Published on the 05/12/2018 | Written by Pat Pilcher
Definitely not cheaper and unlikely any more secure…
The big news in the telecommunications industry last week was Spark’s announcement that the GCSB has blocked them from using Huawei equipment in their proposed 5G network build.
Spark had proposed that Huawei 5G equipment gets used in their 5G Radio Access Network (RAN). The Director-General of the GCSB, who was notified as a requirement of the Telecommunications Interception Capability and Security Act (TICSA), said no, adding that the use of Huawei 5G equipment in the 5G RAN could pose significant ‘national security risks’.
The news represents a sizeable blow for Spark, who according to their 5G briefing paper, have been planning for 5G for a considerable amount of time.
Spark says 5G is expected to play a considerable role in New Zealand’s burgeoning digital economy.
“A less competitive environment could mean higher costs and a slower 5G roll out.”
“We expect the 5G network (covering multiple bands) will support multiple different services with widely divergent connectivity requirements. This will fundamentally change the economics of the digital business models that many industries have already identified as their future – but have yet been unable to economically realise. We expect it will allow them to push the bounds of those digital business models even further.”
Spark isn’t commenting further on the GCSB’s decision, but the telco and Huawei are said to be working with the government to understand the GCSB’s concerns and to find a way to navigate around the issues identified by the GCSB.
While media coverage was wall-to-wall, little has been said on what the GCSB’s decision could mean for consumers, businesses and the wider telco sector.
The biggest issue that could impact consumers and businesses says IDC telco analyst, Monica Collier, is likely to arise out of reduced competition.
“If one hardware vendor was no longer in the running at all, then the mobile network operators’ choices are reduced, and in a less competitive environment this could mean higher costs, which could equate to more of a slower, incremental roll out, or MNOs being more selective about which areas get 5G first,” Collier says.
There’s also a question mark over existing Huawei equipment already in use. Spark’s 4G infrastructure, Vodafone’s fixed cable networks in Christchurch, Wellington and the Kapiti Coast, plus 2Degrees 4G network, all use Huawei hardware, with the installations approved as part of TISCA requirements.
According to IDC’s Collier, it would ‘be a big decision to ask network providers to pull out existing Huawei gear. The cost to the network providers would be huge, and that cost would likely need to be passed on.’
However, Collier notes: “The difference with 5G is its distributed nature, with both core and edge processing, which the government expressed concerns that it says this configuration means every part of the network can be accessed.”
In reality the differing architectures between 5G and 4G means that legacy Huawei gear is unlikely to be affected by the GCSB’s decision.
So how real is the security threat? While there is little debate that limiting the number of equipment suppliers could stifle innovation and increase costs, government spooks have remained tight-lipped on the specifics of the security issues.
Andrew Little, Minister in charge of the Government Communications Security Bureau and New Zealand Security Intelligence Service, has so far refused to reveal any specifics of what the ‘significant national security risks’ posed by Huawei are, saying the information was classified. His explanations to date have been at best vague: “…conventional (4G) technology has an infrastructure core, and then peripheral technology such as cell-phone towers and the like and they can – in effect -– be kept separate, you cannot do that with 5G technology,”
Because the security issues raised are classified, it is all but impossible to comment on the validity of their claims. Riley T Reid, the Australian-based director of telecommunications security consultancy, Aitchison Reid says that the Huawei issue is a distraction and that existing security flaws could remain unresolved.
“I think the focus on Huawei is a distraction away from core security threats and risks that are latent in our networks by design due to the existence of SS7/Diameter. Replace Huawei with Nokia, and it doesn’t change the latent SS7/Diameter threats for Aotearoa at all.”
Reid’s comment refers to what is known as Signaling System No 7, or SS7. It is used to interconnect mobile phone networks and allows calls/ text messages between network operators. It also underpins international roaming. While the Diameter protocol replaced SS7, its backwards compatibility also means it has similar vulnerabilities.
Hackers who manage to access the SS7 system could in theory record or listen into calls. They could also read SMS messages sent between phones, as well as tracking the location of cell phones. In Germany last year, hackers exploited SS7 vulnerabilities to gain access to dual factor authentication codes and emptied bank accounts.
Reid says even if Spark and the GCSB resolve Huawei related security concerns, telcos could still find themselves vulnerable.
“Even if 5G achieved security for the users and devices connected to it, 4G/3G is not disappearing overnight, and 2G persists across the world too. So, a 5G device which allows its user (person or infrastructure) to also operate on 4G/3G/2G will still provide the means for an attack against that device over non-5G channels.”