The writer is the Financial Times’ head of IT Risk and Cyber Security.
When it comes to state-led cyber activity, it’s all about plausible deniability. Whether the claims involve a hack of Amazon founder Jeff Bezos’s phone, corporate espionage or intimidation of human rights activists, our lack of experience is precisely what makes it so hard to be sure who is to blame.
Now that the UK government has approved allowing Chinese group Huawei to participate in parts of Britain’s new 5G infrastructure, and EU members are facing similar decisions, we need to keep that idea in mind. We must explore whether we can be truly safe, and the technical and non-technical implications of allowing access to a company linked to what is an undeniable information superpower.
China has dominated the global technology hardware supply chain in recent years — from iPhone components, to computer motherboards and devices powering the internet of things. Those who question the risk of Huawei supplying parts of the UK’s network infrastructure ought to keep in mind that when it comes to tech building blocks, most roads lead to Beijing. The west may use the economics of comparative advantage to rationalise its lagging behind on manufacturing, but the economics of the surveillance age raises questions that will be harder to overlook.
Consider the way telecoms technology works, using a conceptual framework dubbed the Open Systems Interconnection model. At the bottom is the physical hardware layer, or the nuts and bolts and chipsets. At the top is the software application layer, or what we see on our computer screens. In between are layers that deal with data links, networks and transport channels, among others. Each layer is vulnerable to hacking and also depends on the security of the layer underneath it. So in principle, if the hardware layer is compromised, so is everything above it.
What complicates the Huawei issue, is that every layer involves proprietary information — hardware, protocols and code — adding so many unknowns. Corporations are unlikely to open their intellectual property to scrutiny, and we are unable to reverse-engineer every component. It is, therefore, nearly impossible to verify how network messages are relayed over the hardware back to Huawei (and potentially the Chinese state).
That uncertainty will create the plausible deniability upon which surveillance relies.
We can try to ascertain who is watching the network by monitoring what happens to data at the network boundary. It isn’t always possible to tell where all of the information comes from or goes to, but if we spot a pattern of data being sent to an unknown location, there is the possibility for targeted investigation.
But with 5G, we may be on the back foot already. This cutting edge technology is adept at processing data that is orders of magnitude higher in volume than 4G. So the sheer scale of the problem will work against traditional monitoring methods. At national level, without knowing exactly what to look for, it is a needle-in-haystack nightmare.
UK prime minister Boris Johnson insists that Huawei will be limited to supplying 35 per cent of “non-core” network infrastructure. So while Huawei 5G may not touch critical national infrastructure such as the oil and gas sector, or nuclear and electric grids, it may have access to consumer and citizen data. That might seem of little concern at the individual level, but at societal level, the risk is not trivial — if metadata around consumer trends is at the disposal of a trade competitor, there is no reason to think that the competitor will abstain from creating further monopolies to undercut the UK economy.
All this assumes that the Chinese state can indeed access information from Huawei with impunity — which adds itself to the list of big unknown risks. Non-democratic state actors operate with complete opacity in such matters and even the democratic west has only just began to clarify its own rules. What is clear, though, is that if Beijing does have free rein, Britain and other countries that open the door to Huawei may be handing China the ability to transform itself from a hardware power into an information monopoly, the cost of which is inestimable.
Britain could have developed 5G technology in-house — but that would have risked losing the UK’s competitive edge on spreading 5G quickly, given that most research and development is outsourced. Spreading its bets by taking on Ericsson, Nokia or other market offerings may have cost more in the short term, but would have allowed more open debate about who consumes the data.
We do not know whether US objections to Huawei are based on security concerns or a clash of presidential egos, but it is clear that the UK is taking on the risk of multiple unknowns — whether we can truly be safe depends on whether we can assume the worst and prepare for it.
Source: Economy - ft.com
