americas released a white paper Wednesday on the importance of security. “5G is the first mobile technology designed to meet the unique requirements of connected cars, connected cities (smart cities), connected homes (smart homes), wearables, health care devices/applications, smart appliances and other IoT devices,” the paper said: “The 5G IoT market is an enormous business opportunity for mobile operators and their business partners. However, its devices and use cases also increase the potential for cyber threats.”