Huawei ban is a bad business
Bad times: Australia needs a telecommunications security assurance capability
The Australian government has announced an effective ban on Chinese telecommunications vendors from participating in the 5G rollout. The outcome of this decision will be a significant head-start for Telstra in the race to rollout 5G and higher mobile telecommunications prices for businesses and consumers.
The move by the dying Turnbull Government, in what appears to have been a failed late-night move to appease the right wing of the Liberal Party and thereby gain votes in the party room, means that the Australian Government has become the first and only government to institute a ban on Chinese telecommunications vendors.
In the US, Huawei is not officially banned, but has been effectively sidelined from providing telecommunications infrastructure and systems to major telecommunications companies since 2012, when a US congressional report identified that Huawei is a national-security threat.
In the joint media release the Communications Minister Mitch Fifield and – at the time – the acting Home Affairs Minister Scott Morrison stated that “the Government has undertaken an extensive review of the national security risks to 5G networks.”
“Government has found no combination of technical security controls that sufficiently mitigate the risks.”
Unsurprisingly, the government has not released anything that supports this claim, nor has it acknowledged the International Telecommunications Union (ITU) Telecommunications (ITU-T) design for 5G that includes an interface between the core networks and the access networks, effectively permitting network operators to implement infrastructure and systems similar to how 4G has been implemented.
In an effort to explain the decision, the announcement states that “where previous mobile networks featured clear functional divisions between the core and the edge, 5G is designed so that sensitive functions currently performed in the physically and logically separated core will gradually move closer to the edge of the network.”
“In that way, the distinction between the core and the edge will disappear over time.”
The ITU-T has provided interfaces between the core and the access network, so there is a separation that can be utilised if circumstances warrant. And if the Australian government wanted to limit certain equipment vendors to the access network, then there is no technical limitation that would prevent this outcome.
The government provided no evidence to support the premise that existing security arrangements for Australian telecommunication networks are adequate, nor evidence that demonstrates that Chinese telecommunication vendors would put in place software systems that could be used illegally to gather information if the vendor was ordered by the Chinese government to do so.
Australia is now one of the few industrialised nations that has not put in place a telecommunications security assurance regime, and it is this lack of a significant national security capability that exacerbates the problem of providing telecommunications infrastructure and system security.
In June, I wrote to former Prime Minister Malcolm Turnbull calling for a telecommunications security assurance centre to be set up in Australia. I have yet to receive a response.
The lack of a local telecommunications security assurance capability means that Australia is responding to unfounded claims about Chinese telecommunications vendors.
The Australian government has missed an opportunity, as the dependence on telecommunications, artificial intelligence and Big Data will grow over time, and we need a security assurance capability to investigate infrastructure and systems operation throughout their life cycle.
The principal rationale for the government’s decision appears to be found in the statement that it “considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference.”
“Carriers may still need to apply controls regardless of the vendor they choose. These controls would not displace existing cyber security practices or business risk mitigations.”
The Government’s assertion could equally apply to all telecommunications vendors, irrespective of their origin and as most of the international telecommunications vendors have their equipment built in China, the government’s rationale could equally block Nokia and Ericsson from being selected for the Australian 5G rollout.
It is worth remembering that most of the telecommunications equipment used in Australian networks is manufactured in China by Chinese majority-owned local subsidiaries of the U.S. and European telecommunications vendors.
Recently there have been unsubstantiated statements in the media that only the Chinese based telecommunications vendors would be subjected to Chinese security laws and not the US and European based telecommunications companies that use Chinese majority owned subsidiaries to manufacture products in China.
Do you think the Australian government would exempt local subsidiaries of foreign companies from an order based on national security laws? Of course, they wouldn’t, so why make claims that other governments would do differently.
The question is whether or not the Chinese government would force Chinese-owned companies that manufacture in China to carry out illegal acts in another country. To do so could bring international condemnation and a massive economic backlash.
In August, Fairfax Media put questions to the government about the lack of a telecommunications infrastructure and systems testing regime and whether the government had concerns with other vendors such as Nokia and Ericsson.
The Home Affairs department declined to respond to the Fairfax questions citing national security and commercial in confidence reasons.
The response by Home Affairs department is unsatisfactory, because to date, no evidence has been provided, here or overseas, that a telecommunications vendor that has its equipment built in China would comply with a demand by the Chinese Communist Party for security of telecommunications infrastructure or systems installed in another nation to be compromised.
What should be of concern to Australian business and consumers is that the ban on Chinese telecommunications vendors is expected to decrease competition in the market and increase costs.
Telecommunications is a key driver of the global digital economy and the government’s decision to restrict access to infrastructure and systems on the premise that there might be a risk in the future that is as yet unsubstantiated will have a negative impact on Australia’s ability to compete globally.
Mark Gregory is an Associate Professor in Network Engineering at RMIT University and is the Managing Editor of the Australia Journal for Telecommunications and the Digital Economy