We applaud the recent call by the EU Commissioner for Justice, Consumers and Gender Equality for greater coordination among the United States, Japan and Europe on policy for emerging IT technologies, particularly 5G cellular technologies and networks. Commissioner Věra Jourová told U.S. lawmakers on Thursday that it was critical for the United States and Japan to work with Europe on developing common policies and standards for 5G cellular technologies, artificial intelligence and digital privacy.
All three are important areas for policy development. But in the short term, we see both a more pressing need and clearer way forward to collaborate on 5G because networks are being built in the next few years, and we all face a common threat in the form of state-backed Chinese 5G competitors, notably Huawei.
Recent diplomatic efforts by the United States to dissuade its allies from integrating Huawei equipment into their future 5G networks triggered a global debate on 5G security. This debate is needed and important. Societies will come to rely on 5G networks not only for faster and more reliable voice and data communications, but also for emerging technologies such as networked autonomous vehicles that communicate with nearby sensors to navigate road hazards. National governments must ensure 5G networks are secure both from a national security perspective and from a critical infrastructure reliability and security perspective. Although there is some overlap in these two security perspectives, both are essential.
Historically, the United States relied on the Committee on Foreign Investment in the U.S. (CFIUS) to assess the national security risk of allowing foreign companies, particularly those subject to the laws and influence of an adversary government, to acquire critical American infrastructure assets. CFIUS empowers the president to stop deals such as he did with Singapore-based Broadcom’s acquisition of specialty chipmaker, Qualcomm. It does not cover procurement of foreign-made equipment by a U.S. company for use in critical infrastructure systems.
However, 5G and other cellular networks are at high risk of compromise or disruption if equipment integrated into the network is subject to the remote control of an adversary. Governments need to evaluate 5G rollouts from a national security perspective with a focus on the susceptibility to foreign pressure of vendors whose equipment is being procured and integrated. To minimize the bureaucratic impact of this review on low-risk transactions, we advocate an approach whereby manufacturers of allies could be whitelisted. Most importantly, we agree with Commissioner Jourova that the United States, Japan, and European countries should coordinate efforts to assess the national security risks of foreign equipment in their 5G networks.
In tandem with this national security analysis, it is critical for nations to take a look at the security of 5G networks from a critical infrastructure reliability and safety perspective. Aside from potential compromise of 5G equipment vendors by hostile governments, 5G networks will face attacks by criminals, state-sponsored hackers, and hacktivists. There is an opportunity to build greater reliability and security into 5G systems, and we agree with Commissioner Jourova that the United States, Europe, and Japan should develop and implement similar high standards.
We acknowledge the hard work and fruitful efforts of 3GPP and others to build essential security protocols into the design of 5G from its inception. Nonetheless, as citizens come to rely on cellular networks to help them do things like navigate road hazards, it is the responsibility of governments to ensure that these designs achieve what the designers promise and are fully fielded. It is also essential for governments to validate interoperability of vendors’ safety protocols and give particular attention to the security built into equipment that will touch parts of the network carrying critical data such as first-responder and military communications.
Many governments are now undertaking reviews of their domestic carriers’ use of Huawei 5G equipment. While that review is important, the time is ripe for a coordinated assessment of the overall security of 5G by the governments of the United States, Japan, and our European allies. 5G risk is not a one-off issue with Huawei, but a systemic issue that will continue as long as 5G networks exist. By working together on identifying security protocols and solutions, governments can mandate common security standards in their respective markets, avoiding security-driven market fragmentation.
When China joined the WTO in 2001, nobody imagined that less than 20 years later, it would be positioned to dominate one the most lucrative emerging technology sectors in the world. Huawei and ZTE could be the market leaders for 5G, using protected access to the domestic Chinese 5G market to establish economies of scale that competitors cannot match. That market power will be further increased if Western nations independently develop varying security requirements that force manufacturers to build to differing protocols. Indeed, as we saw in the CDMA vs. 3G battles, fragmentation of markets can determine winners and losers in the long run.
For these reasons, the authors of this article, working together with partners in Japan and Europe, recently formed the Trilateral Cyber Security Commission to develop a series of 5G policy recommendations to jump start exactly the sort of consultations suggested by Commissioner Věra Jourová. The time has come for government and industry leaders of the United States, Japan, and Europe to work together to ensure the national and critical infrastructure risks of 5G are addressed, common security standards are established, and our 5G firms are given a fair chance to design, build and compete for the entire telecommunications market of the United States, Japan, and Europe.
Dennis Blair is the Chairman of Sasakawa USA and former Director of National Intelligence. Michael Chertoff is the Chairman of Chertoff Group and former Secretary of Homeland Security. Arthur Coviello, Jr. is a Venture Partner at Rally Ventures and Former CEO of RSA Security. The three authors serve on the Trilateral Cyber Security Commission.