14 March 2018

Telecom and National Security

James Andrew Lewis

Everyone had fun ridiculing a draft National Security Council (NSC) proposal to create a government-owned 5G (fifth generation) telecom network, but take a step back and look at the problem the NSC staff was trying to solve. Before we congratulate ourselves too heartily for stopping a bad idea, recognize that none of the critics has any alternative proposals on how to fix what will be a major blow to U.S. security, largely self-inflicted. A simple explanation is that telecom is a strategic industry. China has realized this and moved aggressively to dominate the market while the United States fumbled around. The steadily approaching day when the United States will depend on Chinese telecom equipment means that China could gain unparalleled intelligence advantage over us.


The United States had two major telecom equipment providers—Nortel and Lucent—but both are out of the business. In Nortel’s case, Chinese espionage bears some responsibility for this. For major telecom infrastructure equipment, there are now only four suppliers—Nokia, Ericsson, Huawei, and ZTE—and of these, only Huawei makes the full range of equipment. Huawei’s technology is good, their prices are low (with help from the Chinese government), and they are becoming globally dominant. Banning them from the United States only slows the inevitable. Qualcomm and Cisco, while leaders in the technologies they make, do not offer the full range of equipment (such as high-capacity routers) needed for the telecom backbone.

What is amazing is that the United States has seen this problem coming for 15 years. In 2002, the Department of Defense began asking how we would deal with a global supply chain in telecom and the risks this creates. There is a still classified 2003 National Security Agency “Telecommunications Study” that asked how the United States would manage the risk from globalization. It turns out that the approach we chose was to ignore it.

So now what’s left, other than surrender? There are three options, none easy. 
Build secure networks from unsecure components. This was raised in 2003, but it turned out to be more slogan than solution. The idea is that, even if you depend on foreign suppliers, you can impose software defenses to safeguard the network. There has not been much progress, perhaps because of a lack of funding or sense of urgency, or perhaps because there were difficult technical problems that we did not try hard enough to overcome. 

Build a national champion. This idea would have appealed to any president from Franklin Roosevelt to Ronald Reagan, but it no longer appeals. The idea would be to subsidize a company to go back into the telecom business. The previous administration considered this idea, using Defense Production Act Funds, but it could at most allocate 1 percent of what China spent. (How the United States, with an economy twice the size of China’s, is regularly outspent by China in key technology areas is another unhappy story). The discussion of how to respond to the telecom problem made it as far as a Deputies Committee meeting, but none of the major information technology companies wanted to reenter this field. Though a few medium-size companies could have been candidates for investment, the administration ultimately decided to rely on Google and Silicon Valley to innovate our way out of the problem without the need for the government to spend anything. This was around the time that Google purchased Motorola Mobility, now owned by Lenovo, a Chinese company, and appeared to be toying with the idea of going into telecom. Google changed course for business reasons, leaving the United States back where it had started. 

Subsidize European producers. $300 million is not enough by any means to build a telecom giant, but it would be welcome support for the two struggling European producers. China subsidized its companies, and the United States could use vehicles like cooperative research agreements to provide funds and help keep these competitors afloat. The idea of giving another country’s companies support is never popular in Congress, but it is an affordable alternative. 

If we were to rank these ideas by cost and effectiveness, subsidizing European producers is best since they are already in the business. Subsidizing research to build secure networks out of untrustworthy components is relatively inexpensive (relative, because a serious effort to support European companies or U.S. research requires tens of millions of dollars). Subsidized research could also look at the UK model of creating a Cyber Security Evaluation Centre “ to mitigate any perceived risks arising from the involvement of Huawei in parts of the UK’s critical national infrastructure .” Informed sources in the United Kingdom say privately that the Centre is not a perfect solution, and research could suggest how and if it could be strengthened. Funding research has the benefit of supporting U.S. technology research and development, but this would not provide an immediate solution or guarantee that it would ever provide a solution.

In the meantime, China is spending heavily on quantum computing (which might provide an advantage in breaking hitherto-secure encryption), quantum communications satellites (which could defeat Western efforts at collection), artificial intelligence and data analytics (technologies crucial to future espionage), and all are supported by sales of telecom that could provide a global surveillance capability. China is poised to be the winner of the technological espionage game in the twenty-first century after spending a fraction of what the United States has spent in Afghanistan and Iraq. Through overconfidence or forgetfulness, the United States is making itself vulnerable to its main strategic competitor, and while the federal 5G plan was a bad idea, at least it was a plan and not wishful thinking. If China was not a strategic competitor, buying Chinese telecom equipment would pose little risk, and commercial partnership would serve both sides, but given the still-extensive (if often invisible) cyber espionage campaign by that country, we need another solution.

James Andrew Lewis is a senior vice president at the Center for Strategic and International Studies in Washington, D.C.

No comments: