We are currently witnessing the rollout of the fifth generation of mobile telecommunication networks (5G), which will constitute the backbone of the Internet of Things (IoT), machine-to-machine communication, big data analysis and artificial intelligence (AI) in the coming Industry 4.0. The way in which these networks are built, and by whom, has become a hotly debated issue in Western countries. The debates surrounding the integration of 5G networks is furthermore intensified due to the fact that only a handful of international suppliers are able to provide the required infrastructure implementation services.
Introduction
We are currently witnessing the rollout of the fifth generation of mobile telecommunication networks (5G). The previous network generations offered utility for the consumer through better speech quality, coverage and download speed. With these improvements, the new generations of mobile networks provided the basis for significant changes in the way we communicate, shop and consume media. While 5G networks will be much faster than 4G (LTE), the expected change for our societies will not be reflected in the way these networks support our smartphones, but in their functioning as the backbone of the Internet of Things (IoT), machine-to-machine communication, big data analysis and artificial intelligence (AI) in the coming Industry 4.0. In just a few years from now, a lot of our welfare and security will rely on the safe and secure functioning of these networks. It is for this reason that the way in which we build these networks has become such a hotly debated issue in almost all Western countries. At the center of this debate is the question as to how deep understanding and control of network operators and government authorities over the inner functioning of these networks needs to be. This concern is intensified due to the fact that only a limited number of international suppliers actually provide 5G infrastructure implementation services– neither of them German nor Israeli.
Thus, the story of the implementation of 5G communication infrastructure in Israel and Germany should be told as a tale of two overlapping and intertwining narratives. Firstly, the story of how modern democratic governments advance vital national critical infrastructures, striving to assert their sovereignty while relying on foreign private companies. Secondly, the story of the international great power competition for emerging technologies between the US and China that marked 5G infrastructure supplier selection, as a political choice rather than merely an expression of economic and technological preference.
The market for 5G technology necessary for building such networks is an oligopoly with roughly five suppliers. Two of them (Ericsson and Nokia) are from Scandinavia, and two from China (Huawei and ZTE) and Samsung (Rep. of Korea). These companies are system providers that offer everything from the antenna to the core network, including the software. The mobile network operator (MNO) must choose from which of these companies to procure the technology. At the beginning of the 5G era it looked like the Chinese contender Huawei would come out as the big winner in this competition. This company offers a functioning technology at a price that is often low, including the option of network management.
However, just as Huawei was poised to win many contracts from MNOs in Europe and elsewhere, the systemic rivalry between the United States and China became more apparent to Western governments. At the same time, a number of major cyber-attacks in the West were attributed to China. Some of these attacks were made possible with the help of loopholes in Chinese technology. China also became more aggressive politically, for example by expanding its territorial claim in the South China Sea and by suppressing human rights within China and in Hong Kong.
One should note a few pivotal characteristics unique to 5G that stress the power that these foreign infrastructure suppliers will have:
1) The shift towards "network virtualization," defined as a network that combines software and hardware resources under one software-based administrative entity. This means that the main responsibility for network and data security may even transfer from the MNO to the system administrator, which will now manage much bigger portions of the network.
2) For the same reason, there will also be a shift in the responsibility for data security to the manufactures or the operators of the end devices that will be connected to the Internet. This will require the producers of end devices to integrate new security standards.
3) The decrease in differentiation and delineation between official (and even security and military forces) networks and civilian commercial networks. Thus, the ability of law enforcement agencies and military to use 5G for the purpose of collecting intelligence and transferring sensitive data, will be dependent on the purchase of "5G network slicing," meaning they will purchase from the local MNO an independent logical network on the same physical network infrastructure.
The US, faced with this technical reality and with no alternative American 5G infrastructure supplier, has shaped its security policy accordingly, prohibiting government agencies from using specific telecommunications technologies , and later, setting security certification for private companies that provide services to the US Department of Defense (i.e., the “Cybersecurity Maturity Model Certification (CMMC)” 2020). These were followed by the "IoT Cybersecurity Improvement Act," demanding the enhancement of security standards for all devices connected to the Internet (IoT). Acknowledging the potential dependency on foreign advanced ICT infrastructures given the US’s failure to attain self-sufficiency vis-à-vis the new 5G communication capabilities as a critical technology, the administration highlighted the threat posed by Chinese control of 5G infrastructure. In 2020 it amended the Federal Acquisition Regulations (FAR) to prohibit executive agencies from incorporating Chinese telecommunication technologies, and initiated the "Clean Network" initiative as a foreign policy support effort to convince key allies (such as Germany and Israel) to also refrain from incorporating Chinese 5G technology.
