During a telephonic press briefing yesterday about the EU’s coordinated risk assessment report that came out on October 9th, Robert Strayer, the Deputy Assistant Secretary for Cyber and International Communications and Information Policy at the State Department’s Bureau of Economic and Business Affairs also mentioned the memorandum of understanding signed between the United States and Romanian regarding the 5G technology.
Asked by a Romanian journalist to comment the memorandum that has so far not been implemented, and the government and companies that say that 5G will be implemented in Romania in 2020, Strayer said: “We’re very excited for the potential of working with Romania under the terms of this memorandum of understanding to make sure that Romania telecom operators and Romanian citizens get the full benefits of 5G technology.”
The US expert also pointed out there are three important principles related to trusted vendors in that MOU. “Importantly, looking at the legal system where the vendor is headquartered, looking at the transparency of ownership, and the past history of practices of the company that’s seeking to be the vendor for 5G technology. So we think that that is the important factors of trust to ensure that the software and firmware does not have compromises injected by a foreign government, and those are – need to be complementary to any other security measures or testing that’s going to be put in place in countries like Romania.”
Speaking of the EU’s coordinated risk assessment report as a whole, Strayer that “there’s going to be more and more computing moving from what has been traditionally called the core of the network to the edge, and that movement to the edge is necessary to empower low latency and higher levels of computing related to the massive new quantities of data that will be generated on 5G networks.”
He warned that lawful intercept functions, which are the ability for law enforcement to have access to conversations, are a particular area of potential vulnerability because if they are not properly managed, they could be misused for malicious actions.
“That means that at the edge, the very edge where the base stations are, the towers are for cell networks, there – that’s where lawful intercept can happen or does happen in networks. So we really will see in 5G software driving those capabilities at the edge, and a vendor who undertakes malicious software updates or compromises that software could have access to conversations occurring at the edge of the networks.
What’s also very important about this report is it notes that we’re not just talking about the confidentiality or the protection from espionage of users’ communications, but we need to protect for the availability and integrity of the data. And the availability is so important because 5G networks will underpin all sorts of future critical infrastructure, as the report notes, related to healthcare, transportation, as well as the supply of electricity and water.
So one adversary that can undermine the integrity of the network or the availability of the network could well cause those critical infrastructure of the future that relies on 5G to be disrupted and the citizen services that are being supplied by it to be disrupted as well.'”