The session also heard the opinions of several academics. Professor Rahim Tafazolli, director of the 5G Innovation Centre at the University of Surrey, made a key observation that, while 5G will require new Radio Access Networks (RANs), it will be using the same “core” networks as 4G – which means it will have the same vulnerabilities as 4G for the foreseeable future.
Tafazolli recently authored an article called “5G is more secure than 4G,” and said the new standard offered better authentication by design. At the same time, he noted that for the foreseeable future 5G will use a model called “non-standalone” – meaning it will be riding on the coattails of 4G, with all of the benefits and drawbacks of current generation tech.
Gather round, friends. Listen close. It's time to list the five biggest lies about 5GREAD MORE
Next, the conversation turned to the basic feasibility of "excluding" certain vendors from "core" networks. Professor Alf Zugenmaier, from the Munich University of Applied Sciences in Germany, said this was more difficult than it seems due to network functions virtualized.
“What we are now seeing is a shift from boxes that you unpack, and you plug in cables and put them somewhere, to virtual network functions that run on hardware, that are sold decoupled from the function itself," said the boffin. "Now you have the question: where do you want to exclude your manufacturers from?”
When asked whether the UK government should be able to require network operators to exclude certain vendors from core networks, Prof Tafazolli said: “Vendors sell equipment – hardware and software. Most of responsibility is on the shoulders of the network operators. Network operators, especially in the UK – the four operators we have – most of them have more than 30 years of operating networks. They know how to manage security.”
“So we just leave it to the networks to determine our national security?” Lamb asked.
“I believe so,” was the reply from Prof Tafazolli.
When faced with a similar argument, Prof Zugenmaier replied with a question: why would you only exclude vendors suspected of wrongdoing from the 5G core, and not other places as well? All the communications are becoming IP-based, anyway.
There was also a question on excluding manufacturers on the basis of geographic origin. “Doesn’t matter who’s the vendor – most of the equipment comes from China, on the hardware side,” Prof Tafazolli said. “The supply chain comes from China, India, countries where human resources are not that expensive. It’s a global business – it is not like Vendor A only makes products in their own country." ®