In a liberal market economy, one must differentiate between the state and a privately owned company. While the former makes its own rules, the latter can act according to its self-interest and is just answerable to a known set of legal standards. If a trade partner feels that it has been treated unfairly and the other partner is not acting according to the terms of a contract, it can go to court and sue its business partner. The rule of law acts as a safety net when trust and the goodwill of a trading partner is (ostensibly) violated. According to the rule of law index, Scandinavian countries are the benchmark for the rule of law. This is in contrast to China, where the dealing with dissidents is a hallmark for the opposite and where the institutional barriers between a private company and the state are more fluid. Any assurance by a company such as Huawei that it will not bow to pressure from the Chinese state to allow its technology to be used to harm its (Western) clients must be regarded with great suspicion. That this suspicion is not baseless was lately revealed when the Washington Post published a set of presentations in which Huawei offered services for voice recording and analysis, detention center monitoring, location tracking, and Xixiang surveillance.
MNOs will not prioritize security when procuring 5G technology. The costs of network interruptions at critical moments or the loss of sensitive data are not theirs to bear. In many cases these costs are borne by their customers or the taxpayers. In economic terms, they are negative external costs which the MNOs ignore in their procurement decisions and regarding which their clients have no say.[1] Such externalities call for government regulation, but governments must consider the greater picture and that includes industry interests beyond telecommunication and the possible retaliation of the Chinese state. In the following we will show how the governments of Germany and Israel have dealt with this issue.
The German Case
4G mobile networks in Germany are dominated by the technology of untrusted providers. In particular, Huawei’s hardware and software are widely used by all three MNOs (Deutsche Telekom, Vodafone, O2/Telefonica). All three have successfully bid for 5G frequencies and have already begun offering 5G services through upgraded 4G networks. A fourth company, 1&1, which until now has offered telecommunication services only by renting network capacity from the incumbent MNOs will enter the market as an independent 5G MNO.
For the new 5G networks, all four providers originally planned to use untrusted technology from China, even for the most sensitive core networks. Some even considered outsourcing the network management to Huawei. When these ideas became public and the debate over network security became more prominent on the political agenda in 2019/20, all potential 5G MNOs changed course and announced that they would only rely on trusted technology in the core of their network and would build their own capacity for the management of the network themselves. While newcomer, 1&1, has announced that its network will be built following the Open-RAN principles, thereby breaking free of the oligopoly of the system technology providers. It is currently unclear if the legacy MNOs still consider to use Huawei’s radio access network (RAN) technology.
The mood shift of the MNOs was triggered by Germany’s IT-Security Law 2.0 (IT-SiG 2.0), which passed in the Bundestag after a particularly controversial and time-consuming debate within the then ruling conservative CDU/CSU party group. The law came into effect only in May 2021, two years after the MNOs placed their bids for the 5G frequencies. The core of the public and political debate was the balancing of opposing or at least differing interests. On the one side were those who favored a cautious security-oriented approach that took no chances that might enable the Chinese state a possible entry point for all kinds of sensitive data of German citizens and businesses. On the opposing side was the export-dependent business community for which China is the most important trading partner.
In the policy-making process of the IT-SiG 2.0, the Chinese government made credible threats to retaliate by harming German business interests if Chinese companies were excluded from participating in the building of the next generation mobile networks. The resolution of this balancing act was ultimately an institutionalized decision-making process with an inter-ministerial evaluation of providers and components.
The law requires a critical infrastructure provider, such as an MNO, to notify the Ministry of the Interior (BMI) of the use of a critical component in its network. The BMI can prohibit the use of the component after a consulting process if it views the component as potentially endangering the public order or security of Germany. The criteria for this are:
- the vendor is controlled by the government or military of its home country,
- the vendor has already acted against the security interests of Germany, the EU, or NATO,
- the use of the component is not in line with the security policy goals of Germany, the EU, or NATO.
Also, the vendor has to provide a declaration guarantee ensuring that its components are not being used for sabotage, espionage and terrorism and have no negative impact on the confidentiality, integrity and availability of the network.
While the IT-SiG 2.0 falls short of banning Chinese companies from 5G networks in Germany, all the provisions in the law make it hard to believe that an MNO would at this point procure critical 5G components from Chinese vendors, particularly since the IT-SiG 2.0 also allows the BMI to revoke the permission to use the critical component of a vendor that turned out to be untrustworthy.
In earlier draft versions of the law, the participation of additional ministries besides the BMI, such as the Foreign Office and the Ministry of Economics played a bigger role. The fact that according to the law’s final form, the BMI ultimately only needs to consult these ministries can be seen as a sign that the security argument gained the upper hand over the German business interest in China. However, the law only went into effect this summer, with an outgoing coalition government. It remains to be seen, then, whether the new German coalition, and in particular, a new SPD-minister of the interior, will implement the law as intended. Signs are clearly pointing in that direction: during the election campaign it seemed that all the parties that have formed the new coalition government (Social Democrats, Greens and Free Democrats) expressed more skepticism over the use of Chinese technology in 5G networks than the conservative party of Angela Merkel.
