At its “traditional MWC curtain raiser press conference”, Ericsson’s CEO Borje Ekholm was having it both ways on Huawei and national security issues. It’s not up to us to comment, he said, on what governments deem necessary for national security. We’ll do what we are told and willingly.
Meanwhile he made it plain that Ericsson would indeed like to comment on one proposed mechanism that could potentially clear the way for Huawei. He said that the idea of having a security test centre or lab that tested vendors’ software security post-development wouldn’t work. That’s because operators are moving to a continuous integration model that sees software be nearly constantly updated, and it would be onerous to include an external security check as part of that.
He also implicitly criticised those who have said that uncertainty over the Huawei situation could cause delay to 5G in Europe. The real delays to 5G in Europe, he said in a remark that exactly mirrored that of his Nokia CEO counterpart at Nokia’s “traditional MWC curtain raiser press conference” the afternoon before, have been caused by expensive spectrum, unclear spectrum allocation processes and heavy regulation.
5G technology is available to European operators if they want it so uncertainty over Huawei can’t of itself be the reason for any delay, both CEOs said – ignoring the fact that it’s a bit more complicated than that for any operator that has a Huawei LTE RAN. That aside, the other problem with this view is that a month ago one of those who publicly bemoaned that uncertainty of the Huawei situation was creating issues for “the investment climate” was, er, Mr Ekholm.
So we don’t comment on security, except when we do; and although we do think that the Huawei situation is causing investment uncertainty, it is not delaying 5G in Europe.
Testing software without “delaying innovation”
In any case, in theory you could align external security testing with the sort of network devops, CI/CD, model that Ericsson says would be stymied by external testing and “delay innovation”. After all, the test cycle is part of the acceptance loop of deploying new software.
As part of the increasing demand for automated operations that enable cloud-based functions via a closed loop operations model, some test companies are developing active test software agents in the network that are instructed (and this process can be automated to a large degree) to monitor the ongoing health of a network and the services running over it.
Another role of these agents is to carry out certain tests to certify and assure new updates and software deployments. Stephen Douglas, head of 5G at test company Spirent, told TMN that such a set-up could work to help national governments assure the security credentials of network infrastructure. An external body – such as a regulator or government lab – could define the test cases that would then keep track of any software updates any vendor pushes out into the network.
“The active test agents are in the network, and the test agents could be managed from the central repository run by the regulator or by the government – stating these are the security tests that have to be run,” Douglas said. Any failures could then be communicated to the vendors and operators to go ahead and fix. This shifts responsibility for security back to the operators, whilst keeping them aligned with national security demands and requirements.
That’s sure to be very good news for Mr Ekholm who, after all, only wants an end to the uncertainty.