Analysis & Opinions - Foreign Policy
China isn't the Only Problem with 5G
The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.
But keeping untrusted companies like Huawei out of Western infrastructure isn’t enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards—the protocols and software for 5G—ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security.
To be sure, there are significant security improvements in 5G over 4G—in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough.
The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it....
Want to Read More?
The full text of this publication is available via Foreign Policy.
For more information on this publication:
Belfer Communications Office
For Academic Citation:
Schneier, Bruce.“China isn't the Only Problem with 5G.” Foreign Policy, January 10, 2020.
The Author
Bruce Schneier
- Adjunct Lecturer in Public Policy, Harvard Kennedy School
- Fellow, Cyber Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- The New York Times
Every Part of the Supply Chain Can Be Attacked
Analysis & Opinions
- CNN
The Real Threat from China Isn't 'Spy Trains'
Analysis & Opinions
- Lawfare
The Myth of Consumer Security
In the Spotlight
Most Viewed
Policy Brief
- Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.
But keeping untrusted companies like Huawei out of Western infrastructure isn’t enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards—the protocols and software for 5G—ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security.
To be sure, there are significant security improvements in 5G over 4G—in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough.
The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it....
Want to Read More?
The full text of this publication is available via Foreign Policy.The Author
Bruce Schneier
- Adjunct Lecturer in Public Policy, Harvard Kennedy School
- Fellow, Cyber Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - The New York Times
Every Part of the Supply Chain Can Be Attacked
Analysis & Opinions - CNN
The Real Threat from China Isn't 'Spy Trains'
Analysis & Opinions - Lawfare
The Myth of Consumer Security
In the Spotlight
Most Viewed
Policy Brief - Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
