Vertical Divider
32 Countries Align Against China Possible 5G Security Threat
May 20, 2019 A meeting of security officials and experts from 32 countries was held in Prague to form a comprehensive plan for 5G cybersecurity. According to the Chinese press, the guidelines, which are non-binding, did not include representatives from Russia, China, or Huawei itself in their formation, and are thought to encourage countries to develop standards that would be unable to be met by Huawei, although the company was not specifically mentioned or banned from bidding for customers. Under current Chinese law, Mainland companies are required to cooperate with intelligence gathering operations, which includes searching premises, seizing property, and (this is a key), ‘mobilizing individuals and organizations to assist in such intelligence gathering, when legally required. What makes the most recent (06/2017) Chinese National Intelligence Law most difficult is its vague notions about how and when individuals and companies must cooperate, giving wide ranging power to the government for counter-espionage and delving into corporate records of many types, but the framework for what determines whether the ‘National Security’ is being threatened is also vague. |
|
Contrasted to US law, particularly the 12/87 Executive Order 12333, the Chinese rules regarding national security are vaguer, but US rules also give extraordinary powers to US government national security operations when the President decides there is a need for information concerning foreign defense or economic policies. While the US law corpus is more specific as to the need for data gathering (covert or open) to be done under ‘applicable law’, there is still an open door for requests by the government for almost any security related information if it can be considered something that might affect national security. The US enforcement of such laws is more complex than in China, but the motivation is also quite broad, and while such data gathering, for whatever reason, is protected by individual rights under the constitution, it is far less so in China.
The possibility exists that the Chinese government could force an individual or company to assist in an investigation of a national security issue, either by presenting information or by allowing access to equipment, whereas in the US a court order (in most cases) would be required and even then, would be limited to specific needs. Whether Huawei or other Chinese companies have in the past given such access to the Chinese government and have they built their equipment to allow such potential monitoring (backdoor) is being used by the US to limit access to Huawei products. However, there are many countries, some of whom are on the list of participants in the Prague Proposal below that are also quite vague as to the circumstances around national security investigations and have not been restricted by the US.
The Prague Proposal will likely designate China as a security threat, despite the fact that the proposal just encourages each country to develop their own cybersecurity plans when dealing with 5G. Here are the key points in the Prague Proposal:
Table 1: Countries Participating in the Prague Plan for Cyber Security
The possibility exists that the Chinese government could force an individual or company to assist in an investigation of a national security issue, either by presenting information or by allowing access to equipment, whereas in the US a court order (in most cases) would be required and even then, would be limited to specific needs. Whether Huawei or other Chinese companies have in the past given such access to the Chinese government and have they built their equipment to allow such potential monitoring (backdoor) is being used by the US to limit access to Huawei products. However, there are many countries, some of whom are on the list of participants in the Prague Proposal below that are also quite vague as to the circumstances around national security investigations and have not been restricted by the US.
The Prague Proposal will likely designate China as a security threat, despite the fact that the proposal just encourages each country to develop their own cybersecurity plans when dealing with 5G. Here are the key points in the Prague Proposal:
- The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security, or similar arrangements, such as adequacy decisions, as regards data protection, or whether this country is a party to multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection.
- Customer – whether the government, operator, or manufacturer -- must be able to be informed about the origin and pedigree of components and software that affect the security level of the product or service, according to state of art and relevant commercial and technical practices, including transparency of maintenance, updates, and remediation of the products and services.
- State-sponsored incentives, subsidies, or financing of 5G communication networks and service providers should respect principles of fairness, be commercially reasonable, conducted openly and transparently, based on open market competitive principles, while taking into account trade obligations.
- Communication networks and network service providers should have transparent ownership, partnerships, and corporate governance structures.
- Security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards, and industry best practices to promote a vibrant and robust cyber security supply of products and services to deal with the rising challenges.
Table 1: Countries Participating in the Prague Plan for Cyber Security
Contact Us
|
Barry Young
|