In any case, if the new coalition government implements the IT Security Act 2.0 consistently, the high proportion of untrustworthy technology that we see in Germany with the 4G networks, should be a thing of the past. Otherwise, there will be considerable costs for protective measures for the taxpayers and the intellectual-property-sensitive customers of 5G MNOs.
The Israeli Case
Israel is continuing its national aspiration to advance research and development of emerging technologies such as quantum computation, AI, autonomous machines, big data analysis and cyber. The cultivation of the "Startup Nation," national branding that casts Israel as an international hub for technological innovation, entrepreneurship and investments, has naturally stressed the need to advance the assimilation of advanced computerized IT infrastructure such as 5G that are considered vital for future R&D of these technologies and services.
In light of this background, the implementation of 5G communication infrastructure in Israel might be explained by addressing two overlapping processes: The technological implementation process, focused on moving forward from a government contract to the actual construction of the infrastructure and its implementation, led by Israel's Ministry of Communication; and the security-diplomatic political process that is focused on navigating between Israel-US special relations and Israel-China commercial relations.
The national tender for 5G communication infrastructure was published by Israel's Ministry of Communications during July 2019, following a long bureaucratic procedure whose aim was to narrow the amount of local suppliers (due to low radio frequencies availability), and required that MNOs unify and apply as groups. The next stage took place on September 30, 2020, when Israel's Minister of Communications Yoaz Hendel announced that the license to provide 5G services would be awarded to three local MNOs – Partner, Pelephone and Hot-Mobile.
According to a current official survey, Israeli’s usage of IT is now 25 times more than when it was first introduced about two decades ago, whereby last year alone, due to the COVID-19 pandemic, there was a rise in the usage of mobile devices by 72%. As a result of this surge, Israel's Ministry of Communications, indicated that the implementation of 5G infrastructure (together with fiber optics and the implementation of the new IPv6 Internet address standard) was their main goal for the current era. In the year that followed, the three 5G MONs struggled to meet the ministry's goal to be able to "operate 250 sites at a frequency of 3800-3500 MHz for the benefit of Generation 5 service and a minimum bandwidth of 60 MHz in a network or shared network, for the benefit of providing a 5G service and all this before the end date in June 2022." Providers meeting these goals are expected to receive considerably large grant incentives.
The broad public legitimacy and support for new IT infrastructures generated a very permissible public atmosphere that defused the potential of 5G infrastructure to become a political controversy. While local MNOs featured the promise of 5G mobile prominently in their advertising, the press, tuned to public sentiments, focused on its rate of implementation, criticizing the gap between the promises and the actual ability to use 5G infrastructure. Unlike other states, it seems that the Israeli public paid little attention to the international geo-strategic context of the 5G issue, which was hardly mentioned during the intensified political debates and controversy between left and right parties, during one of the most instable political periods Israel had endured across four consecutive parliamentary elections (2018-2020) which failed to establish a stable majority government.
In contrast, among the professional security, military and diplomatic communities of Israel, there is a growing attention and concern about the international political perception of 5G infrastructure as a main component of the escalating technological race between China and the US. There is a sense that the "technical" choice of 5G infrastructure provider and standards, will be perceived by like-minded states as an act of "choosing sides." Therefore Israel's security apparatus, particularly in the IDF and Israel’s intelligence community, which are undergoing a much-needed digitalization process that includes, among other things, the transition to reliance on civilian 5G infrastructure, is increasingly concerned about two main interrelated issues: The need for innovative technological solutions to mitigate rising 5G threats, and the ability to foster Israel's security and diplomatic relations with the US while keeping commercial relations with China to a necessary minimum.
China-Israel relations have blossomed since the establishment of full diplomatic ties in the 1990s. Under the former government led by Benyamin (Bibi) Netanyahu, China was declared a main economic partner of Israel. Economic ties between the two countries peaked in the last 5 years, leading PM Netanyahu to declare on the verge of his 2017 visit to China that "We will continue the talks on establishing a free trade agreement between China and Israel and we will hold the third joint Israel-China innovation conference. Of course, we are continuing to develop new markets and to open new markets for the Israeli economy”
Despite these aspirations, updated assessments show that only about 10% of Israel's trade is with China, and it has been decreasing since 2018, far behind the European states, Israel's main trading partners. Nonetheless, in economic circles, China is still considered a main engine for economic growth and an uncharted market for Israel's high-tech sector.
