Are we doing well on 5G in Italy? Not so much: now we underestimate some hidden costs, especially in terms of network security. And we will be able to regret it bitterly, unlike other countries that have taken clearer positions. The possible costs between the obvious and the “hidden” costs deriving from problems in using the 5G network in Italy are 16 billion euros. This is the estimate made by Cefriel, a digital innovation center founded by the Politecnico di Milano, as part of a study conducted by a multidisciplinary team of researchers from France, Germany, Italy and Portugal, led by the German Brandenburg Institute for Society and Security (BIGS ) and funded by the US State Department. The objective of the analysis is to evaluate the hidden costs that arise over time in 5G networks when technologies from so-called unreliable suppliers are used and to carry out a comparative analysis of the situation in individual countries. Italy too is facing the complex “5G issue” in all its implications, from opportunities to critical issues in terms of security.
The question of “unreliable suppliers” is closely linked to relations between Italy and China; between Italian operators and Huawei, Zte.
As Enrico Frumento, Cefriel’s Cybersecurity Senior Specialist explains, “Chinese suppliers are still considered not entirely reliable. And it is a deeply felt problem in Italy, where these suppliers make up the bulk of the 4G network; we take into account that 5G in the first phase is based on 4G network “.
The Italian market gives reduced profit margins to operators, who are therefore strongly pushed into the arms of Chinese suppliers, characterized by lower prices.
But a few days ago Tim formalized the exclusion of Huawei from the 5G network, in favor of Nokia and Ericsson. Many suspect that the pressure US President Joe Biden, like his predecessor, is putting on allies to exclude Chinese suppliers, which he considers a threat to national security, weighs heavily. The laws of the Chinese government are mentioned which would oblige any company to share the data collected with the Beijing intelligence; even though Huawei has always opposed these accusations.
“In addition to the obvious costs arising in the event that a 5G network, considered a supercritical structure, is compromised – explains Enrico Frumento, Cybersecurity Senior Specialist at Cefriel – there are also less visible or ‘hidden’ costs that arise when confidentiality and integrity of the network and its data are compromised. These costs are considered ‘hidden’ because they become evident only later in time (life cycle costs), or because they are incurred by people or institutions other than those who have planned the architecture of the 5G network, the risks associated with unreliable suppliers discussed and accepted “.
The study found that governments, companies and companies expect a high degree of reliability of 5G networks, considered supercritical infrastructures. The reliability criteria that are being defined include, in addition to the technological part, full compliance with the laws and regulations of the country to which the technology is supplied, and complete transparency in terms of political independence. According to the study, the factors to be considered to assess the entire amount of costs can be of various types.
“There are two elements to consider,” says Danilo Bruschi, professor at the University of Milan and one of the fathers of Italian cybersecurity. “On the one hand, 5G is an inherently more vulnerable network, having a strong software component, which serves to develop new services and business,” he says. “On the other hand, there is the suspicion of spies from unreliable suppliers; a prospect to be carefully analyzed, even if this risk could be exploited by the US and Europe to take market share from China to the advantage of Western suppliers” , keep it going.
The Cefriel study goes into detail on costs.
There are those of the National Evaluation and Certification Center. The recent legislation linked to the National Cyber Security Perimeter provides for the creation of a National Assessment and Certification Center, whose purpose extends beyond the problems of 5G. In the case of 5G networks, its mission is to identify and evaluate any bugs of malicious origin, present for example in the periodic software updates of the devices of a 5G network. It is estimated that this center could have a cost of 40 million euros per year. There is a cost of “redundant critical infrastructure and civil protection”. According to the study, the presence of unreliable providers in a future 5G telecommunications network could force the government to invest in a fully state-controlled redundant infrastructure for certain categories of services. In the case of critical infrastructures such as civil protection, the cost estimate would be around 700 million euros, considering the current state of development of 5G in this specific sector.
Finally, costs of shifting demand. Cefriel estimates that, in the event of a critical situation, more than half of the Italian market of intellectual property-intensive industries, worth around € 1.34 billion, could move towards networks operated by reliable technologies. In 2020, the Italian market (31.58 billion euros) is less than half the size of the German one, with only a slightly higher percentage of revenue generated by mobile telecommunications services (47.41% compared to 43.97% of Germany) and a lower percentage of business users (18%) of total revenue.
Costs for data breaches. The projection of the annual costs for a breach of sensitive data on the 5G network, according to a conservative estimate, amounts to approximately 580 million euros for 2024. This relatively low value is due to the fact that data breaches occurring on unreliable 5G networks, considering technology penetration estimates (approximately 8.9% of total capacity by 2024), will represent a low percentage of the total. of violations in Italy. Considering instead a second hypothesis, which is based on a greater penetration of unreliable 5G networks, the study estimates that the costs could rise up to 8.5 billion euros.
Add to this the costs of adopting unreliable suppliers that arise when their devices are used to sabotage an entire economy. As Cefriel writes, this scenario certainly represents the worst possible situation and its effect on Italian GDP, due to the expected pervasiveness of the 5G infrastructure (once fully implemented), could be comparable to that deriving from general strikes lasting a few days or a total lock-down during a pandemic. Taking as a reference the Italian GDP of 2019 equal to 2,450 billion euros, an interruption of the production cycle of only three days would translate into an absolute amount of 5.25 billion euros, without considering further cascading effects (such as the costs of a possible Rip & Replace action carried out in an emergency, post-accident). The estimate – say the authors of the study – is to be considered optimistic, being in general, almost impossible to be able to completely restore a network of such complexity in just three days.
Faced with these problems, there are the great opportunities associated with the 5G network, in the order of billions of euros. The new technology enables advanced and pervasive services and uses, at the level of companies and entire cities. A few days ago, the first Agcom survey was launched on the specialized services permitted in the company with the 5G frequencies.
Italy then, with the new government, wants to focus a lot on 5G: it is the only one to aim, with the PNRR, at the goal of total coverage of the territory by 2026. The PNRR also announces simplifications for the installation of antennas.
Among the solutions to the dilemma, Cefriel invokes the need for a broader and more structured debate, to decide how to deal with the issue without the ambiguities that have so far characterized the Italian approach. The UK and Sweden have taken strong stances against Chinese suppliers. Germany, one of the most reluctant to do so so far, passed a law at the end of April that allows the government to exclude unreliable suppliers.
And there are also those, among academics, such as Marco Mayer (professor at Luiss and historian expert in matters related to intelligence), an Italian black list of unreliable suppliers for telecommunications networks. Where the Chinese ones are included immediately.
.