Canada distant on 5G security guidelines issued from international meeting

The rule of law and the security environment in the country where telecommunications equipment is made are factors nations can consider when deciding whether to allow the purchase of 5G wireless network gear from a vendor, according to a summary of discussions at an international closed-door meeting.

It’s one of 20 proposals issued Friday by the meeting chair as a summary after a two-day private meeting of government officials and experts from 32 countries — including Canada, the U.S., the European Union, Japan and Israel — at the Prague 5G Security Conference.

In a lengthy but carefully-worded statement, the unnamed meeting chair only recognized the “existence of the following perspectives.”

One of them was that “security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards, and industry best practices to promote a vibrant and robust cyber security supply of products and services to deal with the rising challenges,” says one of the proposals.

It follows a ruling issued in March issued by the European Union, which said, “Member States have the right to exclude companies from their markets for national security reasons, if they do not comply with the country’s standards and legal framework.”  EU countries have to agree by Dec. 31 on a set of mitigating measures that can be used for wireless network security.

Another proposal is that “every country is free, in accordance with international law, to set its own national security and law enforcement requirements, which should respect privacy and adhere to laws protecting information from improper collection and misuse.”

“The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of co-operation agreements on security, or similar arrangements, such as adequacy decisions, as regards data protection, or whether this country is a party to multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection.”

The non-binding Prague recommendations were made to help countries decide how to proceed safely with the introduction of super-fast 5G networks. As the preamble to the final statement says, “high-speed low-latency technology is expected to allow for a true digital evolution, stimulating growth, innovation and well-being. Automatization of everyday activities and the use of the internet of things in its full potential will be made possible. These developments, however, invoke major risks to important public interests and have national security implications.”

Canada participated as an observer, according to Scott Bardsley, manager of media and communications for Public Safety Minister Ralph Goodale. It was represented by an official from Global Affairs Canada and from the Communications Security Establishment (CSE), the government’s electronic security agency.

But Bardsley noted the final document wasn’t the product of a unanimous or even a majority vote. “The chair’s summary is not a consensus document and, as such, does not necessarily represent the official position of the Government of Canada,” Bardsley said in an email.

“While we cannot comment on specific companies, Canada’s examination of emerging 5G technology and the associated security and economic considerations is underway. We will ensure that our networks are kept safe for Canadians.”

Canadian telecom industry analyst Mark Goldberg said the Prague proposals “are an interesting statement based on what appears to be sound principles that could be considered beyond the realm of just 5G; many could be applied equally to the internet of things, as we begin to understand the security considerations when connecting devices that may not have been designed to operate in an open network environment.

“The challenge for many assessments is to develop policies and principles that are rooted in objective measures, separated and devoid of political considerations. The Prague Proposals represent an important contribution to the kinds of considerations underway in Canada as carriers continue investing in the next generation of network evolution.”

Christian Leuprecht, a security and defence expert at the Macdonald Laurier Institute and a professor at Queen’s University, said most of the proposals are  “anodyne.” (Meaning they are inoffensive).

One way to interpret recommendations that the “security environment” and “vendor malfeasance” should be considerations is they are a win for the United States, which has been pressing its European and NATO allies to not buy 5G equipment from Chinese manufacturer Huawei Technologies or any other “untrustworthy” vendor. After the recommendations were released the White House called the Prague session “an extremely productive meeting.”

“The United States supports the resulting Prague Proposals on 5G security published by the Czech conference chairman as a set of recommendations for nations to consider as they design, construct, and administer their 5G infrastructure,” the statement said. “The United States Government plans to use the Prague Proposals as a guide to ensure our shared prosperity and security.”

On the other hand the recommendations could be seen as victory participating nations who want a free hand in choosing 5G vendors.

Not at the meeting

Russia, China and Huawei weren’t invited to the meeting.

The meeting was held amid worries in some countries that Huawei is so close to the Chinese government that its equipment shouldn’t be allowed into 5G networks. The U.K. and Canada have labs that look at the security of Huawei’s 4G telecom equipment. Australia has already issued a 5G ban on Huawei and ZTE and the U.S. has all but done the same. Washington has warned its allies in the Five Eyes intelligence sharing group (which includes Australia, Canada, the U.K. and New Zealand) that it will have to reconsider what intelligence it shares over its secure networks if Huawei 5G gear is in the network of any group member.

Canada has been evaluating its position for some time, with the government suggesting a decision will be made before the October federal election. However, that decision has been complicated by the detention by China of two Canadians after Canada detained Huawei’s chief financial officer at the request of the U.S., which wants to extradite her to faces changes that Huawei evaded a ban on telecom sales to Iran.

The U.S. warnings about Huawei apparently hasn’t swayed the U.K. According to news reports Britain’s National Security Council has decided — in what some are calling a compromise — that carriers there can buy Huawei 5G switches and routers for non-core parts of their cellular networks, but not for the network core. That’s where much of the processing of data takes place. That decision hasn’t been made public, but last week Prime Minister Theresa May fired her defence minister for allegedly leaking it to the press.

However, Reuters quoted the U.S. responding to the leak by saying it sees no difference between non-core and core parts of a wireless network.

Among the 20 proposals in the Prague meeting summary:

  • All stakeholders including industry should work together to promote security and resilience of national critical infrastructure networks, systems, and connected devices;
  • Sharing experience and best practices, including assistance, as appropriate, with mitigation, investigation, response, and recovery from network attacks, compromises, or disruptions should be promoted;
  • Risk management framework in a manner that respects data protection principles to ensure privacy of citizens using network equipment and services should be implemented;
  • Risk assessments of supplier’s products should take into account all relevant factors, including applicable legal environment and other aspects of supplier’s ecosystem, as these factors may be relevant to stakeholders’ efforts to maintain the highest possible level of cyber security.
  • State-sponsored incentives, subsidies, or financing of 5G communication networks and service providers should respect principles of fairness, be commercially reasonable, conducted openly and transparently, based on open market competitive principles, while taking into account trade obligations;
  • Customer – whether the government, operator, or manufacturer — must be able to be informed about the origin and pedigree of components and software that affect the security level of the product or service, according to state of art and relevant commercial and technical practices, including transparency of maintenance, updates, and remediation of the products and services.

(This story has been updated from the original to include comment from Christian Leuprecht)

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now