StrandConsult Analysis: European Commission second 5G Cybersecurity Toolbox report

by John Strand, StandConsult (edited by Alan J Weissberger)

European Commissioner Thierry Breton presented the European Commission’s plan for banning High-Risk Suppliers like Huawei and ZTE from European telecommunications networks.  Here is the first portion:

The security of 5G networks is essential. They are critical infrastructures in their own right and for other sectors that depend on them, such as energy, transport, health and finance.

This is why, in January 2020, the EU unanimously adopted a toolbox on the security of 5G networks. The “5G cybersecurity toolbox” defined the risks and the measures to be taken by Member States and telecoms operators to address them.

In particular, it recommended that the use of equipment in the core and access (RAN) parts of the networks should be restricted or prohibited for entities considered to be “high-risk suppliers”, notably because they are subject to highly intrusive third-country laws on national intelligence and data security.

3 years on, almost all Member States have transposed the toolkit’s recommendations into their national law. In other words, they can now decide to restrict or exclude suppliers on the basis of security risk analysis. But to date, only 10 of them have used these prerogatives to restrict or exclude high-risk vendors.


The Commission also released a status report on “Member States’ Progress in implementing the EU Toolbox on 5G Cybersecurity.”

Breton’s message is that the member must move more quickly to implement the 5G toolbox.

Image Credit:  European Union

Here are Breton’s key points with Strand Consult’s assessment (SC):

  1. All EU member states are committed to implementing the EU´s 5G Toolbox. To date, 24 Member States have adopted or are preparing legislative measures giving national authorities the powers to perform an assessment of suppliers and issue restrictions.
    • SC: This means that all EU countries support the 5G Toolbox, the implement of which will work to remove Huawei and ZTE from European networks.
  2. 10 Member States have imposed such restrictions, and an additional 3 Member States have relevant national legislation underway.
  3. The Commission considers that decisions adopted by Member States to restrict or exclude Huawei and ZTE from 5G networks are justified and compliant with the 5G Toolbox.
  4. The Commission will take measures to avoid conducting its official communications via mobile networks built with Huawei and ZTE equipment.
  5. The Commission also intends to reflect this decision in all relevant EU funding programs and instruments.
    • SC: The EU will further restrict grants, subsidies, and financing to European entities which use Huawei and ZTE equipment. This will have consequences for rural EU operators which receive EU money and recipients of European Investment Bank (EIB) loans.

Strand Consult is not surprised by today’s announcements. They are consistent with the security analyses and recommendations Strand Consult has published for years.

Some EU countries and operators will find it difficult to implement the EU’s new security and procurement policy. However Strand Consult believes that it is good business for an operator communication that it takes security seriously and backs it up with a clean network free of Huawei and ZTE equipment.

Strand Consult predicts that Huawei will make the road ahead difficult and will attempt to sabotage the European Commission’s efforts. Nations and operators should prepare for pushback by reading Strand Consult’s reports on Huawei’s tactics. Moreover, non-Chinese employees will likely find that working for Huawei has reputational risks.

How foreign network equipment is treated in China.

The foundation of any economy, be it the EU, the US or China, is national security. Some may find the EU approach tough, but it pales in comparison the blockade that China has imposed on foreign technology providers for years.

China restricts these technologies for ideological and economic reasons. Most people take for granted that the websites and media they access everyday are not available in China. These foreign technologies and their operators have been denied access to the world’s single largest online market, hundreds of millions of internet users, and a multi-trillion-dollar opportunity. Moreover, the Chinese people are denied to freedom to engage on an open internet.

Building upon censorship frameworks in traditional media which had been in place for decades in China, its State Council adopted rules and regulations to control internet traffic beginning in 1996.

The media focuses mainly on US and EU network security and associated vendor policies. However few if any investigate the rules in China.

A detailed review is available from White & Chase, February 2022. In general, China’s rules are significantly more rigid than those of the US and EU. These rules do not entail the same process and transparency which are standard and expected in the West.

The New Measures list the following main factors for assessing national security risk during cybersecurity review.

