LIVE FROM MOBILE 360 SECURITY FOR 5G, THE HAGUE: The technical director of UK government agency the National Cyber Security Centre (NCSC) slammed the state of the country’s security sector and claimed the mobile network vendor market is “broken”.
Speaking in the opening keynote session, Dr Ian Levy took aim at China’s Huawei, brandishing it a supplier of “bad security” following the results of the NCSC’s Oversight Board report published last March.
“As a sector, the telecoms equipment market isn’t up to scratch,” he argued. “What kind of sector incentivises a market where the leader in the market – in terms of market volume – has the security we published in the Oversight report in March? How is that ok? We need to fix that.”
Levy cited the fact that ten years ago the market had “around 12 different vendors, now we have three to five scale vendors across the world. How is that ok?”
He contrasted this market to that of the automotive sector. “If the only cars you could buy around the world were Ford, BMW, Audi, Lada and Skoda, would you be happy? No, of course you wouldn’t. There would be no market competition so prices would go up. And more importantly security doesn’t get prioritised – there’s no incentive to do security in a broken market. So we have to fix the market. Something is fundamentally wrong when we have 3-5 players in RAN [radio access networks] in the entire world.”
It wasn’t just the vendor market that was on the receiving end of Levy’s criticism. He claimed that operators will need to change their business models over the next few years, arguing that “being a bit pipe doesn’t pay.”
And Levy warned that many operators don’t have the necessary skills to run 5G networks properly, with 5G requiring “a fundamentally different skillset” to handle such things as virtualisation. “We need to start thinking about how we get and maintain the skills within operators to run this stuff better.”
Despite his assertion that “security is fundamentally broken in the telecoms sector,” Levy did admit that forums such as the GSMA event in The Hague are a positive step forward – as long as discussion is open and fact-based.
“Organisations like GSMA can help make this a much better public conversation but we have to be evidence-based and we have to be honest. Please, when you are talking about 5G security, don’t hype it up or down; talk in detail, talk in evidence and be honest with people.”