Broadband/5G Security, Resilience, Competition, Huawei, Ofcom and Brexit
Fast, reliable Internet access is essential for business competitiveness in a post Brexit world. It is also critical to the rest of modern society. If the fixed and mobile networks of BT/EE, Vodafone, Virgin and their competitors are part of the UK critical national infrastructure, then they are not fit for purpose. Neither is Ofcom if its role is to ensure quality of service and competition in a critical infrastructure utility. Brexit provides the opportunity and pressure to fix both. The Huawei controversy and the Ofcom consultation on its five plan illustrate some of the issues that need to be brought together in a UK “industrial strategy”. I will conclude with a modest six point plan.
The vulnerability of shared infrastructure – beginning with wayleaves and physical routing
Somewhere over 10% of all network outages (including across the EU) are caused by “unplanned excavations. The recent incident when a civil engineering contractor “removed” cables to and from a comms hub serving the SW London operations of Virgin, Vodafone and Sky, including the local hospital, is a recent example. Do read the comments to the Register and also those on Reddit They cover the need for multiple routings, the vulnerability of cables alongside or under roads, the consequences of the lack of accurate lack maps of underground utilities and the common failure to do any investigation, let alone use ground survey radar before digging. Hence also the need to use HEA accredited contractors and staff.
No major private sector business would be content with less than three routings but ensuring they do not pass through a single point of failure further down the network is not easy. Those at BT who assured MoD that its sites in the North West were serviced by half a dozen separate cables following different routes, were apparently themselves unaware that the routes all passed through a single bomb-proof tunnel under Manchester until overheating caused a fire in that tunnel.
A similar incident during roadworks on the M11 some years ago severed the cables of 15 network operators sharing a single duct. Cambridge would have been cut off from the Internet but for cables from Birmingham and across the North Sea. Meanwhile the wipe-out of mobile communications during the Australian bush fires illustrates the value of including satellite back-up (as does at least one US supermarket chain, with dishes on every store).
Sharing ducts, poles and exchanges increases vulnerability
The pressure from Ofcom and others to encourage the re-use of BT ducts and poles (Passive Infrastructure Access) to reduce the cost of rolling out full fibre broadband, including back haul to 4 and 5G masts, will increase that vulnerability. So too will switching off the analogue lines which service the telemetry of much our other critical infrastructure utilities (e.g. water) as well as the domestic alarm and alert systems used by many of those receiving home care. The 2025 target is driven by break clauses in the sale and leaseback deals BT did in 2001 to help fund its dash for growth, before local loop unbundling destroyed both business case and share price.
Meanwhile Ofcom is trying to regulate a future in which change is accelerating
The way the Ofcom regulates the industry compounds the problems of providing sutaibable and seamless security and resilience for converging services. Much of its regulation is structured by reference to a historic BT architecture and business model, which is not shared by others. Meanwhile its applies cost plus price controls for obsolete technologies in areas where BT has a monopoly. instead of inflation minus (to encourage upgrade to technologies that provide faster more reliable service at lower cost), quality of service and market behaviour.
Then comes the “courageous” attempt to predict markets over the next five years – period when almost everything, from technologies and business models to who owns who, let alone what, appears to be on the cusp of radical change:
- Property developers (incluidng Local Authorities) are increasingly doing bulk deals with network providers which conflict with Ofcom’s policy of blocking service contracts for more than two years – a policy which it is trying to extend from consumers to SMEs.
- BT may, or may not, be broken up within the year by its own shareholders, leaving BT/EE competing with Vodafone/City Fibre as converged network utility operators.
- Amazon and Google may, or may not, enter the back haul market, even if only to secure connectivity to their data centres and major customers. But they might, like Orange, fancy themselves as fully converged, not just OTT, operators.
- 5G may or may not take-off at a speed akin to that which is beginning to happen in China and Korea and transform the way we access on-line products and services
- and so on
I recently sat in on a meeting to discuss possible responses to the market Ofcom consultation. I came to the personal conclusion that only those with vested interests to preserve or promote would answer anything other than “don’t know” to most of the questions. Also, having done a regulatory economics module under Michael Beesley (at London Business School) and having watched Sir Bryan Carsberg at work when the pace of change was very much slower (and I was one of those trying to predict its direction and packege), I wondered “Why would a regulator wish to spend time on such an exercise in futility?” Given the other challenges and changes that Ofcom will face over the year ahead, none of the possible answers appears valid.
Sustainable security and resilience demand diversity of both technology and supplier
The controversy over the scale and nature of BT’s procurement from its lowest price supplier, Huawei , illustrates another dimension of weakness. The need to avoid reliance on a single technology and/or architecture from a single supplier is at least as important as the ownership of the supplier and whether their equipment contains backdoors of which our security services are not aware. The EU believes that Europe holds half the current patents on 5G technology. But patents did not protect Nortel. And Ericsson and Nokia do not have the market muscle of Huawei. Hence the EU’s protectionist policy . The EU is unlikely to achieve its objectives without a requirement for multi-source/multi-technology procurement on the part of those bidding for public sector contracts.
This does not to fit easily readily with current UK interpretations of the EU sector procurement directives. This is an area where the Brexit negotiations should enable the UK to adopt a rather simpler solution, while being seen to better meet objectives which we share with our European neighbours. Given that so much of the Ericsson’s R&D is based in the UK while so much of that of NOKIA comes out of Bell Labs in New Jersey, this should also helps met our own industrial strategy objectives and those of the US, while securing freedom of choice into the future.
