Written Evidence to Parliamentary Consultation on Ensuring access to 'safe' technology: the UK's 5G infrastructure and national security inquiry

Paul, Greig (2019) Written Evidence to Parliamentary Consultation on Ensuring access to 'safe' technology: the UK's 5G infrastructure and national security inquiry. UK Parliament, London. (https://data.parliament.uk/writtenevidence/committ...)

[thumbnail of Paul-2019-Written-evidence-to-parliamentary-consultation-on-ensuring-access-to-safe-technology]
Preview
 Text. Filename: Paul_2019_Written_evidence_to_parliamentary_consultation_on_ensuring_access_to_safe_technology.pdf
Final Published Version
License: Open Parliament Licence v3.0
Download (139kB)| Preview

Abstract

Written evidence submitted by Dr Greig Paul (Lead Mobile Networks & Security Engineer on 5G RuralFirst), Electronic & Electric Engineering, University of Strathclyde, the executive summary of which is as follows:5G networks will see significant changes from 4G networks. While today we see only early stages of 5G adoption, we can see that these changes will impact security in network design.5G will increasingly bring “core” functions towards the edge (nearer the radios) of the network – the distinction of “core” and “non-core” is blurring already with new technology.In light of this, we must ensure our networks are designed with this in mind – our networks should be designed to be “intrinsically secure” without relying on equipment vendors.There is momentum behind 5G enabling “Industry 4.0” and associated increases in productivity, with businesses encouraged to take advantage of 5G. This means security issues in 5G networks will directly impact the economy, and NCSC may need to prepare for advising non-telecoms providers about security of private mobile networks.Some applications, such as connected vehicles, will require increased inter-connectivity between different telecoms networks at the edge of their networks (where core functions will move to), for low-latency safety-related communications. This is a change compared to the current approach, where networks only inter-connect at the core, and has security implications around vendor equipment and exposure of telecoms companies to the vendor selections of other telecoms operators.The O2 outage in late 2018 has highlighted the harm to the country by disruption to service, and the lack of resilience in place. There are legislative gaps around telecoms operators, compared with other utility operators. Telecoms networks should be considered as essential services, and regulated under NIS regulations. This has implications for other CNI, including energy utilities, which do not consider public mobile networks to have suitable power autonomy in the event of a “blackstart” incident.The risks of widespread outsourcing within the telecoms sector (and other utilities and infrastructure sectors), as well as “sell-and-lease-back” models, should be considered by the committee.Government policy around connectivity shows a move towards convergence of industrial/business focused networks and public 5G networks, as shown in the Rural Connected Communities competition, with a vision of new, smaller entrants into the telecoms market. As government policy envisages new entrants into this market, it is important to consider what the security implications will be, and how to support them.Key Recommendations:Telecoms operators should be designated as Operators of Essential Services under NIS, in light of their importance in day-to-day life and the economy, and exposed to the same penalties for disruption as other OES, ensuring investment in security and power resilience.Parliament should reduce the weight it places on distinction between “core” and “non-core” functions of networks – networks should be secure without relying on vendors. Inter-connection at the network edge for low-latency vehicular communications means vendor choices can impact on other network operators, and cause cascading security issues.Parliament should consider whether a culture of buying “cheapest” puts the UK’s national interests at risk, among telecoms companies. Operators, not government, should bear the costs of suitable security, as they enjoy the profits from operating these networks.

CORE (COnnecting REpositories)