  • The risk of any critical information infrastructure being illegally controlled, tampered with or sabotaged after any product or service is used.
  • The risk of an interruption in the supply of any product or service endangering the continuity of any critical information infrastructure.
  • The security, openness, transparency, diversity of sources and reliability of any supply channel of any product or service, and the risk of its supply being interrupted due to political, diplomatic, trade or other factors.
  • The compliance of the provider of any product or service with the laws, administrative regulations, and departmental rules of China.
  • The risk of any core data, important data or a large amount of personal information being stolen, leaked, destroyed, illegally used, or illegally transferred abroad.
  • The risk of any critical information infrastructure, core data, important data, or a large amount of personal information being affected, controlled, or maliciously used by foreign governments, as well as any network information security risk.
  • Any other factor that may endanger the security of any critical information infrastructure, network security or data security.

The effect of these rules is to limit foreign providers from the market from the start and to favor Chinese providers.

While the media sensationalizes cases like Huawei and TikTok, these pale in comparison to the systematic restriction undertaken by China against foreign technology for the last 20 years. Moreover, Chinese technology companies enjoy more freedom abroad than foreign technologies do in China.


Technological and informational control and restriction are widely practiced across China. This fulfills many political, social, cultural, economic, and religious objectives for the PRC,and is practiced by the government, corporations, and individual themselves. It has increased under General Secretary Xi. This Censorship is coupled with pervasive surveillance of people. Meanwhile PRC has attempted to export this “new world media order.”

Strand Consult addresses Chinas restrictions in its 2020 report You Are Not Welcome: An Analysis of Thousands Foreign Technology Companies Blocked by China Since 1996. It describes how and why China has systematically restricted thousands of foreign internet technologies like online news and media outlets, social media platforms, virtual private networks, content delivery networks, mobile applications, telecommunications equipment, cloud services, and other technologies.

With its new 2023 report The Market for 5G RAN in Europe: Share of Chinese and Non-Chinese Vendors in 31 European Countries, Strand Consult brings valuable evidence of the location, amount, and share of Chinese and non-Chinese equipment in European telecom networks. This report, the second of its kind, describes the respective amounts of 5G equipment from Huawei, ZTE, and non-Chinese vendors in European mobile networks and the share of such in equipment in the 5G Radio Access Network (RAN).


StrandConsult: 2022 Year in Review & 2023 Outlook for Telecom Industry

IEEE ComSoc/SCU SoE March 22, 2022 event: OpenRAN and Private 5G – New Opportunities and Challenges.  Video:

Strand Consult: Open RAN hype vs reality leaves many questions unanswered

O-RAN Alliance tries to allay concerns; Strand Consult disagrees!


StrandConsult: 2022 Year in Review & 2023 Outlook for Telecom Industry

Selected Comments by John Strand, CEO of StrandConsult:


While we can fault the Chinese government for its authoritarian ways, it deserves credit for allocating the right radio spectrum frequencies to its best technological use in the case of 5G. Simply put, if you want to deploy 5G, you need mid-band spectrum in the 2.6-6 GHz range, the frequencies which maximize data transmission across distance. This is nothing more than basic physics and technocratic management, but US policymakers are failing on this front.

As of this writing the US Congress still has not reauthorized the auction authority of the Federal Communications Commission (FCC). To align the incentives and economics to best serve Americans, the FCC should have perpetual auction authority. Today the FCC only received a 3-month extension, which expire in March 2023!.

It’s hard to contemplate a modern nation being so irresponsible. We are talking about the ability of the US government to raise hundreds of billions of dollars being put on ice because the Defense Department can’t modernize. Simply put, the US military lost its spectrum edge by waging wars with non-peers for two decades. Instead of upgrading to the most spectrally-efficient tools on the appropriate frequency, the Pentagon is entrenched with bloated legacy systems on the mid-band beachfront with 12 times the spectrum that’s available for 5G.