And secure inter-operability between different technologies, product ranges and network services
The RUSI article (Huawei not all the way ) includes a timely reminder that while GCHQ has found serious flaws in Huawei processes and technology, it would be wrong to assume that its competitors are any better. The expertise acquired by the UK as a resulting of auditing Huawei puts the UK in a unique position to lead the rest of the world when it comes to hosting research into secure, real-time inter-operability between rival networks using different technologies.
The Americans do not trust the Chinese. The Chinese cannot trust the EU . The Europeans have learned that they cannot trust the Japanese to accept common “continental” business practice . And the Japanese cannot accept those practices, which is why they base most of their EU operations in the UK. Then there is the triangle of high tech rivalry between Japan, Korea and China. It is probable that no other country could host the group that came together to produce the Future Communications Challenges Report
Common cloud services and single sourced clouds as a point of vulnerability
It is not just vulnerability to dominant suppliers of the network technologies that needs to be avoided. There are the dominant suppliers of “over the top” services like Amazon, Facebook and Google and their extensions into neighbouring markets, e.g. Backhaul and Cloud. There is a need to multi-source cloud services, including to avoid being held to ransom. At least one provider has acquired a reputation for giving fast growing customers a choice of throttled service or take-over
The hidden single points of addressing and peering failure or “compromise” within the Internet
The very structure of the Internet is in even more than usual flux. Its supposed structure of multiple routings which some believe could protect communications in the event of World War 3, regularly fails quite large groups of users, including because Governments or regulators cut power to the peering centres which serve them. In reality the any to any structure conceals a de facto tangle of single points of failure, many because organisations of whom most of us have heard, have come to acquire dominant positions in supposedly competitive markets.
The current controversy over the attempt by a consortium of US venture capitalists to purchase the Public Interest Registry from the Internet Society, with Goldman Sachs acting as advisors and the attempt by others to get ICANN to block the sale, has revealed the confusion over Internet Governance structures which enables players to acquire niche monopolies in unexpected areas. I have been asked to say no more on this topic lest I give ideas to those who want to further exploit the weaknesses instead of remove them.
I used to say that those wanting to sort out the situation should join ISOC. Nominet or the UK Internet Governance Forum. I now know that is not a sufficient answer. Just because the latest attempt by the United Nations to sort out Internet Governance is led by China and Russia who also wish to use the ITU to break US domination of the Internet does not mean it is not a good idea.
So how could/should we use the opportunity of Brexit to enable the UK to become a location of choice?
My modest six point plan is
1 Revisit the priorities of Ofcom.
Ofcom has come to behave as a subsidiary of a pan-EU regulatory regulatory college, BEREC, at one remove from democratic accountability, whether via Minister, Parliament or Commission. As part of the Brexit process it needs to be refocused on UK priorities, as set by the Secretary of State as per the Communications Act 2003. The priorities need to reflect a world, in which the direction of change, technology, business models and market needs are impossible to forecast more than a couple of years in two advance and the economic prosperity of the UK depends in large part on acting as an online bridge between the EU and the rest of the world.
That may well entail building on what BEREC has achieved to date and taking an active, but voluntary, forward role in supporting (and funding) its work. We should not, however, shadow its policies. Instead we should adopt best practice ahead of what can be agreed across all member states. That is particularly so when it comes to mandating improvements to quality of service, including response to on-line harms.
2 Support the “voluntary” mapping of critical infrastructure (including comms), hosted by Ordnance Survey.
All those bidding for public contracts or funding should be required to make digital copies of their infrastructure maps available via a shared service, hosted by Ordnance Survey. This would, inter alia:
- help those building and maintaining networks (or other construction/maintenance work) to avoid “incidents”
- facilitate an open market in network components (from wayleaves, ducts and masts to fibres and switches)
- enable customers to be assured (by security cleared third parties) that critical services can bypass single points of failure.
3 Mandate multi-sourcing (supplier, routings, technology etc.) for critical public sector applications (e.g. hospitals and emergency services)
This may be necessary to avoid being caught by public sector procurement requirements to accept a lowest price, single tender. If so there will also be a need to prpvide planning/procurement support services (perhaps linked to 2 above) for others (e.g. schools and local government) without the necessary in-house expertise to organize local back up if they cannot satisfactorily multi-source – as may be the case in rural areas.
4 Fund the National Physical Laboratory to become “the” global hub/repository for information on secure inter-operability
While the UK still has considerable strength in communications R&D, including 5G and beyond, our budgets are dwarved by those of others, except when supplemented by partners from around the world (not just the EU). More-over we are already a location of choice for networking events and information services for researchers, planners and policy makers from around the world. We need to recognise and exploit that position using a “neutral” service operation which does not compete with its guests.
NPL is arguably in a unique position to fulfil that role, leaving the relevant UK centres of research free to partner with others to address particular problems. The “service” should include generous hospitality budgets and subsidised access for those paying taxes in the UK.
5 Expedite planning permission for brown field construction industry training sites
There is an urgent needs to enable short course providers to train and accredit (to HEA and other relevant standards) those building and maintaining full fibre networks – as well as those who might otherwise “remove” sections of critical communications infrastructure.
6 Support recruitment and short course, modular hands-on training programmes for physically fit unacademic youngsters
We face a major shortage of relevent construction skills but these can often be rapidly acquired by those excluded from school, and thus most career paths, because of behavioural problems. Some of these result from neurodiverse talents such as the three dimensional IQ associated with forms of dyslexia. The governments ambitious infrastructure construction objectives mean that such indivuduals may earn far more, (including over their lifetimes, if their skills are kept up to date to handle the waves of technology change), than most conventionally academic graduates.