There is a “window of opportunity” for Australia to develop its 5G sovereign capability and address security issues, and urgent action is needed from the federal government, according to a new Australian Strategic Policy Institute report.
The report, by ASPI fellow Rajiv Shah, looks at the wider security risks in the 5G ecosystem beyond those of individual vendors – such as Huawei – which were banned from the network build by the Australian Government.
It calls for a risk mitigation strategy with a focus on a diversity of vendors and suppliers, and an emphasis on sovereign capability through a range of policy levers and funding mechanisms, including a Commonwealth investment fund for critical technologies and more regulation to improve competition.
“There is a need for a trusted ecosystem of vendors, which may also bring enormous opportunities for states, including Australia, to develop sovereign 5G capabilities and grow their 5G market,” Mr Shah said in the report.
“States need to find the most promising opportunities to develop key sovereign 5G capabilities, including in Australia, and take the same approach to other key enabling technologies in order to avoid similar supply-chain security challenges in the future,” he said.
“The window of opportunity is open now, so we need to lead by taking action now and encouraging other like-minded countries to follow and coordinate with us.”
While “very high-risk vendors” can be “sensibly” banned entirely, there are no zero-risk vendors, so mitigation measures are necessary, including independent testing and end-to-end encryption, the report found.
A diversity of providers is critical to ensuring the security and integrity of Australia’s 5G network, Shah said.
“If a network is dependent on a single vendor and a vulnerability is found, the vendor becomes untrusted for some reason or the company collapses, the equipment will be almost impossible to replace and entire networks can become at risk overnight,” Shah said.
“If the security of one vendor is compromised, that shouldn’t compromise the whole network or all of the networks. This will require initiatives to promote diversity and interoperability, including standards setting, testing and integration facilities and regulation. If implemented correctly, this will not only improve cybersecurity but also provide an economic opportunity for industry.”
There are opportunities for new entrants to gain a foothold in 5G networks, but this will require federal government assistance, the report found.
“There are significant opportunities for vendors from Australia and allied countries to develop critical technology. However, they face significant competition from established players with economies of scale, and in some cases direct or indirect foreign government support,” it said.
“Appropriate policy actions will be needed to overcome the barriers in order to open up genuine opportunity for a broader range of vendors and provide the diversity that we need to improve the security and resilience of our 5G ecosystem.”
This should include adequate regulation of competition to ensure new entrants are viable, preventing cross-subsidies of existing major vendors when selling new capabilities, and “perhaps even mandating major vendors to subcontract a portion of the work”.
“These restrictions should apply to all existing major vendors, not just those from high-risk jurisdictions. It wouldn’t be an appropriate approach to just pick one or two ‘winners’ from the existing major European and US vendors – a rich, diverse, vendor pool is needed to ensure the long-term resilience of our 5G networks,” the report said.
The federal government should also establish an investment fund to provide capital for technologies critical to Australia’s national security, Shah said, which could be modelled on the UK’s National Security Strategic Investment Fund. This fund would help to support the scaling up of 5G technologies.
The government should also establish, fund and manage an independent testing facility for 5G networks, and look at mandating that network providers have to use multiple vendors for important components.
On a broader point, the report calls for the government to invest for the future and fund other emerging technologies to avoid a similar situation.
“Action needs to be taken to prepare for the future to avoid a repetition of this situation with other emerging technologies. Australia needs to invest in developing and commercialising technologies for artificial intelligence, 6G, quantum computing and other emerging fields,” it said.
“In building the right skills pipeline, we should also address current perceived skills gaps. We need systems engineers who can design and build systems bringing together components and technologies from different companies.”