BRUSSELS—Some European governments are making a technical distinction between core and noncore parts of 5G networks in debates over cybersecurity, putting them at odds with U.S. officials, who argue that with 5G, everything is sensitive.
Officials in Germany and the U.K. are expected to decide in coming weeks on new security measures that could limit Huawei Technologies Co. products from 5G networks built in those countries. Government discussions in both nations have referred to applying different criteria for core and noncore parts of the networks and deciding which technology companies can build those components.
Core parts of the network refer to components including data centers, while noncore parts can include equipment such as base stations and antennae. The U.S. government argues that all areas of 5G networks need strong protection because there will be many more entry points for hackers to intercept communications.
The Trump administration has banned U.S. federal agencies from buying Huawei equipment and has restricted federal contractors in using it, saying it is vulnerable to Chinese hacking and espionage. The U.S. has also put pressure on countries in Europe and elsewhere to limit use of equipment from Huawei and other Chinese companies. U.S. officials traveled to London last week to lobby the U.K. to prevent telecommunications operators from using Chinese equipment.
Distinguishing between core and noncore parts is largely an attempt by European countries to find a compromise between a U.S.-style ban on Huawei products and politicians’ concerns that such a move would cause tension with China, experts say.
“It’s one of the few options they have left,” said Jan-Peter Kleinhans, a researcher at the Berlin-based think tank Stiftung Neue Verantwortung.
U.S. officials have threatened to limit intelligence-sharing with countries that continue to use Huawei equipment in 5G networks.
“There was an argument for 4G that you could secure the core and then have the edge of the network be less secure,” Robert Strayer, the U.S. State Department’s deputy assistant secretary for cyber and international communications, told journalists in Brussels in September. Designating only core parts as sensitive will no longer make sense for 5G, he said.
Spain-based Telefónica SA, one of the three major mobile operators in Germany, said last month that it would use Huawei equipment to build noncore parts of the 5G network in that country, adding that it would decide this year about technology for the core network.
Cybersecurity experts say 5G’s low latency, meaning the time it takes devices to connect, will make core and noncore parts equally vulnerable to hackers. Sensitive data could be processed in all parts of the network instead of only in the core, where it is analyzed in today’s 4G networks, also known as LTE.
“We are, of course, afraid [China] will steal trade secrets and confidential business information and we shouldn’t be naive about that,” said Filip Geerts, chief executive of Cecimo, a Brussels-based industry association representing manufacturers. Still, he said he doesn’t want to see delays in building 5G infrastructure: “If that long debate on securing 5G networks is slowing down the rollout of 5G, it would be really a pity.”
Companies are pushing governments “more than ever before to find a solution,” Business Europe, a lobbying group in Brussels, said in a position paper published this month.
Decisions over 5G networks in Britain and Germany are particularly important because the large economies could have a ripple effect across Europe, said Janka Oertel, director of the Asia program at the European Council on Foreign Relations think tank.
The European Commission, the European Union’s executive body, is expected in the coming weeks to publish a list of security measures that its member countries can use to secure 5G networks.
Companies that use 5G networks could limit the potential exposure of sensitive information, such as personal or confidential business data, according to a research note from research and advisory firm Gartner Inc. Minimizing the volume of data they process and applying techniques to pseudonymize information, or remove anything that may identify individuals, could keep hackers at bay, Gartner said.
Write to Catherine Stupp at [email protected]