By banning Huawei, ZTE won’t address all 5G security vulnerabilities, experts warn – National

By banning Huawei, ZTE won’t address all 5G security vulnerabilities, experts warn – National

Canada needs to focus much more on boosting the defense of its 5G wireless network after banning Huawei and ZTE, experts warn, as the country lags far behind in cybersecurity.

Thursday’s announcement that Canada would exclude Chinese telecoms giants from the grid came with the promise of swift legislation to protect critical infrastructure from cyberattacks. That legislation must come with prospective regulations and actions that the bans don’t address, the researchers say.

“Simply removing Huawei will not fix everything,” said Christopher Parsons, a cybersecurity researcher at the University of Toronto’s Citizens Lab.

“It will certainly address certain types of concerns … but it will not address that broader spectrum of threats that are real or emerging.”

Read more:

Trudeau says Huawei 5G ban will keep Canadians ‘safe in the future’

Story continues below ad

While 5G has been touted as more secure, the networks are made up of many more connection points and devices than previous networks, including the now-standard 4G.

That has experts, including Tom Wheeler, former chairman of the US Federal Communications Commission and champion of 5G. caveat that technology has more opportunities for nefarious actors to take advantage of.

The network also runs through software rather than centralized hardware, making it difficult to maintain security controls at critical points.

Click to play video: 'Trudeau defends Huawei 5G ban, acknowledges potential challenges to trade with China'

Trudeau defends Huawei 5G ban, acknowledges potential challenges to trade with China

Trudeau defends Huawei 5G ban, acknowledges potential challenges to trade with China

Parsons says that many of the security standards that exist for 5G are currently optional, not mandatory, for private telcos to install, making the need for more regulation and incentives crucial.

“To date, the government has not at least said that these elements of the standards should be adopted or integrated,” he said.

Story continues below ad

“At the same time, there is concern that we may not see full activation of those properties because they may increase the challenge in running the network. … There is usually an impetus to remove that complexity, which can also slightly reduce costs, and one way to do that is to make those controls optional.”

Currently, much of Canada’s existing 5G network has been built as an extension of the existing 4G network, and Parsons estimates that it may still be years before 5G is independent across the country.

He says the government needs to use that time to work with cybersecurity researchers to identify emerging threats to 5G that may not yet be known.

Read more:

Huawei 5G ban could be costly for Canadian consumers and smaller telcos

Prime Minister Justin Trudeau said Friday that his government is working closely with large financial institutions and other businesses across the country to protect vital networks from malicious attackers.

The Liberal government made it clear this week that the long-awaited decision to ban Huawei and ZTE is just a first step in an era of perpetual cyberattacks, ransomware operations, and state-sponsored efforts by criminal hackers and gamers to steal information or sabotage key infrastructure. .

Public Security Minister Marco Mendicino said Thursday that the government will present legislation to protect critical infrastructure in the finance, telecommunications, energy and transportation sectors.

Story continues below ad

In addition, Mendicino’s mandate letter from the prime minister directs him to expand efforts to screen security risks in foreign research and investment partnerships, in part by increasing the resources of the RCMP and the security agency for this purpose.

Click to play video: 'Canada bans China's Huawei and ZTE from using 5G networks'

Canada bans China’s Huawei and ZTE from 5G networks

Canada bans China’s Huawei and ZTE from 5G networks

Prime Minister Justin Trudeau on Friday reiterated his government’s commitment to “do more” to protect critical industries.

The latest federal budget allocates $875 million over five years, and $238.2 million ongoing, for cybersecurity measures that include programs in the Communications Security Establishment, Canada’s electronic espionage service, as well as stronger protection for small federal departments, agencies and corporations of the Crown.

Fen Hampson, a professor of international affairs at Carleton University, told the Canadian Press that Canada “needs to do a lot more” to help protect the “hidden wiring” of the economy, much of which is in private hands.

Story continues below ad

“I think the short answer is no,” he said when asked if Canada is prepared for a major cyberattack. “I mean, yeah, we’re getting better at it. But it’s not just about being able to thwart and deter those attacks, but how resilient are we?

The Communications Security Establishment (CSE) said in December that more than half of Canadian ransomware victims last year were in critical sectors such as healthcare, energy and manufacturing.

Click to play video: 'Canada formally bans China's Huawei and ZTE from 5G networks: Minister Champagne'

Canada formally bans China’s Huawei and ZTE from 5G networks: Minister Champagne

Canada formally bans China’s Huawei and ZTE from 5G networks: Minister Champagne

Ransomware attacks rose 151 percent during the first year of the COVID-19 pandemic, the cybersecurity agency said in a report, as remote work soared and critical operations went virtual.

The average cost of recovering from such attacks rose even more dramatically: from $970,000 in 2020 to $2.3 million in 2021, the agency said.

Story continues below ad

Parsons is hopeful that upcoming government legislation to address these concerns will include incentives to help companies improve their security protocols, warning that the cost of locking them out of their networks will be much higher.

He also wants to make sure any bill is “clean” and not used to create more opportunities for law enforcement to monitor online activity, an area that could also be exploited by nefarious actors.

Above all, he doesn’t want the legislation to target China alone.

“We need to make it clear to China and to the world that Canada is taking a principled approach to security,” he said.

— with Canadian Press archives

© 2022 Global News, a division of Corus Entertainment Inc.

Leave a Comment