Wednesday, December 11, 2019

Telecom Industry Rift Widens Over Key 5G Security Issue

Some of Europe's biggest operators are distinguishing between the core and the RAN as they build their 5G networks, but the region's biggest 5G vendor says the boundary is disappearing.The telecom industry is riven over a critical security matter in Europe's 5G networks, with billions of dollars on the line depending on its ultimate resolution. The debate hinges on whether the radio access network (RAN) should be subject to less stringent controls than the 5G "core." Some of Europe's biggest operators are proceeding on that basis, but Ericsson, its largest vendor of mobile networks, thinks distinguishing between these domains will become increasingly difficult in 5G. If governments heed its take, the operators may be in for a shock. That's because many have chosen to build a 5G RAN with Huawei, a Chinese vendor deemed a security threat by US officials and some European watchdogs. Operators are keeping Huawei out of the core in the hope that any restrictions on the Chinese supplier are limited to that part of the network. As Ericsson and others stir the pot, the danger is that governments go for a more comprehensive ban. Based heavily on software, the core is often thought of as the "brain" of the telecom network. It is where important decisions are made that affect the entire system. Penetrate the core and a malicious actor could wreak havoc. The RAN, by contrast, has always been treated as dumb kit. It includes the many thousands of basestations and antennas that sit on countryside masts or atop city-center buildings. The widespread assumption has always been that any malware in the RAN is less problematic. If a basestation catches a software bug, it can be isolated and taken down without affecting the rest of the system -- just as a gangrenous finger can be amputated without harm to other body parts. UK mobile operators believe this still holds true in 5G. Concerned about the Chinese risk, Vodafone refuses to let Huawei or ZTE, a smaller Chinese vendor, anywhere near its core, where the technology is supplied mainly by Cisco, a US company. In the RAN, however, Huawei is one of Vodafone's main suppliers, alongside Ericsson. Three has a similar policy. In the core, it has deliberately avoided using Huawei, opting instead for technology provided by Finland's Nokia, said CEO Dave Dyson during a previous conversation with Light Reading. In the 5G RAN, though, Huawei is Three's only supplier, and it is replacing Samsung, a South Korean vendor, in Three's 4G RAN. BT is the only UK operator with a Huawei mobile core, but this was a consequence of its EE takeover back in 2016. Previously a joint venture between France's Orange and Germany's Deutsche Telekom, EE had relied heavily on the Chinese vendor before the BT acquisition. When that happened, one of BT's first decisions was to remove Huawei from the core. That process is still underway. In the meantime, BT has stuck by Huawei as a RAN vendor. It is not just in the UK that operators are making this distinction. In April, Dutch incumbent KPN named Huawei as a RAN vendor but said it would not use a Chinese company in the core. In Germany, where a fierce debate is raging about network security, Telefónica Deutschland has similarly identified Huawei as a 5G RAN supplier while delaying any decision about its 5G core until next year. Blurred lines But what if the line that separates the RAN from the core is blurring with the shift to 5G networks? That is the assessment of Ericsson as well as some other experts. Their argument is that network intelligence is moving out of centralized core network facilities and toward the RAN with the arrival of "edge" computing. In these future edge networks, operators are likely to host important IT resources at aggregation points near basestations and end users. Some analysts talk about a "distributed core" to describe the future 5G network. Arun Bansal, the head of Ericsson's business in Europe and Latin America, gave his take on the matter during a meeting with Light Reading earlier this year. "5G will blur the distinction that has previously existed between the core and the radio access network," he said. "That boundary will disappear in 5G simply because of the way the architecture will be done, and it will be very hard to say this is core and this is radio." The statement seems to put Ericsson at odds with some of the operators it serves. If authorities across Europe buy into its argument, the measures operators are taking to minimize network risks could turn out to be a wasted effort. The UK and Germany are two countries where important security decisions are expected next year. And while the UK is preparing to leave the European Union (EU), a risk assessment the EU published in October included some troubling clauses for German operators that use Huawei in the RAN. "Some functions of the core networks may be integrated in other parts of the networks making the corresponding equipment more sensitive (e.g. base stations)," it says in one section. Representatives of the American Enterprise Institute, a US think tank, have recently pushed a much tougher line in Brussels, arguing there should be no security distinction between different network domains even in today's 4G networks. "Already in 4G that typology falls away because the entire network is suffused with intelligence and capability," said Roslyn Layton, a visiting scholar at the American Enterprise Institute and a researcher at Aalborg University in Denmark. "When you look at 5G, there's no dumb part of the network." A decision to impose a blanket 5G ban on Huawei would cost the telecom industry billions and hinder Europe's rollout of 5G services. Operators that use the Chinese vendor in the RAN say they would have to replace its 4G equipment as well as any new 5G gear. That's because they need 4G and 5G equipment from the same vendor to avoid running into interoperability problems. Estimates of the cost vary widely. Keen to emphasize the disruption a ban would cause, Huawei has put the figure at about €55 billion ($61.3 billion) for the whole of Europe. John Strand, the CEO of a Danish advisory firm called Strand Consult, reckons this is a huge exaggeration. In a recent report, he estimated the bill at approximately $3.5 billion. Why the disparity? Strand points out that most of Europe's telecom infrastructure is already three to five years old and therefore ready for replacement. Operators will have to incur much of the cost that Huawei estimates whether it is banned or not. This won't remove the sting for operators that have become heavily dependent on the Chinese equipment maker in the 4G era. Their network strategies are based on the possibility of restrictions that affect only the 5G core. With the US still pushing hard for an outright ban, and Ericsson warning of blurred lines between the core and the RAN, they should be worried that authorities will go much further. Related posts: — Iain Morris, International Editor, Light Reading

Archive