It is remarkable that the US has achieved such incredible wireless success to date with the limited access to frequencies. But to compete with China in the future, the US will need a more aggressive approach to making mid-band spectrum available for exclusive licensed use. China has not been so foolish to squander its spectrum resources. It just unveiled a high-power, low-frequency P-band (216-450 MHz) satellite-hunting radar, reported to detect and track low-orbiting satellites and functions around the clock in all weather conditions. Observers dubbed it the “Anti-Starlink” system.

Broadband fair cost recovery:

As countries look at their populations and those who suffer a lack of digital equity, particularly people of color, low-income, and the elderly, they will see that the traditional concept of universal service should come to an end. Taxing broadband subscriptions for the sake of raising money for infrastructure does not scale when it comes to closing the digital divide for the poor.

Making the cost of broadband higher for end users undermines its affordability for the digital poor and disenfranchised. Countries will increasingly look at Big Tech to foot the bill for the unrecovered costs they impose on networks. Closing the digital divide globally and getting some 3 billion people online for the first time are also the goals of the International Telecommunications, now led by a woman for the first time in its history.

South Korea, the world’s #1 broadband nation, has long recognized that content providers have a financial responsibility to ensure the quality and delivery of their data and has had operated a cost recovery regime since 2016.  South Korea enjoys the highest adoption of FTTH (86%) and 5G (47%) in part because end users are not forced to bear the full burden of the cost of broadband.

Indeed, Google’s gambit to undermine the policy effort of good faith negotiation for cost recovery backfired. It is a bad look for a company which is the single largest source of traffic in South Korea hijacking the democratic process.

Google Korea launched a series of Google ads against a Korean Assembly bill and enjoined South Korean YouTubers to join. Asia-Pacific Vice President for YouTube Gautam Anand warned that the bill would “penalize the companies that provide the content, and the creators who share a living with them.” Some 265,000 YouTubers signed the petition.

However Google’s lobbying practices came under fire in one Assembly hearing which revealed that South Korea’s leading internet advocacy non-profit OpenNet, which was founded with Google as the sole sponsor, received some $10 million to espouse favorable policy. Lawmakers questioned the relationship for what appeared to be lobbying efforts outside the organization’s remit and an official financial disclosure from the organization that noted a far lower figure than the actual gift from Google.

Big Tech may grumble about not getting to free access to networks, but they are enjoying record profits in the country. Google Korea reported its 2021 sales grew almost a third over the prior year to 292.3 billion won with 88 percent operating profit.

Netflix, another person non grata that enjoys record profits in South Korea, declares that it has “no obligation to pay for or to negotiate for the use of” another’s network. Strand Consult has detailed the Scrooge-worthy saga of Netflix’s litigation against a local broadband provider in Netflix v. SK Broadband. The David and Goliath Battle for Broadband Fair Cost Recovery in South Korea.

In the US, there is bipartisan Congressional support for the FCC to investigate the feasibility of a fair cost recovery regime. With Congress having failed to rein in Big Tech on the antitrust front, fair cost recovery remains one of the few rational, evidence-based methods to address Big Tech’s abuse of market power, namely its perversion of public policy to achieve its corporate goals and the free use of public and private resources.

Economists will have a field day exploring the cost recovery business models:  market-based pay as you go (PAYG), ad taxes, usage fees, USF surcharges and so on. While there is no one size fits all for every country, there is an increasingly recognition that broadband policy must evolve. The prevailing models of broadband access where enshrined when email was the killer app of the internet more than 30 years ago. No one knew that video entertainment would become the key use case and account for 80% of the internet’s traffic. It’s time to update policy to reflect reality.

In 2023, Strand Consult will launch an update to its earlier report Middle Mile Economics: How streaming video entertainment undermines the business model for broadband. The new report describes an investigation of 50 broadband providers in 24 US states. It finds that middle mile costs are growing 2-3 times faster than household broadband revenues, that traffic from Big Tech consumes as much as 90 percent of network capacity, and that few, if any, broadband providers have been able to monetize the increase in video streaming entertainment traffic in their network.

Metaverse: Second Life 2.0?

