Handheld mobile devices are everywhere throughout the world, and there is great “value” in having the ability to access voice, data, and messaging service anywhere, at any time of the day or night. These days, many of us now rely on having a smartphone 24/7. Along with this reliance on our devices, we also have been seduced into “needing” the newest, best, and most up-to-date handheld device regardless of its cost. We have also been “trained” to replace our current smartphone for the next generation because, like the Polaroid Instant Cameras and Palm Pilots of yesteryear, there is a certainty of generational obsolescence of consumer products, and thus any mobile devices bought today will become useless antiques within a few years.
Our first fascination with “mobile telephone” devices may have started with Dick Tracy’s wrist radio, but the real love affair started with the first three-pound Motorola prototype “brick” cellular appliances in the 1970s.1 Since then, there has been a rapid evolution of increasingly convenient and dynamic portable voice, imaging, and data “appliances” along with a robust investment in new capabilities and applications; this has persisted unabated for nearly four decades. Today mobile devices are everywhere, and the presence and reliance of portable telephony across critical economic and national security infrastructures makes the technological debate one of how quickly can we adopt, adapt, upgrade, or innovate relying on the latest mobile capabilities and standards. For today, and for the next few generations (usually nine years), the answer to those decisions will be rooted in 5G.
A Brief Primer on the History of Mobile Telephony
The state of the current mobile market in this country is based primarily on the American approach to technology regulation, based on the 1934 mandate that critical infrastructures, like our telecommunications networks, be regulated consistent with the “public interest, convenience, and necessity.”2
In the early years of the twentieth century, the U.S. economy and national security community relied on the existence of a highly reliable, but technically stagnated and vertically integrated, monopoly known as the Bell System.3 However, beginning in the early 1970s, a series of Federal Communications Commission (FCC) regulatory decisions and court cases resulted in a chipping away at the AT&T (Bell) monopoly: where competitive innovative devices could not be connected to the AT&T-owned network, that non-voice service could be offered, and that long-distance service was a monopoly. The determination that telephony was not a natural monopoly, and that AT&T must begin to permit interconnection by devices not of AT&T-affiliate Western Electric manufacture, resulted from a subsequent series of litigation and appellate decisions culminating in Judge Harold Greene’s landmark 1983 ruling—the modified final judgment approving a 1982 series of consent decrees between the Justice Department and the AT&T companies, thus ending the trial portion of five years of antitrust litigation.4
Although the FCC began its deliberations for the regulation of cellular telephony in the 1970s, it was not until 1981 that it finally acted and set aside a part of the radio spectrum for cellular license and began the licensing process through a lottery system. The FCC finally authorized commercial cellular services for all companies in 1982.5 In 1983, Ameritech Mobile Communications was the first company to provide cellular service to the American general public.
With the reconfiguration of AT&T, the market had been opened for all services to considerable competition. MCI and others began building carrier facilities offering local landline and long-distance services. Quickly, everyone in the “telephone game” claimed to also have cellular (wireless) phone offerings; MCI, as well as other new carriers, including Verizon and Cellular One (a creature of the surviving AT&T), eventually joined in the cellular market turmoil. Soon these entities were joined by new national market entrants like Sprint, and by various other non-telephone contenders, including a short-lived partnership between IBM and Sears.
Very soon, all carrier-based wireless services found themselves in competition for space in subscriber pockets with multiple other devices that not only had voice service offerings, but also some type of portable data services of various descriptions. By the early 1990s, individual GSM (the second generation of cellular wireless standard) devices with more than voice began appearing, as did pagers that now had two-way data services. “Pocket secretaries” from Palm and Apple also added radio-based services. These capabilities exploded over the ensuing decade, and by the time the first iPhone appeared in 2007, 75 percent of adult Americans had some type of cell phone.6 Many of these devices were capable of using an array of applications (apps), which were then (and now) the currency of wireless competition; at this point, the application leaders were Apple and Android, as they still are today.
By 2000, new players from Japan and Korea (including Samsung) had emerged and displaced Motorola as the dominant provider of Android technology. Integration of offerings by cable TV companies (e.g., Time Warner and Comcast) also became the anchor for offerings of “triple play” consumer services bundling landline telephony, wireless/mobile services, and internet/broadband access along with legacy home video service. This era also saw the emergence of the simple mail transfer protocol (SMTP) for email and messaging on a cellular device.7 The addition of functional apps and the “apps store,” as well as microblogging and social networks, were still in the future, and the reality of a portable, wireless fully functional computer-in-the-pocket was still science fiction, although the technology was already being imagined.
