Published by The Lawfare Institute
in Cooperation With
The global coronavirus crisis has increased concerns within some quarters of the U.S. government about America’s supply-chain dependence on China. The Trump administration recently unveiled a national 5G strategy that outlines that the U.S. government will secure 5G infrastructure domestically and abroad, working with “like-minded” partners to address concerns about “high-risk” vendors. Meanwhile in Congress, Sens. Tom Cotton and Mike Gallagher have introduced the “Protecting our Pharmaceutical Supply Chain from China Act,” aiming to promote U.S. manufacturing and reshoring of key technologies in health care. Even after the pandemic ends, these concerns could further inflame already heightened policy tensions between the two countries in areas like 5G telecommunications deployment.
The supply-chain issue was already a contentious topic between the U.S. and its key allies before the outbreak of COVID-19, the respiratory disease caused by the novel coronavirus. Along with President Trump, both Democrats and Republicans in Congress have argued that Huawei’s products could pose a security threat due to the extensive powers of the Chinese government to compel Huawei’s collaboration. Within Europe, however, that is not the main point of contention. Europe takes a strong risk-based approach, differentiating certain parts of the network through rigorous risk assessment and protecting the network’s sensitive core. As a result, European carriers and governments are, on the whole, working hard to figure out how best to reconcile market conditions and the EU’s ambitions for implementing 5G with Washington’s perspective on supply-chain security.
I’ve traveled to Washington multiple times over the past 18 months to address U.S. concerns about the presence of Chinese vendors in European networks. Given differences in both market conditions and architecture of communications networks between Europe and the United States, there is a need to clarify the situation of European operators.
For example, Europe has not made a Faustian bargain with Huawei on 5G. The decision to continue to utilize Huawei has not been due to expediency or cost-efficiency but is, instead, born out of practicality, given Europe’s past use of Huawei, the lack of options when it comes to vendors, and the prevailing market environment.
Europe’s starting point is fundamentally different from that of the United States. Unlike the United States, which has not previously integrated Huawei into its main networks, European carriers long ago installed Huawei products throughout 3G and 4G networks. In the U.S., Huawei products are found only in some small, rural networks. Hence, Europe’s telecom infrastructure is like a sandwich: 5G in Europe is deployed as an add-on to the existing 4G networks. Removing Huawei from 5G means removing it from 4G and so forth. This would cost huge sums and take many years to accomplish.
The Trump administration’s demand that Europe exclude Huawei from new 5G infrastructure is nearly impossible for European carriers to meet. Any rapid, comprehensive effort to swap out Huawei products would jeopardize and degrade existing mobile connectivity and services for European citizens, and reduce the resilience of critical national infrastructures.
Here is where COVID-19 hits a nerve for Europe: While Washington’s conclusion may be to de-risk supply-chain exposure to China, European policymakers might demur from degrading or limiting the functionality of advanced telecom networks, which, for the moment, are the very lifeline of tens of millions in lockdown across the continent. As data consumption has increased drastically across Europe, telecoms have made huge efforts to increase capacity and keep society connected. Revamping the EU 5G network also would cost billions of euros for taxpayers—money that, after COVID-19, will be devoted to urgent health care expenditures.
Lastly, ripping out Huawei from existing networks would force operators to postpone any meaningful 5G deployment in Europe for two to five years and to reduce investments in rural deployment. In contrast, after COVID-19, smart policymakers will want to accelerate, not decelerate, 5G deployment, so as to be better prepared should the virus make a return later and usher a renewed surge in data consumption, as is currently the case with more people working from home during the lockdown.
The Alternative to an Impossible Ban
The Trump administration’s insistence that friendly governments implement measures that match the U.S. stance on Huawei like for like was always going to be difficult—bordering on the impossible—to implement. After COVID-19, it will grow even harder to sell. Such a plan would impose an unacceptable financial, economic and social calculus on Europeans who will already be financially squeezed, economically weakened and exhausted from weathering the crisis.
