Updated: Jan 6
Trisha Ray, Associate Fellow at the Observer Research Foundation
Trisha Ray is an associate Fellow in the Technology and Media Program at the Observer Research Foundation and a member of the UNESCO Working Group on Information Accessibility. She holds a master's degree in security studies from Georgetown University's Walsh School of Foreign Service. His research interests include emerging technologies, artificial intelligence governance and specifications, and the security implications of lethal autonomous weapon systems.
Regulate 5G so it does not become a weapon
1. The Wall Street Journal reported on the morning of June 9 that Biden signed a repeal of the executive order on TikTok and WeChat that Trump had signed and replaced it with a new executive order. What kind of signal do you think this sends?
Biden’s Executive Order is in some ways a continuation of the Trump administration’s policy: the aim remains to assess threats posed by ICT products, apps etc based in the jurisdictions of foreign adversaries. However, where the Trump administration’s language was more targeted and adversarial, the Biden EO attempts to create objective standards to assess ICT threats.An ad hoc approach to data, communications and supply chain security is not a tenable long-term solution, and can alienate partners that do not fully agree with a US vs. China binary approach to tech foreign policy. In this sense, the June 9 EO is a positive step toward resilient and secure ICT supply chains and ecosystems, and would help provide some clarity on the concept of “trusted” vendors and partners.
2. In the Indo-Pacific 5G survey: Connections and conflict, which contains a point that today, nations are faced with the apparent binary of Chinese and Western technology, can you explain the apparent binary more clearly?
In the 5G policy narrative, particularly in the US but also in a growing number of other countries that view technology offerings from Chinese companies as a national security threat, the choice between Huawei/ZTE vs. Ericsson/Nokia etc is presented as a binary. One is secure, transparent and subject to appropriate legal safeguards that protect the integrity and security of data and communications. The other is non-transparent, subject to intrusive access by the government. In the case of 5G, the technical shift where core functions of the network cannot be separated from the edge makes the “trustworthiness” of vendors more crucial. What the paper means when it uses the term “apparent binary” is that concerns about supply chain security, foreign government access to communications networks etc are not exclusive to one country. The paradigm shift that 5G-enabled applications will bring demands clear standards for trust and security in the 5G ecosystem. While bans are effective short term measures, it is not a long term solution to security challenges. It is also worth noting that eavesdropping on domestic communications networks, as well as foreign ones, is a common practice in the intelligence community. What would the implications of these backdoors planted by “trusted partners” be on the security of 5G networks? The 5G security conversation therefore needs to also capture the bigger picture.
3. In Indo-Pacific 5G survey: Connections and conflict, which puts forward a view that 5G will create unprecedented productivity but also bring unprecedented vulnerability, could you elaborate on how the unprecedented vulnerability is manifested more?
The first way to frame this question is, “What is different about 5G?”. First, as I mentioned earlier, one distinction is the blurring of core vs. edge, meaning that measures taken in 4G and previous generations to restrict risky vendors to the edge are not as effective in the case of 5G.The second issue arises from 5G-enabled applications, mostly IoT and its use in public infrastructure like pipelines. The recent Colonial Pipeline hack, for example, demonstrated how a cyberattack on critical infrastructure could have widespread effects.Third is the vulnerability of users. A large number of endpoints - smartphones, smart speakers, refrigerators, wearable technologies -- means a larger attack surface. Many smart devices are notoriously easy to hack (See:
https://www.washingtonpost.com/news/worldviews/wp/2017/02/23/this-pretty-blond-doll-could-be-spying-on-your-family/)The second way to talk about “unprecedented vulnerabilities” here is in the context of geopolitics. Dependence on a small pool of vendors carries its own set of risks, and the 5G base station market today is essentially an oligopoly. Countries can also weaponise the flow of 5G equipment and components, through bans and other trade and non-trade barriers, to exert pressure on other countries.
A common risk and resilience framework for 5G is the need of hour.
Interviewer: Jiang Yuqing
Interview date: June 16, 2021