Managing the risks around 5G
At a Glance
Security and sovereignty issues cannot be addressed alone. As 5G technology matures, organizations will require collaboration between national and regional institutions across the technology value chain. In this article Barbara Couée examines how organizations are working together to unlock the huge infrastructure and platform capabilities of cloud providers and offer their customers an interoperable platform ecosystem.
5 Minute Read
“In three to four years, cutting 5G will mean cutting power in terms of impact… The impact [of an attack] would be terrible for our economy.”
These are the words from Guillaume Poupard, Director of the French security agency ANSSI (Agence nationale de la sécurité des systèmes d’information), referring to the risks of eavesdropping on communications – which led major Dutch providers to block Huawei from their core networks, and resulted in connectivity outages in 5G.
In the US, this strategic importance of 5G has already led to restriction on Huawei and ZTE equipment.
In some non-EU countries like the UK, Huawei was banned and regulations have been enacted to limit its use. The Telecom Act in the UK prohibited mobile network operators from purchasing Huawei equipment after December 2020; they are now asked to remove Huawei from UK’s 5G network by 2027.
In Europe “faced with the risks of ’third-party state interference,’ Europeans want to guarantee their ’technological sovereignty’ over 5G networks and the data that will circulate there.”
The European Union is therefore considering amending cybersecurity laws to apply extra security measures for critical infrastructures, including 5G mobile networks. This could lead to limited usage or even a ban on equipment from providers suspected of espionage.
In parallel, with network virtualization and cloudification, the significance of hyperscalers is growing (AWS for edge, Google Anthos, Azure Stack). This raises questions about the level of control on all planes of sovereignty – data, technology, operations – and the risk of dependency on US capabilities.
In view of the high stakes, countries have now no choice but to get involved in the deployment of future networks in order to guarantee security & resilience.
How is the EU pushing for technologically sovereign 5G solutions?
If Europe already benefits from patents owned by Nokia and Ericsson, disaggregating the network into microservices also opened the door to alternative choices to this duopoly in terms of infrastructure equipment. Deutsche Telekom, Orange, Telecom Italia (TIM), Telefónica and Vodafone are participating in Open RAN demonstration projects and campaigning to build an Open RAN ecosystem for Europe, with the goal to ensure that Europe continues to play a leading role in 5G (and in future 6G networks), despite an ecosystem (Airspan, Altiostar, Casa Systems, Parallel Wireless, Radisys, Asocs, Intel, etc.) that is mainly non-European. Among the hot topics: the European alliance in cloud, semiconductor issues, and interoperability standards and openness.
There is a push to move from a heterogeneous approach to federated European 5G, overcoming a lack of coordination between EU members. Accordingly, institutions are attempting to re-gain sovereignty and develop ecosystems over the next five years, through European and national funding programs.
Examples of European projects to foster 5G and 6G EU sovereignty include the IPCEI on Microelectronics and Communication Technologies, the IPCEI on Next-Generation Cloud Infrastructure and Services (IPCEI-CIS), and The Smart Network and Services Joint Undertaking (SNS JU) for 5G/6G.
In the SNS JU alone, this is more than €900 million over the next seven years that EU plans to allocate to help European players build the research and innovation capacities for 6G systems and develop lead markets for 5G infrastructure. This includes communication components, systems and networks, and “radical technology advancement” with a strong vertical approach. Cybersecurity is part of this plan, with focus areas like connectivity resilience, trust, threats, AI, and secure privacy preserving methods in a multi-stakeholder, or multi-tenant world.
Sovereignty is about the level of control. Who has control over the 5G cloud to edge, network and data?
5G networks are evolving to cloud-native architectures, pushing communication services providers (CSPs) to fundamentally transform their infrastructure and operating model – and avoid being squeezed to the connectivity between antennas and cloud.
To benefit from the huge infrastructure and platform capabilities of cloud providers and/or offer their customers an interoperable platform ecosystem (mixing connectivity infrastructures, cloud-to-edge infrastructures and software), CSPs have built partnerships with network equipment providers and hyperscalers. These include, among others: Google with Telefonica, AWS with Orange and Vodafone, and also Microsoft with Vodafone and Telefonica.
Understanding and assigning responsibility
Operators are responsible for the security of customer data, and for the confidentiality of data exchanged on the network from user endpoint to 5G Core. But when networks are managed by foreign companies, how trustworthy can they be — especially when it’s impossible to know if and how data can be used?
In order to be agile to offer service creation and monetization, deployment automation and orchestration are required in both central and local clouds for network capabilities and applications. In this context, security enablers can help counter-balance the challenge of untrusted environments. Key strategies include encryption and advanced access management, deployment of AI to identify misconfigurations and suspicious patterns within networks, and technologies ensuring privacy-enhanced services (e.g. with a focus on preserving confidentiality and ensuring traceability).
Digital Vision: Cybersecurity 3 – Further Insights
From across Atos and beyond, find out more about cybersecurity challenges and how organizations can respond to cyber threats