Stephan Broszio


5G plus China equals question marks

The EU is pushing for a restriction on the use of Huawei in 5G mobile communications, the German Federal Ministry of the Interior is urgently dealing with so-called "critical 5G components," experts are warning and there are already bans in some European countries. Against this background, people like to imply that Telekom is not acting and has done nothing since the warnings were issued as long as five years ago. What are the facts? 

In view of the security discussion, Deutsche Telekom was the only mobile network operator in Germany to decide as early as 2019 to remove Huawei from its core network. It does not use the second controversial manufacturer, ZTE, anyway. In addition, Telekom already decided at that time to massively push Open RAN (ORAN) in the antenna network and thus achieve open network standards. This makes it possible to use components from different manufacturers. It will increase the diversity of manufacturers and also strengthen European sovereignty with regard to digital mobile communications networks. 

Telekom has named the European producer Nokia and the Japanese producer Fujitsu to Open RAN for the first commercial multi-vendor deployment in Germany from 2023 and the U.S. company Mavenir for Europe. Other suppliers are reaching market maturity. This opens up a different situation in the medium term. Open-RAN is the technology of choice for future mobile networks. Unfortunately, this technology has so far only been actively promoted by the German government and the USA. The EU Commission has so far been largely inactive in this field. 

The three major areas of a mobile network

So much in a nutshell. Now the invitation to go a little deeper. To do this, it is important to understand the mobile communications network. A mobile communications network consists of thousands of antenna sites. This is the radio-based access network, or RAN. The antennas are the interface to the customers' terminal equipment. Their base stations contain control logics for allocating the available transmission capacities to different mobile subscribers as well as for ensuring the quality of service, for example, by regulating the transmission power, the alignment of antennas and other quality parameters. Beyond these configurations, no services are created or data modified in today's antenna networks.

From the RAN, the data goes to the transport and aggregation network, which combines the data streams and forwards them to the core network. The core network contains the control elements of the mobile network. This is where the data processing takes place. This is where the safety-critical components are located. Because of its clearly defined and limited performance characteristics and its geographic distribution, the RAN is classified as less critical and of lower priority in terms of safety. The same applies to the transport and aggregation network. The core network, on the other hand, plays a very relevant and definitely security-critical role due to the services and network functions controlled here and its central, exposed location.  

In general, Deutsche Telekom has long relied on a multi-vendor strategy for its technology purchases. This means that we buy from different manufacturers for each part of the mobile communications networks. These include big names like Cisco, Juniper, Nokia, Ericsson and Huawei, but also smaller providers. Telekom has already listed in 2020 that for its European Telekom subsidiaries, including Germany, 30 percent of their technology purchases are from American manufacturers and 25 percent each from European and Chinese manufacturers. The remaining percentages are accounted for by Asian or small local providers.

Little choice of suppliers in the antenna network

In the antenna network (RAN), Telekom primarily uses the two existing suppliers Ericsson and Huawei - because the supplier decision for 4G also meant the decision for 5G manufacturers. Why? Here, too, a brief technical explanation: in the past, each mobile communications generation required separate transmitting and receiving equipment in the RAN. Single-RAN (S-RAN), however, allowed the construction of antennas in which the different mobile communications generations (2G/3G/4G) are bundled, starting in 2015. Only these compressed S-RAN systems enabled European mobile operators to comprehensively and rapidly roll out the high-speed data networks in Europe due to their higher efficiency combined with smaller size and weight. Without the use of S-RAN, network operators would have had to build veritable "antenna forests" in inner cities, for example, in order to keep up with the growing demands for data volumes.

5G could simply be placed on top of these S-RAN systems and the 5G network rollout could be implemented correspondingly quickly. However, S-RAN-based cellular base stations consist of vendor-specific combinations of hardware and software. They are inseparable and not interchangeable with components from other manufacturers. In this regard, the market is dominated by three companies: Ericsson, Huawei and Nokia. Since S-RAN cannot be exchanged on a modular basis, changing of components of a vendor means the entire technology at the site must be removed and replaced. This then affects not only the 5G network, but also the predecessor technologies. Accordingly, a change of manufacturer becomes lengthy and expensive. 

RAN management and software updates 

The systems for network management (RAN management), are completely separated from the Internet and Deutsche Telekom's office communications networks in their own high-security network and are completely inaccessible from the outside. Only a few specially cleared employees have access to this network. 

In general, remote access for maintenance work by manufacturers is only granted by Deutsche Telekom on a case-by-case basis for a limited period of time and with restrictions, and the work steps are monitored. There is no direct access for manufacturers. 

Software components are stored in a geo-redundant manner at several locations and are subjected to extensive security tests before being used in the administration network. The same applies to software updates. No update is installed in live systems unless it has first been extensively tested for functionality and security in the test system. After successful testing, a step-by-step roll-out takes place in the network. Initially, only small areas are updated. Further areas are then updated step by step. The installation process itself also includes the possibility of rolling back to the previous software version at any time and that this work is only carried out by authorized employees of the network operator. This ensures that no manufacturer can carry out an unauthorized update of systems. There are also numerous supplementary security measures that we do not disclose for security reasons, such as active monitoring of the systems concerned.

Further protection of the critical infrastructure 

As an operator of a critical infrastructure, Telekom works in close cooperation with the relevant ministries and authorities in Germany. We comply very strictly with all legal requirements. In addition, we generally test mobile communications components before installation and during operation. We use components classified as "critical 5G mobile components" under the IT Security Act 2.0 following our own testing as well as testing and approval by the BMI and subordinate authorities. There have been no complaints to date. We also maintain a comprehensive security concept. A qualified catalog of security measures, configuration specifications and test methods ensures a high level of security, which experts describe as one of the strictest sets of rules in the world.

As an operator of a critical infrastructure, we also have a duty of care to ensure the secure and trouble-free operation of our networks. Not least the Covid pandemic from 2020 to 2022 showed how important telecommunications networks are. Work such as network modernization should be carried out in such a way that customers are not affected or are affected as little as possible. And from experts' point of view, it also means that a network operator should not significantly reduce the performance of an existing, functioning infrastructure without known acute security problems and without a corresponding clear legal situation. 

Depending on the general conditions, a short-term dismantling based on existing technology could prevent the further expansion of mobile communications networks for years, as all resources, especially specialist personnel, would be needed for the upgrade. It would be costly in any case. In addition, it is questionable whether alternative manufacturers would be able to deliver in the short term. Depending on the dismantling scenario, the quality of supply could drop significantly over a longer period. For this reason, we are increasingly relying on the path already described with Open RAN in order to find a sustainable solution to the currently hotly debated mobile communications issues.