This week, China Tech Threat Co-Founder Roslyn Layton was invited to participate in the U.S. Department of State Special Briefing on 5G security and the future of 5G in the European Union. Joining Dr. Layton was Deputy Assistant Secretary Robert Strayer, Cyber and International Affairs and Information Policy Bureau of Economic and Business Affairs. DAS Strayer and Dr. Layton spoke to, and answered questions from, international media listening in on the special briefing.
DAS Strayer in his remarks complimented NATO for highlighting of the importance of 5G in the London declaration, and also for its commitment to secure state 5G networks. He also discounted the notion that certifications for hardware protect networks from persisting threats, calling it “hubris” and saying “you need something more than a certification.”
Dr. Layton used the special briefing to draw attention to the importance of trans-national data flows, information privacy and the threat both nation states and consumers face from malign equipment. She stated that establishing oversight for hardware included in 5G infrastructure is paramount, as threat detection after installation is all but impossible. Dr. Layton also pointed to the importance of device security in 5G networks, noting that devices from companies like Lenovo, Hikvision and Lexmark introduce network security flaws that could prove detrimental to the security of telecommunications infrastructure.
Key quotes from Dr. Roslyn Layton, Co-Founder of China Tech Threat:
- It’s Not Just Huawei: “Now, I think it’s very important that we do need to address companies such as Huawei and ZTE. They are certainly not the only security problems posed by China and other countries. If you’ll note, the U.S. Vulnerability Database includes many commonplace items made in China which pose a security threat, such as Lenovo laptops, Lexmark printers, Hikvision cameras, and so forth. You’re all probably familiar with the TikTok app, which is sending geolocation data to China.”
- Replacing Huawei Can Cost Just $7 Per User: “So 70 to 80 percent of this equipment has to be replaced. Forty percent of that said equipment is made up by Huawei and ZTE. It’s a cost of about $3.5 billion to put in place. Now, if you take out that portion and you divide it by the number of mobile subscribers in the EU – 465 million people – it amounts to about $7 per person. That’s really a low amount, and the security is worth paying for.”
- China Is The Problem: “What I would only say from the empirical perspective is if you look at the severity or the incidence of the particular kinds of vulnerabilities, the hacks, the various incidents, that they overwhelmingly come from China, and China as well is posing fronts on so many levels. It’s not just mobile networks we’re worried about. There’s satellite networks, there’s fixed-line networks. And then, of course, on so many levels in terms of the types of equipment and devices and services.”
Key Quotes from DAS Strayer:
- HQ Location is Everything: “Those make clear that in addition to looking at technical security risks, you also need to address nontechnical factors like the legal and policy frameworks where suppliers are governed by in their home countries, countries where they are headquartered.”
- Detection is Difficult After Installation: ‘It’s also just simply impossible for any human to review tens of millions of lines of code to identify even one line that might be the cause of a disruption to the network or that would allow the unauthorized exfiltration of data.”
- Product Certifications Are Not Enough: “It is misleading and probably it’s hubris to think that you can use these certification processes to adequately protect yourself. You need something more than just a certification.”
The full text transcript can be found here.