For those computer manufacturers committed to the laptop like IBM, DEC, and Apple (and later Dell, H-P, Fujitsu, and Micron), wireless portability and the downsizing of their platforms was under research at a pace no less aggressive than the work of telephone device manufacturers to expand the capabilities of their platforms. The future entry of Google, Microsoft, and other software and services platforms as now-familiar participants in the device market was competitively inevitable.
As wireless functionality expanded, it became obvious that cellular connectivity alone across a voice-based network was insufficient to support the bandwidth of PC applications and the diversity of application demands. These included easy connectivity to data-enabled networks and the internet, and location “agnostic” connectivity to printers, scanners, cameras, and other support devices. GSM (1991), 3G (2001), and 4G (2010) standards each enhanced the capacity of the cellular network infrastructure to support the increasing complexity of applications.
Pulling Back the Curtain on 5G
The early evolution of the cellular market is very important in understanding the posture of 5G as a next iteration in a series of evolving standards for mobile telephony. This includes understanding why the marketplace, even after five years of development, has yet to achieve consensus on a single articulation of the 5G standard. It is also important to be able to understand from a technical and security perspective whether the standard community has actually paid appropriate attention to the risks inherent in the dominant approaches proposed for 5G. These and other related issues are why the U.S. national security and trade policy communities are seriously concerned with how the standards process has evolved (or not evolved), especially with regard to the role of China in the 5G standards development as discussed below.
Back to the question of what exactly is 5G and why is it important. Most experts on 5G are referring to the proposed 5G New Radio (5G NR)—the newest radio access technology for 5G technology. This is the most current standard adopted by 3GPP, an international standard development organization (SDO); the SDO has a history in telecommunication going back to the development of the 3G and 4G standards.8
Unlike previous cellular standards, 5G NR is the hardware vendors’ dream, in that it is significantly backward-incompatible with many 3G and 4G legacy networks and devices.9 In its current draft, 5G NR has no functionality on existing tablets, phones, or networked modems. This begs the question of why some carriers are still investing in advanced 4G technologies, which will rapidly become obsolete as 5G NR rolls out globally.
An important characteristic of 5G NR is its capacity to support networks operating on a variety of frequencies.10 The benefit of this is that its new capacity for a massive user population can be supported by recycling the spectrum capacity being vacated as carriers abandon their legacy 4G systems. Some observers have also suggested there will be a dividend of freed spectrum from transition to digital TV broadcasting.
There have been attempts at other 5G standards that have been offered by other entities. The Korean national carrier KT conducted a 5G SIG standard (6–100 GHz) demonstration during the 2018 PyeongChang Winter Olympics, and Verizon has demonstrated the 5G TF network, operating on 28 and 39 GHz frequencies. These were not used for cellular telephony, but only for fixed wireless internet services. However, Verizon reportedly claims its 5G TF (28 GHz) deployments will be transitioned to 5G NR in the future; this proclamation suggests an indication of acquiescence in the fact that the 5G NR standard will be the future.
5G networks implementing the 5G NR standards may be risky for a variety of reasons. Some of these have to do with national security considerations regarding China’s past decades-long investment into the 5G standards process (i.e., 3GPP) and its ramp-up of carrier and service development by Huawei and ZTE.
Other risks are rooted in more general trade policy concerns, as the U.S. decades-long leadership in cellular technology may now be ceded to China. Some risks are largely technical, stemming from assertions that the devices, networks, and associated infrastructure components implementing 5G NR are more vulnerable to cyberattacks than their predecessors. There are at least six posited technology and/or cybersecurity risks associated with 5G:
- The 5G network is a departure from current cellular networks that have centralized hardware-based switching. 4G and earlier cellular networks are hub-and-spoke designs where everything came to a single point of failure in the hardware and where cyber “hygiene” could be practiced. The 5G software defined network migrates its management, switching associated security activity to a web of digital routers throughout the network, thus arguably increasing the number of potential attack vector ports and complicating security inspection and control.
- Another cyber vulnerability concern as to the distributed architecture is 5G’s virtualization in software of some network functions that were formerly performed by physical appliances in earlier mobile standards (1G–4G). These software-based network control functions will rely on the TCP/IP internet protocol and associated operating systems, like LINUX and UNIX. Nation states, nefarious insiders, and criminals can take advantage of these widely understood familiar standardized protocols and systems to launch attacks against 5G software-based networks.
- 5G’s technology employs a technique of dividing its available bandwidth into multiple streams of information (dynamic spectrum sharing); this will need constant system-wide vigilance rather than just relying on a single defense to protect the entire bandwidth collectively as we have done prior to 5G.
- As a network managed by software, and likely to incorporate artificial intelligence and machine learning techniques (which may carry their own risks), 5G may be vulnerable to software attacks and loss of control. Individuals and entities with “risky access” to key system functionality will expand due to the many vendors who will install and maintain the infrastructure and management tools comprising the 5G systems.
