By Andreas Kuehn and Trisha Ray
This paper was originally published by the Australian National University as part of a series on the Quad Tech Network. In this paper, the authors argue that ‘Quad’ countries need to devise effective ways to jointly manage risk and strengthen resilience of 5G components, domestic and foreign networks and global supply chains. An excerpt is presented below, followed by a link to the full paper.
5G will be a game changer for the Indo-Pacific, which is home to the most rapidly growing digital economies in the world. The internet economy in Southeast Asia was valued at US$100 billion in 2019, growing at a compound annual growth rate of 33% between 2015-19. India’s digital economy alone contributed US$200 billion in economic value. Securing the ICT infrastructure, including 5G networks, that underpins these massive economic and social benefits is critical to economic and national security, especially against the backdrop of growing concerns over the exploitation of 5G vulnerabilities and supply chain dependencies by foreign powers. Yet countries in the region have adopted divergent stances on high-risk vendors, state- versus private-led 5G deployments, and global partnerships. They also vary greatly in their capability and capacity to manage emerging digital technologies and absorb the benefits of the digital transformation, as well as the degree of their economic and political closeness to China. There is a need to develop common frameworks for managing risks and fostering resilience.
In the past three years, there has been a growing global body of research on what constitutes ‘technical risk’ in the realm of 5G. The Quad countries – Australia, India, Japan, and the United States – have been proactive in identifying and acting upon risks to secure their 5G ecosystems at home and abroad. Security measures have ranged from soft bans to hard blocks implemented through a varying combination of public statements from political leadership, and statutory, regulatory, administrative, and technical measures. These include the US 5G Clean Network initiative under the Trump Administration; Australia’s two-pronged trust challenge – external, relating to vendors, as well as internal, relating to consumers reacting to misinformation; Japanese telcos building alliances and consortiums both amongst themselves and in the region; and India’s ambitious bid for self-sufficiency.
The Quad provides an ideal testbed for a shared 5G risk and resilience framework that can be expanded to the broader Indo-Pacific.
The ‘secure 5G deployment’ debate has been steered by concerns about technical security vulnerabilities that, when exploited by state or non-state actors, can put the confidentiality, integrity, and availability of communications networks at risk. In particular, the oligopolistic 5G market, in which Chinese companies hold a large share, has raised concerns among the US and its partners.
The Chinese government is perceived as being able to exercise undue influence to coerce Chinese equipment manufacturers under its 2017 National Intelligence Law to provide access to data held by their customers, including foreign network operators, and even shut down 5G networks. These concerns have been amplified by China’s ambitions to shape its preferred digital environment through the Digital Silk Road and emerge as a high-tech superpower by 2049, as well as its use of emerging technologies to maintain authoritarian rule with disregard for human rights. The 5G security debate has also come amidst growing US-China geopolitical and trade tensions that led to an increased focus on the susceptibility of technology supply chain dependencies. The COVID-19 pandemic further illustrated the perils of supply chain dependencies, which are susceptible to being weaponised for short-term economic and long-term strategic gains. Similar contentions could become salient as the 5G build-out advances globally.
Given the global nature of innovation, development, manufacturing, and assemblage of emerging digital technologies, the Quad countries cannot effectively manage these challenges individually. When operating globally, businesses and governments need secure, resilient communications channels to ensure mission success (for example, the need for a company to have protected confidential communications when operating abroad; the need for armed forces to have secure communications to “operate through” networks in contested red or grey areas).
A common framework can help Quad countries allocate efforts and resources. At the same time, such a framework must acknowledge that 5G risk assessments may be influenced by geopolitical and national interest considerations, and that Quad countries possess different capabilities and capacities to monitor and act upon risks. This paper therefore proposes a common risk and resilience framework that includes building the capabilities and resilience to improve recovery and business continuation of 5G networks and associated supply chains. It also provides a set of actionable recommendations to inform future 5G risk and resilience measures.
Please click here for the full paper.