Through the 5G networks, whose deployment is being promoted by the large telecommunications operators in Spain, a very significant volume of personal data (banking, intimate images, etc…) already circulates, the security of which is a real headache for governments, telcos and citizens because the low latency of this new technology and other benefits will multiply this traffic.
The director of the Master in Cybersecurity at ESIC Luis Ríos points out that, despite the fact that “there have been fewer cases of vulnerability in 5G networks, no one is safe from a possible attack” and warns against the possibility of “back doors” , which allow fraudulent access to our documents. For his part, the partner responsible for Telecommunications at KPMG in Spain, Javier Arenzana, adds one more element of concern: “The new use cases” that these networks will support, due to that low latency and other properties.
“They will be critical use cases for the operation of production lines, industrial safety, transport…”, points out the consultant, who sees it as “essential” to ensure that there are no system crashes.
In any case, Ríos (ESIC) highlights that citizens “are sovereign of our information”, and demands to apply this premise “to all elements of value and manufacturers”. Precisely here is the crux: how to guarantee the privacy of our data in this new technology and, above all, which would be the appropriate (or safe) network equipment providers for it.
In the race for the manufacture and sale of 5G infrastructure, Huawei, ZTE (China), Ericsson (Sweden) and Nokia (Finland) stand out, although Arenzana (KPMG Spain), extends the list to Samsung, Airspan, Mavenir, and Commscope. “And if we go to 5G virtual private networks, the number of alternative providers becomes even larger: VMware, Microsoft, Dell…”, he adds.
For all these companies, especially for Huawei, Ericsoon, ZTE and Nokia, the moment of truth arrives in Spain. In approximately one month, according to Royal Decree-Law 7/2022 of March 29 on cybersecurity in 5G networks, it will be known whether Spain classifies some of the providers cited as ‘medium or high risk’. The companies included must send, within half a year, their risk report together with their solutions. In parallel, in September, the telecommunications operators must have their own reports prepared.
If there is a company that has been at the center of this debate, it is Huawei, due to its Chinese origin – its headquarters are in Shenzhen – and the theories about links with the intelligence services of the Asian giant. The technology company, which in 2021 had a turnover of more than 93,000 million euros (about 100,000 million dollars) and has 197,000 employees spread over more than 170 countries (about 900 workers in Spain alone), brought together a group of Spanish journalists last week in its Center for Cybersecurity and Transparency based in Brussels (Belgium) that it opened in 2019, to publicize its cybersecurity policies (there are similar facilities in Rome, Bonn, Toronto, Dubai Shenzhen…). “We believe that security services are not just a technical issue,” Huawei CSO (Cyber Security Director) for Western Europe Bob Xie said at his welcome.
The first thing that draws attention to the Chinese manufacturer’s cybersecurity policies is that, in this area alone, it employs 2,600 people worldwide. In Spain, it has a team of 12 employees dedicated to this area, headed by the director of Cybersecurity or CSO of Huawei Spain Gonzalo Erro. For the management of all these operations, a structure of its own has been organized worldwide, led by the head of cybersecurity of the Chinese multinational, John Suffolk. This senior executive reports directly to Huawei CEO Ren Zhengfei. Cybersecurity and transparency centers such as the one in Brussels and the ‘jewel in the crown’ also depend on Suffolk: the ‘Independent Cyber Security Laboratory’, in which 200 people work, and which is located entirely in Shenzhen (China). In these facilities, all the products and solutions it manufactures are tested, undergoing an internal analysis consisting of 42 points or items (traceability, reaction to emergency situations…).
In parallel, Huawei also subjects its technology to external audits. While waiting for the European certification scheme to come into force in 2024, according to European regulations, the NESAS certification is applied, promoted by the GSMA sector employers (the organizer of the Mobile World Congress in Barcelona).