5G may be the darling of the networking media, but it has profound technical and economic issues. The standards aren’t yet done, there are questions about how some of the proposed features would be implemented, and there’s the overriding question of whether there will be sufficient return on investment for operators. Those complications are daunting, and now we have a story that the Administration is looking at building a “nationalized” 5G network. The Administration denies the story, but suppose it’s true. How bad can this get? Plenty.
The apparent issue behind the story is the fear of some in Washington that Chinese equipment vendors like Huawei (AT&T and Verizon have also said they won’t sell Huawei phones) might build in network vulnerabilities that would threaten 5G network services and security. They imagine, in particular, a kind of Chinese wave of IoT takeovers, where infrastructure is held hostage because everything is “on the Internet”. The question is first whether there’s a real risk here, and second whether having a nationalized 5G infrastructure is the way to address whatever risk there is.
We obviously have networks today that are vulnerable to hacking. The presumption of proponents of the nationalized approach is that 5G is different, for two reasons. First, it’s a massive rebuild that would offer more opportunities for hostile powers to introduce back-door vulnerabilities because there’s more new stuff being done. Second, the 5G networks will support what one media story called “legions of data-hungry IoT devices”, which would let intruders diddle with our thermostats, TVs, power plants, and other critical stuff. Let’s start with these two points and try to assess the real situation.
It is true that 5G would involve a lot of new gear, and also generate a greater dependency on software-defined features and network elements. These could in fact be equipped with back doors that could allow someone access to control and management elements, putting the system overall at risk. But remember that it’s not risk per se that we have to assess, it’s incremental risk. It does no good to protect yourself from Thing A when you’ve let Thing B pass, and it present a greater risk.
China already makes a lot of network hardware, and most other countries buy it without much concern over planted back-door vulnerabilities. The US has not been a major buyer of China’s telecom gear up to now, and the government pressure to ensure that’s the case could just as easily be applied to 5G. Remember the AT&T and Verizon decision to stop selling phones from Huawei? You don’t need to nationalize 5G to apply pressure on network operators to avoid vendors the government believes pose a risk; we didn’t need it with 3G or 4G.
Then there’s the fact that we already know that we have to secure access to the control and management planes of devices and software. It usually takes two things to create an exploit. One is the back-door or vulnerability, and the other is access to it. What network operator would not secure their critical elements?
OK, let’s move to the next point, which is the incredible risk posed by all those data-hungry IoT devices. Look around your home. How hungry is your smart thermostat or your security sensor? Not only is it probably not very hungry at all, it really doesn’t need the higher data rates of 5G. Further, your thermostats and sensors aren’t “on the Internet”, they’re on your home WiFi, so you don’t need 5G to connect them. The point is that it’s far from clear that we’re going to have a legion of new IoT devices on the Internet. If we do, we already know that there are going to be massive security and DDoS issues with them, whoever provides the 5G network. In fact, the vulnerabilities of these devices at the IP level likely dwarf the risks at the cellular technology level.
What about the need for addressing those billions of new gadgets? Isn’t that a 5G problem? No, for two reasons. First, as I said, you probably don’t use public IP addressing for the great majority of IoT devices. Your home is networked using WiFi in almost all cases, remember, and the network is based on a private IP address from one of three address spaces defined by RFC 1918. One space is a Class A address space with over 16 million available addresses, one a Class B space with over a million, and the last a Class C space (the one used by most homes) that offers about 65,000 addresses. Every home could have its own address space, with over 16 million devices on it, without going to IPv6. Finally, you could use IPv6 with 4G if you needed to.
There is a value to 5G of course, most obviously in competitive marketing of wireless and also in improving capacity and performance even for traditional mobile users. It’s also valuable in millimeter wave form to extend fiber-to-the-node, replacing copper loop. Are these enough to drive 5G deployment alone? Sure, eventually, but not like some onrush of those data-hungry IoT devices (which, as I’ve said, don’t really exist). Without some dramatic driver, 5G is more an evolution than a revolution, and there won’t be a new refresh of the entire wireless world. That means no more risk of back-door intrusion being introduced than we’ve already been facing.
There’s another point we have to consider, which is whether it’s feasible to create nationalized 5G infrastructure, forgetting the Chinese connection for the moment. Go back perhaps three decades and you’d find telecom networking largely consisting of regulated monopolies and government-owned facilities, usually under what was known in Europe as “Postal, Telegraph, and Telephone” or PTT bodies. We moved to privatize all of that in the ‘90s. Was it wise? Perhaps or perhaps not, but it was done. Since then at least one country, Australia, has attempted (for broadband Internet) a return to something like the nationalized 5G concept. NBN (New Broadband Network) hasn’t been a rousing success for Australia, as a search of the concept will show.
If the US Government were to build out an NBN-like utility 5G network and then lease capacity to operators, it would jump-start 5G and benefit equipment vendors (presumably other than the Chinese). But think about this point a moment, and you’ll see the flaw. The government would have to do it, not just propose it. We don’t have a recent history of vast Congressional successes. It might take years for something like this to get approved. What happens in the meantime? Nothing.
That’s right, absolutely, literally, nothing. No current operator would invest in 5G thinking the Government was going to step in and compete or take their efforts and investments over. If you think 5G is moving too slowly now, wait and see how a nationalized 5G plan would impact deployment. Glaciers would look like space ships by comparison, and by the way, isn’t space now getting privatized? Maybe there’s a lesson here.