INNOVATING TO SECURE THE 5G SUPPLY CHAIN By Bob Kolasky The telecommunications industry is at the center of digital modernization. Internet connectivity and mobile broadband services enable the efficient and effective functioning of multiple essential services while seamlessly connecting individuals and communities to allow for more equitable opportunity across the digital spectrum. Our telecommunications infrastructure promotes almost unlimited data flow at near infinite speed. Even with that achievement, there is still much progress to be made. Digital infrastructure is the subject of great innovation, most prominently through the evolution of fifth generation (5G) communications networks. As the National Telecommunications and Information Administration’s National Strategy to Secure 5G explains, 5G networks “will be a primary driver of our nation’s prosperity and security in the 21st century.” As with any significant innovation, 5G will rely on new technologies and change the nature of the infrastructure – particularly the hardware and software at the core of operating the network. Telecommunications companies with roles across the development and deployment of 5G networks are upgrading infrastructure, prioritizing the security of existing infrastructure and deploying novel components to operate the infrastructure most prominently via virtualized software-directed networks that are more diffuse and localized. As the telecommunications network evolves toward 5G, ensuring that the network componentry is trustworthy has become a renewed and enhanced imperative. This has been recognized in U.S. policy, particularly through restrictions on untrustworthy equipment. For instance, the Federal Communications Commission (FCC) has developed a “covered list” which includes companies unduly influenced by a foreign government, including Huawei, ZTE, Hytera, Hikvision, Dahua, Kaspersky, China Mobile, China Telecom, Pacific Network, China Unicom. Companies on this list produce communications equipment and services (Covered List) that are deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. “The FCC’s rules now prohibit the use of Federal funds to purchase equipment and services on the covered list,” explained FCC chairwoman Jessica Rosenworcel at a recent Center for Strategic and International Studies event. “But,” as Rosenworcel added, “the list does more than just that. It provides companies making their own decisions clear signals of the security of the products in the marketplace.” Covered lists, such as those developed by the FCC, are widely used in policies by the United States as well as its allies to try to raise the security of 5G and telecom networks and ensure open competition. Publicly identifying untrustworthy companies helps set restrictions when authorities exist, send market signals and limit financial incentives for network expansion. Complying with these restrictions, however, is not the only way that businesses in the telecommunications space should manage risk to supply chains from untrustworthy technology. While not purchasing equipment from covered entities is a good start, the reality is that many of those companies are embedded in other digital supply chains. For example, at Exiger, we have found that China Telecom has deep business ties with at least one company that is almost ubiquitous in cloud service provision. This kind of business relationship is not unusual. In addition, given the public nature of restrictions for products on covered lists, the practice of “white labeling” – where products manufactured by an untrustworthy company are sold on the market under a generic, benign or otherwise covered up brand – is increasing. (This includes both domestic and international companies.) These two factors add complexity to the imperative of recognizing security risk in supply chains from untrustworthy companies under undue foreign influence and control from adversarial states. MOBILE & WIRELESS 30 CHANNELV ISION | MARCH - APRIL 2023
RkJQdWJsaXNoZXIy NTg4Njc=