Divergence on Chinese 5G strains 'Five Eyes' alliance

Cybersecurity risks of 5G technology, especially by Chinese suppliers, has created new cohesion risks for the Five Eyes

The stability of the Five Eyes intelligence sharing partnership between Australia, Canada, New Zealand, the United Kingdom and the United States is under stress over Chinese participation in the members’ 5G telecommunications networks.

What next

The de facto US ban on Chinese 5G technology will likely lead other members of the Five Eyes alliance to exclude or severely limit its use too. Allowing even restricted use would create gaps in the intelligence and research shared among the members, and undermine the trust underpinning the alliance.

Subsidiary Impacts

  • Possible US concessions on the supply chains of Chinese firms would ease strain within the Five Eyes alliance.
  • European corporates will redouble efforts to burnish their security credentials to capture 5G market share.
  • London’s eventual decision on Huawei will influence the EU and Asian democracies.

Analysis

The Five Eyes countries align on security, economic, political and cultural issues, but the specific focus of the alliance is on sharing highly sensitive intelligence, such as intercepted phone calls and email messages.

The members divide intelligence-gathering by region, with the United Kingdom, for instance, having the lead for the Middle East, Hong Kong and Europe (including the European flank of Russia).

The foundation of these exchanges is mutual trust, which was briefly challenged by the 2013 Snowden leaks and now, more fundamentally, by potential divergences over the use of Chinese 5G telecommunications technology.

Shaken technological dominance

The Five Eyes group has long strived to develop, incorporate and regulate leading technology in pertinent areas such as radio, wireless, satellite and microwave communications:

  • The Technical Cooperation Program of scientific and research collaboration -- which promotes defence, scientific and technical information exchanges in almost a dozen areas to enhance mutual security while reducing costs -- has expanded from a UK-US partnership to include the other three members.
  • A Multilateral Interoperability Programme supports mutual command and control interoperability for air, maritime and especially land operations through enhanced integration, connectivity and compatibility. It includes all Five Eyes members except New Zealand.
  • The US National Technology and Industrial Base, which fast-tracks dual-use research and development (R&D) with operating partners, includes all Five Eyes' members except New Zealand.

During the Cold War and into the 21st century, the Five Eyes had little trouble maintaining technological leadership through such programmes; the Anglophone world, through select public-private partnerships as well as government-funded labs, typically led the global development of information and communication technology (ICT).

This has changed.

Recent decades have seen other countries take on technological leadership, and commercial firms can outspend government labs or traditional defence companies on ICT R&D. European countries, Japan and most notably China often pioneer discoveries, while Microsoft, Google and other private companies now create innovative software that public agencies later purchase.

Additionally, IT hardware and software have become increasingly sophisticated, can often operate autonomously and regularly upgrade without explicit user intervention. Consequently, all systems connected to the internet are vulnerable to external manipulation before and after installation. These systems include critical ones such as supervisory control and data acquisition that operates dams, nuclear power plants and national electricity grids.

Huawei risk

Regulation of 5G will be tough, whomever the supplier

Enthusiasts of 5G technology believe it can revolutionise dual-use technologies such as robotics, artificial intelligence, situational awareness and encryption.

However, since 5G integrates software and hardware more deeply and intricately than 4G, law enforcement agencies would find it harder to secure such systems against in-built and post-installation vulnerabilities.

The cross-cutting links between security and commercial networks further complicate regulation, altering national risk-based evaluations of corporates leading 5G technology (see INTERNATIONAL: Corporate competition on 5G is rising - May 10, 2019).

Partly due to this regulatory challenge, and partly due to the lack of clarity on Huawei's links to the Chinese state, the usually quiet deliberations among the Five Eyes have become public.

In April, the issue was addressed comprehensively at the 'CyberSec conference' in Brussels and at the first public meeting of the group's intelligence chiefs, at the 'CyberUK Conference' in Glasgow.

National divergences

Each government is responsible for the security of its national communications: cellular, Wi-Fi, radio and other spectrums. However, the Five Eyes members strive to build mutual trust by demanding high standards in each other's telecommunications sector.

Some members see securing 5G technology from Chinese suppliers as a new but manageable variant of a long-standing challenge that can be resolved within existing regulatory frameworks; others believe 5G technology demands a new and radically restrictive approach (see INTERNATIONAL: Europe may open up to Huawei partially - April 26, 2019).

Ban: Australia

In 2018, under then Prime Minister Malcolm Turnbull, Australia became the first country to ban Chinese firms from the national 5G network after Australia's Signals Directorate concluded that even limited use of high-risk vendors carries unacceptable risks due to the interconnected nature of 5G technology.

Ban: the United States

US policies towards 5G technology reflect a combination of commercial and security concerns. Trade tensions have led the Commerce Department to place Huawei on its 'entity list', restricting the firm's ability to procure US components. Security concerns have resulted in a de facto ban on Chinese 5G technology.

The core US position is that having Chinese technology in such sensitive networks would deplete the security of and trust in the telecommunications systems of the Five Eyes members, creating risks that intelligence shared over them could be manipulated or intercepted by China's security apparatus.

Restricted Access: New Zealand

New Zealand initially followed Australia's lead but subsequently backtracked. The Communications Security Bureau now allows companies to demonstrate that they can counter security concerns before using Huawei equipment in 5G networks.

Undecided: Canada and the United Kingdom

Canada and the United Kingdom are undecided on Huawei

These members have yet to finalise their position, but Canada is edging towards an eventual ban on Huawei, likely after the October federal elections, if not sooner (see CANADA: Odds are stacking against Huawei - May 22, 2019).

The UK government insists all options remain open. Should Huawei be allowed restricted access to 'non-core' parts of the 5G network -- as a recent government leak indicated -- a post-Brexit UK would be able to avoid antagonising Beijing as well as purchase from the lowest-cost supplier.

However, there is significant support across the political and security establishment for a complete ban.

Outlook

The purported distinction between 'non-core' and 'core' 5G networks -- although dismissed as meaningless by some technology experts -- is sufficiently vague to allow Five Eyes members flexibility. This would enable the alliance to paper over diverging standards for a while.

Much depends on the final US position on Huawei's US-linked supply chains: a compromise would help de-escalate tensions between Washington and Beijing, in turn enabling the Five Eyes countries to forge a more durable compromise that would balance their national economic and geostrategic security interests (see CHINA/US: Tensions risk unravelling tech value chains - January 3, 2019).

Should a compromise fail, especially between the two most important partners -- London and Washington -- the consequences would be serious.

Intelligence sharing among the members could be curtailed, creating blind spots in data collection, analysis and dissemination. For example, decreased data exchanges with the United Kingdom would deprive other members of insights on Europe (including some former Soviet states) and the Middle East.

Meanwhile, the UK government would lose access to sensitive information on South America and East Asia, just when its post-Brexit access to the Europol system is also under question.

Members could also lose access to some segments of valuable UK resources and skills for future intelligence technology R&D.