Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Science

5G: Who is reading over your shoulder?

Should you worry about the new 5G network’s privacy and security? Delta discussed this issue with Professor of Cyber Security Michel van Eeten.

The 5G network (Illustration: Sija van den Beukel)

Should you worry about the new 5G network’s privacy and security? Delta discussed this issue with Professor of Cyber Security Michel van Eeten.

5G will make its entrance in 2020 and will be used for many other processes than the current 3G or 4G network. Just think about such things as smart devices, the internet of things (IOT), self-driving cars, remote medical operations, smart agriculture, stock management … What won’t it be used for?

Telecom companies are a gold mine for intelligence services

According to Michel van Eeten, Professor of Cyber Security at TU Delft, there are also privacy risks in the 3G and 4G networks. Van Eeten mentions the Snowden revelations, when GCHQ, the British secret service, deeply hacked the Belgian telecom provider Belgacom. Van Eeten says that “telecom companies are a gold mine for intelligence services as conversations and messages can be easily tapped. You should always assume that other states have an interest in this information.”

He continues, “so the risks in the 5G network are not really any greater. With one proviso – countless societal processes are moving onto the mobile internet. The risks that we now have around the 3G and 4G network will be magnified because of the greater volume of activities on the 5G network.”

Chinese back doors
New equipment is needed to lay the 5G network. The frequency auctions will be opened this year and telecom providers can buy parts. The largest and cheapest supplier of parts is the Chinese company Huawei. The Americans, in the trade war with China, are trying to prevent other countries from investing in Huawei for their 5G network, arguing that Huawei builds in back doors for spying purposes. Even the AIVD has recommended the Cabinet to exclude Huawei from the heart of the 5G network. But Van Eeten says that “this is not what it literally says. It says that ‘the equipment may not come from a country with an offensive cyber programme’. If you would call Huawei by name, you’d be hauled into court. Under competition laws, you may not exclude an individual company. So they devised a general regulation to cover the situation. Coincidentally Huawei falls under that regulation. If there had been an American supplier in the running, this rule would probably not have been made. The Americans too have an offensive cyber programme.”

It does not really matter if it comes with a Chinese label

Van Eeten himself does not believe that Huawei’s equipment poses a particular threat for spying. “First of all, that would be very stupid, even from the Chinese Government’s perspective, to explicitly incorporate a back door. The minute it would be discovered, it would be the end of Huawei. Secondly, and more importantly, Huawei does not have to incorporate anything. The 5G network equipment runs on a huge amount of software that has inherent vulnerabilities. It does not really matter if it comes with a Chinese, Swedish or an American label, the equipment is vulnerable. If the Chinese Government lets a bunch of competent hackers loose on a computer, they will find something. That’s simply how it works.”

The more expensive Ericsson
What often goes unmentioned in the discussion is that the 3G and 4G networks in the Netherlands are almost all Huawei. Van Eeten says that “if you want to exclude Huawei, you would have to rebuild the KPN network from scratch and be prepared to fork out a couple of billion euros. That’s not going to happen.”

Van Eeten continues. “KPN has invested little in 5G. It still has to start. For the peripheral equipment such as antennas, they could buy Huawei. For the computers at the heart of the network, they will buy more expensive Ericssons or Nokias.”

Geopolitical move
Van Eeten sees the new regulations that exclude Huawei from the core of the 5G network more as a geopolitical move. “I see it as a sort of payback for the three or four years that China carried out unlimited offensive cyber operations in the West. Whatever you think about the risks of Huawei, it could be desirable to give China a slap on the wrist. It may help encourage the country to operate a little more cautiously.”

‘The essential systems must be entirely secured’

Our network needs strong security to not be hacked. Van Eeten believes that much responsibility rests with the telecom providers. They should operate on the assumption that they could be attacked at any given point in time. “The essential systems must be entirely secured so that they do not communicate with the rest of the internet. A limited number of people could have access to the systems and they should continuously monitor what the equipment is doing. You must treat it as if it is in the intensive care unit.”

Telephone conversations
But what does the man on the street experience in terms of data espionage? Who would be interested in your conversations? Van Eeten answers that “if your telephone traffic would be intercepted by a foreign state, that would of course be the first thing that they throw out. But ultimately, what affects companies and governments, affects citizens in the long term. If it means that we suffer major economic losses, there will be fewer jobs.”

In any case, American investigation seems to show that there is little usable data among the enormous amount of information that the Chinese secret services have tapped, says Van Eeten. “Ninety-nine percent of the information is not interesting.” How you find that 1% that is useful is already hard enough. And even if you would find that information, what would you do with it as it will miss a lot of the contextual information. Van Eeten continues, “I believe that the societal impact of intellectual property theft – corporate espionage – is hugely overestimated.”

Michel van Eeten.

CV
Michel van Eeten graduated in Public Administration from the University of Leiden. In 1997, he obtained his doctorate in Public Management at TU Delft. He has been Professor of Cyber Security at the Faculty of Technology, Policy and Management since 2009. He is a member of the Cyber Security Council. Van Eeten also writes fiction. His first book, ‘Tegennatuur’ (against nature), was on the recommended reading list for the AKO Literature Prize. His latest book, ‘Heilige middelen’ (holy means), was published in September 2018.

Sija van den Beukel / Freelance journalist

Editor Redactie

Do you have a question or comment about this article?

delta@tudelft.nl

Comments are closed.