Looking forward to whenever the pandemic ends, what then must be done to marry the U.S. position with the realities facing European governments and operators?
First, any refreshed strategy must be collaborative, driven by longer term strategic alignment as opposed to short-term tactical differences, and account for the constraints felt by European governments and carriers. Perhaps the most important cornerstone of this trans-Atlantic alignment must be the notion of a risk-based approach.
Not all parts of the networks are equally sensitive in the function they perform and the data they hold or process. If the U.S. can accept the basic premise that only suppliers from Western countries should be in the core of the network, which is also the most sensitive component, agreement will be possible. For the other part of the network, the so-called radio access network—the “dumb” part, which doesn’t contain sensitive data—the solution must lie in raising the security standards and evaluations for the equipment that operators put into the network, whoever the supplier. This is in line with U.S. efforts advocating for minimum security standards for the “internet of things,” for example. If a company fails to meet these standards, the U.S. and Europe could preclude those products from being used.
Second, international like-minded stakeholders need to focus on cultivating more vendors of network equipment. The low number of current vendors is, in itself, a source of vulnerability and lies at the heart of the concerns over resilience of critical national infrastructure. To address the lack of global supplier diversity, international leadership should coordinate to promote a new ecosystem of niche suppliers based in allied countries, which could supplement the large vendors—especially for radio equipment and software.
Open Radio Access Networks (OpenRAN), a new approach in building out networks, represents the most promising route by which to achieve this over the next few years. It is already in pilot stage in the U.K., Ireland and the U.S., as well as a few other countries. At present, vendors consolidate their market share by combining (“bundling”) hardware and software in their contracts. This makes it difficult for new entrants to build the scale and expertise necessary to compete in the market. The OpenRAN approach seeks to solve this problem by separating hardware from software, thus allowing more players into the ecosystem—good news for U.S. industry, given its impressive software expertise and leadership. The existing vendors may have less incentive in the short term to move away from bundled software-hardware solutions and open up the market to new specialized players. But diversifying the vendor base through OpenRAN is essential in delivering greater competition and fostering a cohort of new international vendors who could become leaders in this space, if and when they join. With support from both the U.S. and the largest operators, this technological evolution is already on its way.
Creating Healthy Market Conditions
Finally, the U.S. and Europe must do more to curate market conditions well in advance to preempt future overdependence on any one vendor. There is a European solution to this, too. The poor economic situation of European vendors is linked intrinsically to the equally poor situation of European operators, which is why 5G is being rolled out more slowly in Europe than it is in China and the U.S.
Greater emphasis on security and standards must be backed up with economic telecom policies and regulatory incentives that put a premium on quality and prioritize investments. This has not been the thrust of most previous European policies, which have focused instead on cost to the consumer as the primary driver. As a consequence, the European telecom sector has faced falling revenues and has been the worst performing sector in the region for the past three consecutive years, with a return on investment below the cost of capital. This is not a situation conducive for investments, let alone investment in quality and security. To turn this around, European governments should—in return for investments in security and gradually more robust security requirements—be open to reducing license and spectrum fees and auction expenditures by operators (as in China) as well as moving to perpetual licenses (as in the U.S.). Additionally, governments could significantly ease infrastructure deployment and reduce its costs.
In the end, a blanket ban on Huawei may solve short-term challenges in security for the United States, but such an approach is completely unworkable in Europe. The continent’s unique market conditions foreclose the possibility of a multibillion-dollar, taxpayer-funded rip-and-replace project. Financing aside, this effort would take many years to implement. And, after COVID-19, this scenario should be unacceptable. It would cause untold disruption to the very infrastructure that is underpinning society and holding up the global economy at this critical moment.
The hyperfocus on a single vendor has left little room in the policy debate for considering how to expand and diversify the supply of global vendors for the resilience of global connectivity. Yet this diversification is at the very heart of the debate around—and the solution to—achieving long-term 5G security.