- Bandwidth expansion is a characteristic of 5G that enables functionality but also creates expanded sites for physical cyber intrusions. In user-dense environments (e.g., industrial parks), large university campuses, and urban residential neighborhoods, physically accessible fixed small cell nodes and their antennas offer target-rich threat vectors for high-impact attack. In addition, the more users being accommodated in a geographic area, the more physical infrastructure will be present and offer system access points for cyber intrusions.
- The phenomenon we now call the Internet of Things (IoT) involves attaching “tens of billions” of small computers and other devices to global network systems. In the 5G world, IoT will also extend the potential cyber risks. With 5G, and as our reliance on devices and network infrastructures distributed throughout the globe explodes, the number of unprotected or minimally protected points of network access (attack vectors) will similarly explode. The shared cyber risk of all of this will certainly become the target of probes by adversaries and others seeking to exploit and abuse them. The burden of vigilance will be an ever-present element of the coming global reliance on all of these network elements, including the wireless connectivity and appliances we are labeling “5G.”
There are other asserted risks of 5G that are mainly associated with more abstract policy concerns of national security and global trade and are more speculative and much more difficult to prove.
China’s Role in Developing 5G
At this point in time, China is indeed ahead of all of the rest of the world in 5G. Although this assertion is in many respects true, it may not be particularly relevant to any national security issues or trade-based market consideration. It is no secret that the global domination of the 5G mobile environment is an express objective of Chinese technology strategy, and China has made a decades-long investment in the development of global industry standards and in research and development of device and network component products and software. It also has been building out manufacturing capacity to establish itself as the preeminent vendor nation for 5G mobile telephony worldwide.
However, carriers in the United States have chosen a different path in that they will most likely select specific implementations of 5G technology to provision their networks and will do this in a manner they determine to be most attractive to their customer base. The simple reason for this is that their revenue stream is both dependent on retaining existing customers and persuading them to invest in new hardware and expanded services. It is unlikely that carriers like Verizon, Xfinity, AT&T, T-Mobile, and Sprint will choose 5G Chinese vendors both for selfish reasons (i.e., profits) and because of recent congressional and Defense Department mandates.11
Also, while China is a command economy and may have manipulated some aspects of the 5G standards development process to suit its interests, at the end of the day its national manufacturers will eventually build products demanded by the entire worldwide marketplace. If its primary markets (Africa, Latin America, and South Asia) wish to be part of the global 5G system—which would include being compatible with U.S. and Western European systems—they will demand that their devices have universally implemented common standards. It makes financial sense that Chinese manufacturers and vendors will, of economic necessity, build and offer products that meet these global market demands to be compatible to the rest of the world.
Furthermore, the current assertion of Chinese 5G leadership may not be totally true, especially in the areas of early network deployment, tools, and strategies to enable 4G/LTE transition to 5G and also in associated early device deployment. In addition, China’s current manufacturing models have no incentive to be cost-effective, as profit is rarely a concern when there is a national strategy to capture a market.12 While early Chinese investment in manicuring the 5G ecosystem and its supporting standards environment are ongoing, the real test will come in deployment. While Chinese devices may dominate non-North American 5G markets, the global footprint will of necessity leave room for the presence of U.S. suppliers and their products.
China has made a decades-long investment in positioning itself to be able to intercept and exploit U.S. national security community technology assets. Because China is currently the largest provider of commercial information technology network transmission capacity, it is realistic and inevitable that Huawei (and ZTE) assets will be in the future included in the inventory of the various “bundlers and integrators” of 5G network capacity that package and resell these multivendor services to U.S. entities (including companies like AT&T, IBM, General Dynamics, and Northrop Grumman), as well as national security and intelligence communities.
However, in reality, the potential capacity to intercept transmissions may not in the true sense become a “security breach.” The mere fact that an adversary is capable of seeing, intercepting, or even attempting to decrypt and analyze sensitive traffic does not establish that the practice is ongoing, or that it will yield any valuable information. For one thing, beyond the levels of encryption and other obscuring techniques applied to such traffic, the sheer volume of traffic requiring identification, interdiction, decryption, and analysis is almost beyond imagination, and in fact may be beyond any current technology.13
U.S. Leadership in Information and Communication Technology
The reality is that the United States is not ahead in today’s cellular telephony world. While the United States continues to dominate in the development of information and communication technology and software (including high-end microprocessors), the sheer volume of Chinese and Korean devices in the global markets gives both nations substantial front-runner benefits as the 5G era dawns. We have some device leadership (Apple), but Samsung and other Android manufacturers are far larger in the handheld distribution global market. Huawei and ZTE also make and sell the largest volume of cellular devices and equipment, as well as building networks worldwide (Apple does not presently produce cellular network equipment). However, as with semiconductors (including commercial chips and microelectronics for security systems), U.S. engineering, especially software and application development, still holds global dominance in this market.