Israel's ties with China were and still are under the tight scrutiny of both Republican and Democratic US administrations. Israel main diplomatic friction with the US in the last 30 years have been China-related, specifically regarding China's interest in Israel's advanced technological arms industry, hitting its lowest point with the cancellation of the Phalcon deal, an agreement by which Israel was to supply China with early-warning aircraft. The US has continued to publicly raise concerns over the growing investment of China in the modernization of Israel's national infrastructure. In the past few years US criticism has focused on specific Chinese investments and acquisitions in Israeli national infrastructures such as the new northern wharf at the Haifa seaport, the "purple" line of the light rail in Tel Aviv; and a new seawater desalination plant. Despite US pressures, Israel's overall policy remains the same: adhere to US demands while continuing trade relations with China as much as possible without passing the threshold. Israeli official media refrained from public announcements on the matter in order to avoid possible tensions with the Chinese.
US concerns over the possibility that Israel will implement Chinese 5G capabilities, seemed to be bound up with the US international effort in this regard, which was initiated by the Trump administration. The US publicly and officially addressed its partners at the first Prague Conference (May 2019), asking them to refrain from installing Chinese infrastructure, as part of the Clean Network Initiative launched in 2020, aimed at minimizing foreign influences (with an emphasis on China) on the advanced technologies of the US and its allies. Israel was officially mentioned as a partner in the Clean Network in August 2020. And US officials have said to the press that Israel is about to sign an MOU with the US that will exclude China from Israeli 5G networks. Recently, in October 2021, US officials made public that Israel had agreed to establish a joint working team with the US to develop technologies for the 5G network.
On August 27, 2020, the Israeli Ministry of Communications published the decision that the 5G infrastructure providers for Israel will be Finland's Nokia and Sweden's Ericsson. This announcement, short of bluntly expressing a political choice between the Western camp and the Chinese camp, exposed the big elephant in the room, which now can no longer be overlooked.
Conclusion
The story of 5G is a compelling example of the politicization of ICT and the challenge of third-country vendor risks. The lack of supplier diversity in combination with the political situation in the home country of some of the vendors yielded a situation that made the choice of a supplier at least in part a political decision that trumps economic and technological logic. In an era in which digital systems become ever more complex, the need for digital sovereignty is far more than a matter of industrial policy and a quest for international competitiveness. Digital sovereignty has also become a matter of national security.
As we have shown, balancing between security and commercial interests is a challenge for both Israel and Germany. However, Israel, due to its geography, history and experience is less willing to compromise its security and special relations with the US. Germany, on the other hand, is keen on defending its export-oriented growth model and is much more dependent on China’s continued openness to allow German products to be sold on the Chinese market. Beyond the mercantile interest, Germany, unlike Israel, lacks a strategic approach to the great power struggle between the US and China and a sense of the threats lurking to in a digitalized economy and society.
Ultimately, Germany found an institutional escape route out of the dilemma, which is consistent with previous patterns in similar political situations. There is a basis for the saying that in times of crisis Americans take action, while Europeans (and in particular Germans) talk institutional change. Instead of untrusted vendors being banned, they need to meet a number of criteria in order to be eligible to participate in the procurement process for 5G networks in Germany. It is hard to see how Chinese vendors can meet these criteria. However, it remains a mystery why, at the same time, Germany’s largest MNO Deutsche Telekom, as a partly state-owned enterprise, is so closely tied technologically with Huawei.
Israel, as always, took the obvious choice to side with the US administrations, preventing a potential crisis that might affect her security and political support. Part of this strategic decision also involved knowing that its technical knowledge and expertise might give it a leading role in the shaping and implementation of the new US-led 5G security standards development. The lack of interest and vast public support for advanced high-tech technology allowed the Israeli government to advance without a serious public debate, shielding government actions from the attention of the main press, and maintaining the façade that business with China is “as usual.”
The debate over untrusted vendors for 5G technology must be seen as a taste of things to come in other realms of digital technology. The next technology will likely be the application of artificial intelligence (AI) technology to infrastructure, security, and weapons systems. The increased complexity of systems and the economies of scale of everything digital results in a limited number of suppliers in each market. The consequence is an increased dependency on foreign vendors. Besides market size, trusting the sincerity of a vendor will become a success factor on Western markets, also opening up opportunities for companies from midsize or smaller countries such as Germany and Israel.
In 2016, the Obama administration's “Cybersecurity National Action Plan” issued a call for "Secure Technology", declaring that "just as our roads and bridges need regular repair and upkeep, so do the technical linkages that allow the information superhighway to flow." This set the tone for today’s emerging (Western) international norms for the digital age. And yet, maintaining trust is a very elusive business, as trust must be earned not only at the corporate level but through the support of good governance and government policy. Whether the technology in question is communication infrastructures or digital information itself, this contribution stresses the need to consider trusted technology as a main feature in today’s international and national digital policy.
[1] For more on this see Stuchtey et.al. (2020) https://www.bigs-potsdam.org/app/uploads/2021/02/Policy-Paper-No.8_V3.p….
The opinions expressed in this text are solely that of the author/s and do not necessarily reflect the views of the Heinrich Böll Stiftung Tel Aviv and/or its partners.