How Can Independent Testing and Open Technologies Help the Telecoms Market?

Telecoms-related media have recently been dominated by discussions of banning Huawei and ZTE, while many governments have already mandated that equipment developed in China should not be selected for national infrastructure and 5G networks. At the same time, there has never been any proof that any telecom vendor--Chinese or not--has intentionally included back-doors, malware, or spying software on telecom infrastructure. Naturally, network equipment consists of IT platforms running proprietary software that will include bugs and security vulnerabilities and will depend on third party software that will also be insecure (e.g., almost all vendor equipment were affected by the SSL Heartbleed vulnerability).

The market is now experiencing a standstill, with politicians are assessing whether Chinese infrastructure poses a true threat for national security, and several operators--particularly in Europe--are pausing their 5G deployment strategies until there is a definitive conclusion to the Chinese security saga. There is a bigger issue at stake though: if the European Commission or governments implement an effective ban on Huawei equipment, several Tier-1 mobile service providers will be forced to either rip Huawei equipment and replace them with competitors’ or deploy a 5G overlay on their existing networks. Both options will be costly, arduous and will delay 5G deployments for years in Europe. This option will be particularly painful for mobile service providers who have recently deployed and 5G-ready Huawei SingleRAN, running 2G, 3G, and 4G in one hardware platform.

At the moment, mobile service providers have no ammunition to counter politicians’ arguments. To answer this, Huawei has opened cyber-security branches in the United Kingdom and will soon open one in Brussels, where governments and mobile service providers can inspect its source code. However, critics will argue that software deployed in the field will differ from this source code, especially since infrastructure firmware updates may be pushed out weekly, or even daily. Moreover, these security offices are sponsored by Huawei and may not be perceived as an independent point of reference. The question is: can there be a testing standard where all vendors are tested for security risks?

There are two initiatives that can reverse the current negative telecom supply chain environment: independent network testing and open networks. The first initiative would mean an independent research center that tests equipment deployed in the field. For example, target operators would provide one base station from each vendor--picked randomly--that would be subject to reverse-engineering and various network tests. It would be necessary for this research center to be independent, but such testing would be expensive, arduous, and time-consuming. However, its results would be definitive and there would be no confusion regarding the security of the equipment tested.

Open networks are already being discussed and developed, including ONAP, O-RAN Alliance, and many others. However, it will take years for these to be implemented in commercial-grade hardware and software and, most importantly, while Ericsson has joined the ORAN alliance, Huawei likely will not. An open network would mean mobile service providers would be able to mix and match vendors of choice and, most importantly, ensure that the interfaces between equipment are open, standardized, and fully transparent to anyone who wants to test them.

From a technical point of view, both options discussed above are possible. For example, there are several network test vendors, including Ixia and Rohde & Schwarz that can either provide equipment or perform extensive testing as a service. Open RAN will also be possible as soon as the O-RAN alliance proceeds to implement an industry-accepted open standard for fronthaul. The challenge remains in the cultural and business aspects of these options, but both should be take seriously as a way to shield mobile service providers and their networks from political turbulence.

For example, the European Commission or the GSMA are both capable of implementing these testing centers and the high cost of these testing facilities could be split between all global mobile operators. This amount would be insignificant for each individual operator, but the results of these test centers would be priceless to ensure the future of their networks. Open RAN is a more complex issue, as several vendors are resisting it; it can potentially cannibalize their business and open the door for smaller vendors. Nevertheless, it is imperative that all vendors, including Ericsson and Huawei, embrace open network initiatives and prove their willingness to be transparent to industry criticism.

Both initiatives may not be enough to reverse the negative climate against Chinese vendors, but they will certainly be a start. At the same time, a political turn of events may reverse these bans overnight, especially if the United States and China come to a broader agreement for trade. In any case, mobile service providers must shield their businesses against such incidents, and the two options above may give them more arguments to counter potential bans.