Risks posed by Chinese bogeyman 'manageable'

By John Oates
29 Jul 2019 at 14:42

Germany's data protection and security regulator is not too stressed about the supposed threat of using Huawei equipment in 5G networks.

Arne Schönbohm, head of Germany's Federal Office for Information Security, told Der Spiegel the risks posed by the Chinese outfit are manageable and that a next-generation mobile network made up of equipment from a variety of vendors would be safer.

"There are essentially two fears: First, espionage – i.e. that data will be siphoned off involuntarily. But we can counter that with improved encryption. The second is sabotage – i.e. manipulating networks remotely or even shutting them down. We can also minimise this risk by not relying exclusively on one supplier in critical areas. By possibly excluding them from the market, we also increase pressure on these suppliers."

Schönbohm said that if a 5G network were to be used for medical services and self-driving cars, it would need to be more secure than today's mobile networks. That means reviewing and certifying hardware and software for security and banning kit that fails the test.

He said it would be helpful to analyse source code for some products to check for hidden functions, as GCHQ offshot NCSC does in the UK via the Huawei Cyber Security Evaluation Centre. Some of Huawei software coding was described by HCSEC as "piss poor" but no backdoors have been found.

Pushed on differences between US and UK approaches, he said: "We're in close contact with our American and English colleagues, and there are different risk assessments. I think that's legitimate."

The British government last week again deferred its decision on whether to ban Huawei hardware from 5G networks in the UK, a decision that was initially expected with the Telecom Supply Chain review in March.

Schönbohm was asked if he had seen hard evidence of Huawei spying, and in response said: "Let me put it this way: if we saw uncontrollable risks, we would not have adopted our approach."

On wider tech security threats, Schönbohm said ransomware attacks were becoming more widespread and professional, often using several types of Trojan.

With this in mind, the German regulator is taking on 350 additional staff this year. ®

https://www.theregister.co.uk/2019/07/29/germany_dont_panic_on_huawei/

The debate over installing 5G is over, and all countries will do it the same way. Two important points in the article, the obvious, which meant the US government attacks against Huawei was bullshat all along. When the new networks are set up this way, the US signal intelligence will find their jobs very much harder to do.

1. All transmission, voice or data, over 5G networks are encrypted. That should be part of the 5G standards.

2. The network will have what they call redundancy, that is if some part for whatever reasons goes down there is another path for the network to operate. To have redundancy in your network, use more than one gear vendor.