Has Merkel Undermined European Coherence on 5G Network Security?
On October 15, the German government published its long-awaited draft 5G security catalogue, confirming its earlier goal to create a level playing field for suppliers to next-generation networks in Germany. Most notably, Berlin refused to ban Huawei from participating in its 5G infrastructure. Chancellor Angela Merkel personally intervened to push for the decision, sidelining the German intelligence services and foreign and interior ministries, and infuriating members of the German Bundestag. Merkel was accused of making light of Germany’s network security, undermining EU technology sovereignty, and weakening EU unity.
Berlin’s decision came a week after the European Commission and the European Agency for Cybersecurity released their cybersecurity risk assessment of the EU’s 5G network. Without naming Huawei or the Chinese government, the report drew attention to both the intention and capacity of “threat actors.” By linking suppliers’ trustworthiness to their countries’ domestic political and legal environment, the report implicates security risks from Huawei’s presence in European networks. Earlier in the year, Germany joined many EU member states and other countries including the United States, Australia, and Japan in establishing the Prague Proposals that call for security and risk assessments that scrutinize the ownership structure of 5G vendors and the political and legal system suppliers are subject to. Consequently, the German government’s decision flies in the face of the collective European security assessment and, as the argument goes, directly undermines efforts to create a coherent European 5G network policy framework.
The German government’s decision flies in the face of the collective European security assessment and, as the argument goes, directly undermines efforts to create a coherent European 5G network policy framework.
Has Merkel singlehandedly ruined the prospect of a unified European approach to network security? Only if such a prospect existed in the first place. The EU lacks competence on the issue, which means member states are free to set their own national security and law enforcement requirements. Recommendations from the Commission’s report are non-binding and the whole exercise itself is the result of compiling and synthesizing security assessments by individual member states, whose judgements on Huawei and the Chinese state are deeply rooted in their respective geopolitical preferences. It is thus unsurprising that Hungary, which under Prime Minister Viktor Orbán has pursued a close relationship with China often at the expense of European solidarity, declared that it has seen no evidence of security threats from Huawei equipment and plans rapid 5G rollout in the country.
Cost is another important factor that makes Huawei attractive to smaller network service providers and periphery EU members that seek to deploy 5G with reasonable cost and the fastest possible timeline. Banning Huawei would increase the cost for 5G infrastructure and consolidate the European telecoms market down to two principle venders, Nokia and Ericsson.
As it stands, both Nokia and Ericsson rely heavily on Chinese manufacturing capacity. China represented about 45 percent of Ericsson’s manufacturing facility area last year, and 10 percent of Nokia’s. Developing alternative supply chains would drive up costs and restrict choices for both vendors. Taken together with tepid financial performance at both companies, including losses in recent quarters and thin operating margins, these operational constraints could mean that, post-Huawei, European networks might end up with different kinds of risks. Sustained financial difficulty could seriously impact the companies’ ability to honor their contracts and shifting the supply chain away from China would make both hardware availability and security more reliant on a much-reduced pool of suppliers. A comprehensive network risk assessment should thus factor in economic consequences from such a de facto technology decoupling from China.
What about the transatlantic relationship? Has Merkel sacrificed a golden opportunity for some much-needed transatlantic cooperation? Only if it were practical for Germany and the EU to follow the U.S. 5G strategy, which increasingly focuses on purging Huawei equipment from domestic telecoms networks, securing ICT supply chains, and boosting indigenous manufacturing capacity. Despite reports that the White House is considering financial support for European 5G equipment vendors, such large-scale market intervention may not sit well with some EU member states, as the EU has long condemned Chinese state subsidies as unfair competition and particularly at a time when the bloc is seeking to preserve the open, rule-based international trading system. Within the EU, a much more proactive industrial policy that promotes European manufacturing of key ICT components and scales up home-grown 5G vendors would also require member states to agree on a revision of the EU’s market competition rules, which could set off another round of protracted deliberation within the bloc.
How does one address Western governments’ mistrust of the CCP while not foregoing the benefits of engaging China’s vast economy?
At its core, the debate over Huawei’s trustworthiness is not really about the company itself. Rather, it is a referendum on the credibility of China’s reigning Communist Party. William Evanina, director of U.S. counterintelligence, declared in an interview that it’s the CCP, not Huawei that’s the problem. Similarly, chairman of the foreign affairs committee in the German Bundestag Norbert Röttgen stated that it’s the CCP’s heavy influence over the company that concerns him. But how does one address Western governments’ mistrust of the CCP while not foregoing the benefits of engaging China’s vast economy? A categorical rejection of Huawei sends a clear message: China needs to be checked for its ambitions. Or, as the Chinese would interpret it, China needs to be contained. That is where Beijing draws its battle line. The Chinese government has repeatedly demonstrated throughout the U.S.-China trade war that it is perfectly capable of designing retaliatory measures that inflict maximum economic pain on its opponents. Are Germany or other EU members ready to face down such a challenge with the current bleak economic outlook?
Are big corporate interests to blame for Merkel’s intervention? It is obvious that Deutsche Telekom stands to gain from the German government’s decision as the company has extensive amounts of Huawei equipment in its existing networks and has repeatedly warned that banning Huawei would drastically increase the cost of Germany’s 5G infrastructure building and result in massive delays. Also apparent is that large and small German companies in China fear retribution from arbitrary government scrutiny and an overall deteriorating business environment. Attacking corporate lobbying does provide an emotional scapegoat for an inadequate security policy choice. But it would be inconceivable to ask private companies to not focus on their bottom lines. In the end, German business interests are also a legitimate part of Germany’s national interests, and an adequate political response needs to consider not only security risks, but also economic ones.
It would pay for German and European policymakers to take a closer look at the technology initiatives by telecoms vendors and service providers that are shaping the 5G future in not just Europe, but also across the world.
Instead of rushing to judge business interests as antithetical to good security policy, it would pay for German and European policymakers to take a closer look at the technology initiatives by telecoms vendors and service providers that are shaping the 5G future in not just Europe, but also across the world. The telecoms industry has been the main force driving the 5G evolution and understanding these industrial trends and initiatives are crucial to government’s ability to both positively engage businesses and encourage and assist processes and to effectively regulate their behavior, which together will ultimately lead to greater network security.
For instance, Nokia, Ericsson, and Deutsche Telekom joined other major global telecoms operators, equipment vendors, and internet service providers to form the Open Radio Access Network Alliance (O-RAN) that is pushing for open interfaces that enable a more competitive supplier ecosystem and advocating open source software and hardware reference designs. This approach would maximize the use of common off-the-shelf hardware and merchant silicon and minimizing proprietary hardware. The open nature of this platform makes it easier for governments to conduct network risk assessment and push for industry-wide security standards and good practices and it’s already gaining global momentum. Notably, Huawei has resisted joining the alliance and insisted on the use of its proprietary hardware and software. On the one hand, the O-RAN alliance companies collectively present an open, software-driven alternative to the closed interfaces of the big three equipment vendors, enabling both healthy competition and risk diversification. On the other hand, protectionism could deal a big blow to the ambitions of the alliance, entrenching governments in the difficult dilemma of endorsing a policy of effective tech decoupling. Thus, we need to remind ourselves that businesses are important partners in fostering the organic growth of an overall secure European network ecosystem. It is up to German and other European policymakers to demonstrate that they have the will and a strategic vision to work with the tech industry to their advantage.