Experts Say U.S. Needs Tighter Security on 5G Components

February 8, 2021 – U.S. officials seeking to reduce the likelihood of security problems with the next-generation 5G network should look into network components that may include compromised technology from non-Chinese companies, an expert said at a conference late last month.

Alexi Maltas, senior vice president and general counsel at the Competitive Carriers Association, said at the National Telecommunications and Information Administration conference that there is a concern that non-Chinese built equipment contains Chinese components.

The issue is part of a larger concern about the 5G ecosystem that may require stringent standards to flush out the possible security problems.

Some experts have been calling for strict import standards for internet-of-things devices, which pose a number of hacking hazards because they often feature poor out-of-the-box security standards.

The NTIA conference, which addressed the advent of 5G and how to keep it secure, included reflections on global leaders in the next-generation network build and which countries are ahead on ensuring that their equipment is safe.

Gary Bolton, CEO of Fiber Broadband, said the United States government should invest in more research and development and enhance workforce education and training. Policy needs to address competitor countries that engage in unfair trade practices, he said. China’s fast adoption of 5G and similar technologies has caused U.S. carriers to have to deal with Chinese-built equipment issues and have voiced need for dialogue with the U.S. government over security threats.

The U.S. has already moved to hamper Chinese telecommunications companies like Huawei and ZTE from participating in the country’s 5G future. But weeding out Chinese influence will go beyond the visible branding of those alleged spy threats and into what’s underneath the hood that makes it way along the supply chain.

If it’s suspected that carrier equipment is tainted, then the industry and government need to take steps to identify security threats from China, said Tamber Ray, regulatory counsel for the Rural Broadband Association.

Information sharing needs to go two ways, she said: From government to industry and industry to government. If equipment appears “off,” or suspicious, the issue can be resolved sooner than later.

5G architecture requires standards

Another threat to 5G is the architecture, said Edna Conway, vice president of global security, risk and compliance, for Azure at Microsoft. Threats to architecture come in the form of counterfeit components in the supply chain, she said.

To address these security concerns,  government agencies can push out standard guidance or preferably, standard software configuration security networks, she added.

Eric Wenger, senior director in global government affairs at Cisco, said that some threats stem from the openness of 5G. To resolve this concern, he proposed more research on the subject would improve our understanding on how open interfaces impact risk and what steps would be useful to mitigate them.

The U.S. has a strong semiconductor ecosystem with strong operators, but it needs to add more 5G providers because 5G is no longer a telecommunications technology—it has a big overlay with the mobile edge and computing technologies, said John Roese, senior vice president and chief technology officer at Dell.