Centre for Internet & Society

 

Speaking on the status of 5g in India at a virtual summit, Niti Aayog CEO Amitabh Kant noted the country is set to go all out in its adoption, but that there exist security concerns with the technology. He also pointed out that India is yet to make a decision on the participation of Chinese telecom companies in its 5g infrastructure. In many ways, this has been the story of 5g adoption globally. Governments see the potential of 5g to usher in a new era of prosperity and development but are wary of the risks it poses. Central to these risks is the fear of espionage conducted by Chinese corporations like Huawei and ZTE that are the major suppliers of the components required for 5g networks. These concerns have resulted in a multitude of sanctions being levied against Chinese telecom corporations by Western nations. Whether that be through the United States citing cybersecurity concerns while issuing an executive order effectively banning Chinese companies Huawei and ZTE  from participating in their 5g telecom network. Or UK Prime Minister Boris Johnson laying out a 2027 deadline for removal of all Huawei equipment from UK networks.

Closer to home, 2020 has already seen a severe deterioration in Sino-Indian relations following cross border firing at the Glawan valley. The Indian government has deployed a number of cyber related sanctions against China in retaliation for the military clashes between the States - such as the banning of a number of Chinese apps, including TikTok. Despite these sanctions being levied against China, one area where no action has yet been taken is Chinese companies’ participation in India’s 5g infrastructure. As of writing, Chinese telecom companies are still permitted to undertake testing of 5g within India. However in light of the strained relationship between the two countries, as well as the security concerns now identified by other States, a scenario where Chinese companies are banned from India’s telecom networks in the future is plausible - if not highly likely.

The possibility of such a scenario raises a number of questions. How would such a ban on Chinese participation in 5g affect India domestically? Would banning Chinese telecom companies be enough to solve India’s 5g security concerns? And if not how can India develop a strategy to ensure that consumers have fair access to secure 5g networks?


Why have Chinese vendors been banned in other countries?

The primary concern from the West relates to Huawei’s proximity to the Chinese Government. Chinese legislation requiring Chinese companies to assist the State in matters of national intelligence are seen as obvious threats by the US and its allies in a situation wherein trust is hard to come by. While Huawei has stated that it would not cooperate with China in any form of geopolitical espionage, this has done little to quell suspicion. 

What does banning Chinese companies mean for Indian consumers?

As of right now, not much really. 5g is at an incredibly nascent stage and its adoption in India is estimated to be a few years away at the earliest, with no clear deadline on when some of the 5g spectrum will be auctioned off in India. Moreover, Chinese companies are as of now permitted to undertake 5g testing in the country.

However, in a hypothetical situation where these companies are banned, the effects will be seen in a few years time. The most obvious impact is that a ban for Chinese providers will result in a less competitive market consisting of fewer actors. Developing 5g in India is incredibly expensive for three reasons. Firstly, is the cost associated with upgrading infrastructure to that which is compatible and optimized for 5g. Secondly, India has the highest cost (reserve price) for purchasing spectrum in the world. Thirdly is existing debt among telecom companies. The costs involved in developing 5g to these companies, therefore, far outweighs the benefits. This problem will only be compounded by banning Chinese companies in the space, who are seen to operate cheaper than their European counterparts. Such a ban could therefore further delay 5g’s adoption in India by a significant amount of time.

Moreover, given the security concerns, the government could proceed with favouring Indian only companies within the sector.  With Reliance now claiming to have developed its own 5g technology within India it could result in a situation wherein it becomes the primary, or even sole, provider for 5g infrastructure in India. Any such corporate monopoly over such critical infrastructure would undoubtedly harm domestic consumers. 

Does banning Chinese companies solve India’s security concerns relating to 5g?

Despite all of the potential negative repercussions, the argument to exclude a hostile nation from potentially having access into Indian infrastructure is a persuasive one. Citizens data privacy and national security have to be prioritised over any marginal economic gains that may result from allowing Chinese corporations to be involved in 5g infrastructure. And it's feasible that the negative side effects regarding the rise of a domestic monopoly can be handled by effective State regulation. But this leaves us with the question, is banning Chinese companies all that the government has to do to ensure 5g is implemented securely?

Not really. Limiting the involvement of Chinese companies will undoubtedly remove certain threats of espionage, but this is far from the only concern with 5g. While 5g has made certain improvements in security when compared to 4g, it is far from unbreakable. Firstly, initial rollouts of 5g are expected to be done on top of existing cellular networks so as to avoid new infrastructure costs.  This interoperation of 5g with existing 4g (and in some cases 3g) networks will result in early 5g being subject to the same exploits that 4g is

Secondly, 5g presents a risk due to the additional avenues through which it can be attacked. 5gs software based routing system and its connection to a wide amount of traffic points through the internet of things (IOT) would create more points of potential vulnerability that can be exploited. Finally, the globally accepted standards of 5g themselves allow companies the discretion to implement them in a more lenient manner. This includes making optional the use of certain cypher algorithms that look to protect user integrity. So it would come as no surprise that companies motivated by the profit motive would in the future look to cut these corners, making the network less secure.

All of this comes together to mean one thing: no matter how many Chinese companies India excludes from its 5g infrastructure, it will never be absolutely secure. Moreover, needing such formalised access through a company has never been a prerequisite for a State to target another through a cyber attack. Cyber attacks perpetrated by external actors outside of companies or States have existed in the past and will continue to exist in the future. Now that isn’t to say that the government should include Chinese corporations in 5g - the concerns over espionage make it clear that they shouldn’t be involved. What it does say, however, is that this has to be one step in a larger 5g strategy that would look to ensure implementation while maintaining security.

 India’s 5g strategy

In order for 5g’s implementation in India to be successful it has to fulfil two criteria - it must be secure and it must generally be in the economic interest of the consumer. Both of these criteria can be met with a mixture of legislative and strategic decisions.

On the side of security, the most obvious step that can be taken would be to prevent the participation of those companies that are either primarily based in a hostile State or that can be significantly compromised through foreign legislation - such as Huawei and ZTE. In terms of legislative actions, the government must aim to address the security concerns regarding 5g as part of a dedicated cybersecurity law. Such a cybersecurity law must ensure that telecom companies are tasked with a duty of care to ensure cybersecurity and privacy of user data. This would compel companies working on 5g to ensure that they meet the highest threshold of security standards when implementing their networks. Such a law can also lay down strict requirements and standards of data encryptions that can serve to minimise damage in cases wherein a 5g system is compromised.

On the economic side, the government must view 5g as a form of critical infrastructure. If we are to believe the vision of a future wherein 5g is a necessity then the State must take steps to ensure its widespread availability to all sections of society by limiting its cost. Private participation in this sector must therefore be appropriately regulated keeping this goal in mind. Given the reduction in market actors for security reasons, there must be strict enforcement of competition laws to prevent domestic telecom providers from forming monopolies or cartels and setting exorbitant prices. One other way to reduce costs would be for the State to ensure that gaps in 5g supply chains are properly dealt with so as to reduce dependence on foreign States’ for components. Beyond these measures, consumers must also be educated so as to be able to make better informed decisions regarding their 5g access and have recourse to efficient grievance redressal mechanisms.

Ultimately if India is to ensure that 5g is implemented in a manner that is both safe and fair, it must look to balance out security and consumer benefit. And while banning Chinese corporations would make the system more secure, such an action would mean little without a series of additional steps to handle other security concerns with 5g while ensuring that Indian consumers don’t miss out.

Filed under:
The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.