Historically, the United States was the leader in cellular standards (2G, GSM, 4G, etc.), but around 10 years ago, China began to make investments in 5G standards process, both in appliance hardware and networks. If U.S. market leaders had sensed a threat to their posture, they should have had ample opportunity over that decade to adjust their role in the 3GPP, ETSI, and other standards bodies. They did not.
Currently, there is a U.S.-wide concern that apparent Chinese dominance or at least initial leadership in 5G should not impair options for the U.S. commercial market, or interfere with national security. Specifically, the potential concerns include relationships between 5G standards and Wi-Fi that are used to support local area networks in commercial and critical infrastructure environments.
There are both positive and negative aspects of the adoption of 5G. At this point, the declared advantages of 5G are still not evident in early adopter environments. If the pace of 5G stays as slow as it is now, the switch from 4G (where 15 percent of power users still rely on 3G devices) to 5G may not be as robust as predicted. As with all else in the cellular world, time will tell.
1. Although it was shown to the world in the early 1970s as a prototype, the Motorola DynaTAC was not released for sale to the public until 1983.
2. Communications Act of 1934, 48 Stat. 1064.
3. To understand some of the iceberg tips appearing above the waterline, we must first go back to the regulatory events surrounding the evolution of mobile telephony in the 1970s and the ensuing decades-long adaptation to a wireless-dominated technology environment by the Bell System, the then incumbent monopoly voice telephony operator serving 80 percent or more of the U.S. market through AT&T and the state-based Bell System of operating companies.
4. See MCI Commc’ns Corp. v. AT&T Co., 708 F.2d 1081 (7th Cir. 1983); United States v. AT&T Co., 552 F. Supp. 131 (D.D.C. 1983). The judgment resulted in the temporary dissolution of the Bell System monopoly and its disaggregation into “regional Bell operating companies,” the separation from the service offering operating companies of Western Electric equipment manufacturing, and the Bell Labs R&D activities. For a review of the history of the AT&T breakup, see Steve Coll, The Deal of the Century: The Breakup of AT&T (1986).
5. See Thomas W. Hazlett, The Political Spectrum: The Tumultuous Liberation of Wireless Technology, from Herbert Hoover to the Smartphone (2017).
6. Pew Research Center, Mobile Fact Sheet (June 12, 2019), https://www.pewresearch.org/internet/fact-sheet/mobile.
7. Christine Erickson, A Brief History of Text Messaging, Mashable (Sept. 21, 2012), https://mashable.com/2012/09/21/text-messaging-history.
8. As described on its website, the 3rd Generation Partnership Project (3GPP) “unites [Seven] telecommunications standard development organizations (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC) . . . . The project covers cellular telecommunications technologies, including radio access, core network and service capabilities, which provide a complete system description for mobile telecommunications. The 3GPP specifications also provide hooks for non-radio access to the core network, and for interworking with non-3GPP networks.” About 3GPP, 3GPP, https://www.3gpp.org/about-3gpp (last visited Nov. 5, 2019).
9. While GSM and 3G backward voice service compatibility was preserved, as later was 4G network compatibility with 3G standard devices, 5G network standards are not going to be fully backward compatible beyond 4G devices.
10. For the engineering wonks, 5G standards divide frequencies into two groups: FR1 (450 MHz–6 GHz) and FR2 or “EHF” (24–52 GHz). Early deployments are expected to be in the FR1 space.
11. Congress has, for national security purposes, already limited the ability of the Defense Department (and, by extension, other agencies) to buy Huawei and ZTE network hardware and other products. This prohibition is in the process of being implemented and under discussion across the new interagency Federal Acquisition Security Council for extending its application across all federal agencies, critical infrastructures, and technology vendors.
12. Illegal “dumping” of product below the cost of production is a time-honored trade abuse frequently employed to achieve artificial market share and leadership.
13. Without speculating what specific value to China potentially attractive national security traffic might be, the Department of Homeland Security Einstein email program has always been subject to scale concerns based on the (circa 2010) estimated daily traffic level of 500 billion messages requiring examination in each 24-hour period. And that was prior to the explosion in SMTP Twitter-type traffic, adding an estimated 500 billion additional daily items. At one trillion items per day, even assuming 0.001 percent of this traffic requires or warrants individual human examination, that is one billion messages per day warranting review by some expert system or human. If that screening produces 1 percent “target,” that is still 10 million pieces of traffic accumulating each day. Allocating one minute per item review would require 6,900 analysts, operating three shifts seven days per week.