5G technological sovereignty, what is at stake?
Because 5G is a highly strategic technology, nations and regional institutions must take control over the technological value chain, which is directly linked to their sovereignty.
1. Managing the risks around 5G
“In three to four years, cutting 5G will mean cutting power in terms of impact.” (…) “The impact (of an attack) would be terrible for our economy.”
These are the words from Guillaume Poupard, director of the French security agency ANSSI (Agence nationale de la sécurité des systèmes d’information), referring inter alia to the risks of eavesdropping on communications – which led major Dutch providers to block Huawei from their core networks, and connectivity outages in 5G.
In the US, this strategic importance of 5G has already led to restriction on Huawei and ZTE equipment.
In some non-EU countries like the UK, Huawei was banned and regulations have been enacted to limit its use. The Telecom Act in the UK prohibited mobile network operators from purchasing Huawei equipment after December 2020 ; they are now asked to remove Huawei from UK’s 5G network by 2027.
In Europe, where “faced with the risks of ’third-party state interference,’ Europeans want to guarantee their ’technological sovereignty’ over 5G networks and the data that will circulate there.” (source) Therefore, the European Union is considering amending cybersecurity laws to apply extra security measures for critical infrastructures, including 5G mobile networks. This could lead to limited usage or even a ban on equipment from providers suspected of espionage.
In parallel, with network virtualization and cloudification, the significance of hyperscalers is growing (AWS for edge, Google Anthos, Azure Stack). This raises questions about the level of control on all planes of sovereignty (data, technology, operations) and the risk of dependency on US capabilities.
In view of the stakes, States have now no choice but to get involved in the deployment of future networks in order to guarantee security & resilience.
2. EU pushing for technological sovereign 5G solutions to emerge
If Europe already benefits from patents owned by Nokia and Ericsson, disaggregating the network into microservices also opened the door to alternative choices to this duopoly in terms of infrastructure equipment. Deutsche Telekom, Orange, Telecom Italia (TIM), Telefónica and Vodafone are participating in Open RAN demonstration projects and campaigning to build an Open RAN ecosystem for Europe, with the goal to ensure that Europe continues to play a leading role in 5G (and in future 6G networks), despite an ecosystem (Airspan, Altiostar, Casa Systems, Parallel Wireless, Radisys, Asocs, Intel, etc.) that is mainly non-European. Among the hot topics: the European alliance in cloud, semiconductor issues, and interoperability standards and openness.
There is a push to move from a heterogenous approach to federated European 5G, overcoming a lack of coordination between EU members. Accordingly, institutions are attempting to re-gain sovereignty and develop ecosystems over the next five years, through European and national funding programs.
Examples of European projects to foster 5G and 6G EU sovereignty include the IPCEI on Microelectronics and Communication Technologies, the IPCEI on Next-Generation Cloud Infrastructure and Services (IPCEI-CIS), and The Smart Network and Services Joint Undertaking (SNS JU) for 5G/6G.
In the SNS JU alone, this is more than €900 million over the next seven years that EU plans to allocate to help European players build the research and innovation capacities for 6G systems and develop lead markets for 5G infrastructure. This includes communication components, systems and networks, and “radical technology advancement” with a strong vertical approach. Cybersecurity is part of this plan, with focus areas like connectivity resilience, trust, threats, AI, and secure privacy preserving methods in a multi-stakeholder, or multi-tenant world.
Sovereignty is about the level of control. Who has control over the 5G cloud to edge, network and data?
5G networks are evolving to cloud-native architectures, pushing communication services providers (CSPs) to fundamentally transform their infrastructure and operating model – and avoid being squeezed to the connectivity between antennas and cloud.
To benefit from the huge infrastructure and platform capabilities of cloud providers and/or offer their customers an interoperable platform ecosystem (mixing connectivity infrastructures, cloud-to-edge infrastructures and software), CSPs have built partnerships with network equipment providers and hyperscalers. These include, among others: Google with Telefonica, AWS with Orange and Vodafone, and also Microsoft with Vodafone and Telefonica.
Operators are responsible for the security of customer data, and for the confidentiality of data exchanged on the network from user endpoint to 5G Core. But when networks are managed by foreign companies, how trustworthy can they be — especially when it’s impossible to know if and how data can be used?
In order to be agile to offer service creation and monetization, deployment automation/orchestration in both central and local clouds for network capabilities and applications are required. How to keep control when multi-access edge computing (MEC) is likely to run partly or totally on low-sovereign edge cloud capabilities and/or employ foreign platforms offering attractive technologies and tooling for building and deploying applications and services (including AWS Wavelength and MS Azure private MEC)?
In this context, security enablers are counter-balancing the non-technological sovereignty in untrusted environments.
Managing access and using encryption will be critical to increase the control over data in transit or at rest (RAN, MEC), and to ensure control and security of the link between network and applications in this software-defined reconfigurable 5G world.
AI will also be important to profile interactions, to monitor/control/ identify misconfigurations in cloudified infrastructures, to detect network pattern deviations or suspicious apps running on customers’ edge data.
Technologies ensuring privacy enhanced services (like homomorphic encryption and secure multi-party computation…) are also promising in multi-tenant, multi-stakeholder, multi-vendor platforms — for preserving data sovereignty and confidentiality, or for ensuring traceability and trust in networking elements and services functions.
Coming back to the UK deployment model pointed at by the ANSSI :
“If we let the operators do everything alone, security and sovereignty issues will not be taken into account.” (source)
Atos is actively contributing to this sovereignty landscape by enhancing sovereignty levels within complex 5G architectures through EU-made and certified cybersecurity products and communication solutions. Over the next five years, Atos plans to contribute to a European Open RAN implementation by building a sovereign, secure edge computing capability compliant with ETSI multi-access edge computing (MEC) standards and based on European and French assets.
 NOTE: IPCEI stands for Important Projects of Common European Interest, which are large-scale, multi-country innovation projects in specific sectors that contribute to the EU’s strategic objectives.
About the author
Portfolio Manager, Atos Digital Security
Barbara has been working with Atos since 2006. After several years managing large, multi-years programs for critical Industries & Defense, she has been appointed in the Defense entity mission-critical systems (MCS-C2I) to support transversality topics and strategy definition at a global business line level. Since the creation of Atos Digital Security in 2021, she is now managing a wide portfolio combining critical systems and cybersecurity products & services.
Barbara holds a Business School diploma from ESCP-EAP. She has been selected for the “high potential program” in 2010, the “Atos Excellence program” with Polytechnique in 2018 (certification in business transformation), and she’s now a member of the Scientific Community.