The Lawfare Institute · www.lawfareblog.com
While there is widespread agreement that Huawei devices in 5G infrastructure pose some risk to the U.S. and allied nations, the policy community—in particular the U.K.’s National Cyber Security Centre—has paid insufficient attention to the technical aspects. The discussion must examine not simply whether China would use this technology maliciously, but the specific threats that Huawei equipment could pose and the extent to which these threats can be mitigated. This is especially important in the face of recent news that the U.K.’s National Security Council has okayed the use of Huawei technology for the country’s new 5G network.
The belief that this risk to the U.S.’s and its allies’ critical infrastructure could be mitigated on a technical level is belied by two major realities, both revealed by a close look at the technical dimensions of the issue. While one might argue that these realities are present in other technical arrangements, they are exacerbated in the 5G scenario. First, the risks are incalculable. Providing a third party with a foothold into a network introduces an entirely new array of risks. Any single risk has the potential to flow into other parts of the system in ways difficult to protect against, exponentially increasing exposure. Second, mitigation is impossible. With the rising complexity of technologies, validating security properties to any significant level in third-party systems has become untenable.