Emerging Threats

The importance of taking the lead in developing 5G security standards

Apr 20, 2023
The importance of taking the lead in developing 5G security standards

Hardly a new day begins in the West without a news story of an increasingly frayed relationship between the U.S. and China. Chinese leader Xi Jinping struck an aggressive tone at the most recent National People’s Congress of the Chinese Communist Party (CCP), tensions over a possible conflict involving Taiwan remain high, and the downing of a Chinese spy balloon off the coast of South Carolina this past February did little to assuage fears that the countries are on a collision course. 

The tech sector is an especially fierce battleground between the two. Squabbles over whether to ban the social media platform TikTok garner the most headlines. But there are other, potentially more impactful arenas where competition is tightening. The race to deploy a global 5G network is one such battleground, with the U.S. and China vying to come out on top on several fronts.

First, there is competition over ownership of the architecture that will enable global 5G networks. China has a healthy lead in this respect, largely because of its massive and complex Belt and Road Initiative and heavy investment in developing economies via its Digital Silk Road initiative. Fears over China using this 5G infrastructure to spy on customers’ communications led the U.S. to blocklist the Chinese telco manufacturer Huawei in 2020. As with TikTok, the argument is that the company is essentially an extension of the CCP. 

The supply chain is the second major source of competition in the battle for 5G supremacy. According to RAND, the U.S. currently holds a slight edge in this category because of its dominance in creating the equipment critical to manufacturing microprocessors, essential components of 5G infrastructure. For now, a U.S. ban on exporting these materials to China to be incorporated into their manufacturing operations has China worrying about its ability to maintain current production outputs.

A third area of competition involves developing and propagating technical standards for 5G technologies, including security standards. Standards organizations like ISO have essentially allowed the internet to become what it is by enabling a unified way of working, making activities like intercontinental FaceTime calls possible. Long dominated by the West, the CCP has made plain its desire to become the new global leader in standard-setting. 

The soft power of standard-setting

The ‘Standards 2035’ project is Beijing's concerted effort to advance its internally developed standards over those favored by Western governments. In 2021, China outlined publicly for the first its guiding philosophy for the development of standards for all sectors, from agriculture to tech, emphasizing the "fundamental and leading" role standards play in industry advancement.

Professors Hal Brands and Michael Beckley write in their book about increasing competition between China and the U.S. that there is a saying in China: "Third-tier companies make products, second-tier companies make technology, top-tier companies set standards." 

Why are standards so important in the race to develop advanced technologies? Reasons include:

  1. Adoption – Standard-setting organizations gain the first-mover advantage when they can secure their adoption in developing markets. They also have the opportunity to develop “standards-essential” patents or technologies that must be incorporated into compliant solutions. China holds a third of all standards-essential patents related to 5G technologies.
  2. Interoperability – Interoperability is essential to achieving the numerous use cases proposed for 5G networks. The companies that set the standard for 5G will ensure their solutions can function together across links in the supply chain, ensuring vertical integration.
  3. Security – Baking security features like encryption into standards from the beginning can prevent (or, rather, determine who controls) snooping by intelligence agencies. While Western governments’ commitment to data privacy is open to question, the CCP makes no such claim. All data flowing through Chinese-owned infrastructure is subject to seizure by the party. 

The 3rd Generation Partnership Project (3GPP) is one of the most important deciders of 5G standards. It is an international consortium of telco representatives who work on establishing common targets for a "global network evolution" to 5G. With representatives from both China and the U.S. included, it is where many of these scrambles for standards play out. 

"Although the leadership structure and country representation for the RAN WG does not suggest dominance for any particular country, it does show that the United States holds the minority of intellectual leadership positions in the RAN 3GPP [working group] structure," writes RAND.

Ensuring a say in 5G security standards

While China can rely on centralized state control to devise and push standards, the U.S. has typically relied on private industry for standards development. The private sector should actively lend its expertise to governmental organizations, like NIST, that lead national development of these standards. 

The NSA’s Enduring Security Framework (ESF) is an example of a fruitful public-private partnership worth emulating. Companies like Zscaler cooperate with these initiatives to protect the nation’s critical infrastructure, including in the development of security standards for 5G and Open-RAN.

According to the U.S. Department of Defense (DoD), “RANs are traditionally vendor-locked, vertically integrated telecommunications architectures that enable wireless communications, such as 4G, 5G, and subsequent generations of communications technologies. By disaggregating RAN architectures – thus making them ’Open’ - more companies can pursue innovation on advanced 5G network architectures and related security.”

Today, Open-RAN holds the most promise for broad collaboration in designing the security standards that will be applied to 5G development. The UK Government has referred to Open-RAN as key to "circumnavigating the geopolitics associated with 5G provisioning," but it must be implemented securely.

Open-RAN’s promise will also be its downfall without reliable and widely implemented security standards. The ability for any enterprise to easily spin up its private telco networks presents ample opportunity for security to be neglected. Security standards developed in isolation by foreign governments could easily be outfitted with backdoors or other vulnerabilities. 

Collaboration among friendly governments will also help to ensure it is not a bipolar competition between the U.S. and China. Recruiting allies to participate in standards development will expand the roster of nations who willingly adopt them. 

Similar to today's internet, a parallel system will likely emerge between the West and China. Government organizations are already forbidden from using 5G equipment with Chinese components anywhere along the supply chain. Despite this, it’s too early for Western countries to give up the battle to develop the security standards for this pivotal advanced technology. 

There’s simply too much at stake.

What to read next

What has TikTok really taught us?

Security leaps forward for open radio access networks and 5G (interview)

Dmitri Alperovitch on Taiwan, China and Putin’s probing cyberattack