· Telcoswarned of greater reliance on equipment makers in 5G world
· Software,virtualisation, network slicing bring their own vulnerabilities
· Single-vendorapproach highlighted as a security threat
Given that the European Commission's new 5G security report referencesstate-backed security threats and interference from non-EU countries, it isunderstandable that industry watchers have largely concluded that it is athinly-veiled warning about Huawei. And to a certain extent, it probably is.But there's a lot more to the report than that, and there's a lot more to 5Gnetwork security than keeping out the Chinese.
5G will make telecoms operators more dependent on equipment makers ingeneral and that brings with it a raft of potential security issues, the EU coordinated risk assessment of the cybersecurity of 5G networkswarns. The report, published on Wednesday, is designed to help EU member statesprepare what they describe as "a toolbox of possible risk mitigationmeasures" by the end of this year.
In addition, the new technical features of 5G – including the move tosoftware and virtualisation, network slicing, and mobile edge computing – willalso raise new challenges, both in terms of changing vulnerabilities andinvolvement from new players.
"In particular, they will give additional prominence to thecomplexity of the telecoms supply chain in the security analysis, with variousexisting or new players, such as integrators, service providers or softwarevendors, becoming even more involved in the configuration and management of keyparts of the network. This is likely to intensify further the reliance ofmobile network operators on these third-party suppliers," the reportstates.
With greater reliance comes greater potential for attack. "Amongthe various potential actors, non-EU states or state-backed are considered asthe most serious ones and the most likely to target 5G networks," itexplains. "In this context of increased exposure to attacks facilitated bysuppliers, the risk profile of individual suppliers will become particularlyimportant, including the likelihood of the supplier being subject to interferencefrom a non-EU country."
With Ericsson, Huawei and Nokia hoovering up many of the world's mobilenetwork contracts between them, it's all too easy to point the finger at theChinese company here. But there are many other equipment makers to take intoconsideration. The report, which doesn't specifically name Huawei, other thanas a vendor with a sizeable market share, lists Cisco, Samsung and ZTE as otherlarge suppliers, none of whom are EU-headquartered.
Further, the report also highlights the risk of dependency on a singlesupplier on the part of telcos, the implication being that relying one vendorfor everything – whichever vendor – increases the risk of problems both fromthe point of view of interruption in service resulting from a commercial failureand from the malicious attack angle.
While many telcos are talking up their intent to adopt a multi-vendorapproach for 5G, some of Europe's smaller players are reportedly looking atsingle-vendor contracts, which tend to be cheaper and easier to manage. WhileHuawei is often the vendor of choice for small, budget-conscious operatorslooking for a single vendor partner, you would have to do a lot of readingbetween the lines to come to the conclusion that the Commission is cautioningagainst the Chinese firm specifically; the message really does appear to bethat telcos should avoid putting all their 5G eggs in one vendor's basket.