Meta (formerly Facebook) calls its Metaverse, “the future of digital connection…moving beyond 2D screens and into immersive experiences in the metaverse, helping create the next evolution of social technology.” It’s all very exciting, the dream (or nightmare) of science-fiction turned into a commercialized reality of being ever closer to people you don’t know in a digital world. The big question is whether it will become a reality or whether it will be a replay of Second Life, which flopped big time.

To test whether the Metaverse will succeed, try innovation expert Clay Christiansen’s milkshake test. The milkshake test attempts to gauge whether a new product or service can become a reliable, affordable substitute. For example, some order a milkshake for breakfast at the fast-food drive though because it is as filling as breakfast (We are not weighing in on the nutrition here!). The milkshake question whether the firm—Meta–can produce a quasi-food beverage (or experience) such that it gets enough users with the right monetization.

For Strand Consult the more interesting questions are whether Meta will pay for the radio spectrum and infrastructure which the asserted “successor” to the mobile network will require. Meta announced a $19.2B investment in the new online world for 2023.  That’s about half of the capex that the world’s mobile operators spend on RAN in a good year.

Few of the people gushing about the marvels of the Metaverse have stopped to think what it would cost, along with the other proposed online “verses”.  If you are concerned about online streaming video entertainment consuming as much as 90 percent of internet bandwidth today, how will it be for broadband providers to recover costs when even more data to be pumped into networks? How will such a broadband subscription be price in today’s framework? Is it such that users are asking for every Meta bell and whistle, or do they just want some of the experience? There will need to be some policy innovation and business model upgrade before the Metaverse is real.

Emergence of the Titanium Economy: Over the top vs. Net Centric?

Strand Consult is excited about 5G and the mobile industry’s continuous improvement of its networks. 5G for home broadband, also known as Fixed Wireless Access (FWA), is a game changer and can substitute for wireline broadband in many cases. While the tower is connected to a larger network with wires and/or radio links, no wires are required to the customer’s premises, only a wireless receiving device. FWA is soon expected to account for 10 percent of all US broadband connections.

What’s beyond home broadband is the bigger question for 5G. Many want to see 5G transform industry and bring a new era of advanced healthcare, transportation, and manufacturing. Indeed some leading manufacturers already integrate 5G into their production like John Deere, Bosch, ASML and some carmakers. Even more exciting is the manufacturing renaissance afoot in USA led by small and mid-cap companies earning returns that rival the online tech/software sector. They are not widely known or discussed, but there are some 4000 of them, driving about $200b in revenue. Their startup costs are relatively low, and they take advantage of 5G, and 5G enabled AI, robotics, automation, and cloud computing. Strand Consult’s suggested holiday reading on this topic is The Titanium Economy: How Industrial Technology Can Create a Better, Faster, Stronger America by Nick Santhanam, Gaurav Batra, and Asutosh Padhi.

Strand Consult is keenly interested in the 5G value chain, where monetization will occur, and who will win. The big question is whether operators are positioned to capture the value in applications or services, or whether  over the top (OTT) third parties be the winners. If 4G is any guide, the content and application providers took the prize.

Network monetization has long dogged the mobile telecom industry. In 2009, GSMA launched a suplement to premium SMS, a reboot of SMS payment introduced in 1999.  However, few or non innovations succeed. Strand Consult’s report OneAPI – Next Generation Value Added Services in the Mobile Industry described many of the challenges to launch this kind of mobile network business models.

Simply put, the long-term trend for consumer monetization by mobile operators goes in a negative direction. It may be a boon for consumers that broadband prices have stayed constant (if not fallen) during this cost-of-living crisis, in the long term it does not scale for mobile operators to continually upgrade networks with better technology if they earn declining returns. This can be improved on the policy front with consolidation, lowering costs so operators can get a better case for investment. Strand Consult suggests that countries should move from 4 to 3 mobile network operator markets, as Strand Consult details in its report Understanding 4 to 3 mobile mergers.

Another needed policy reform is to modernize net neutrality. Strand Consult predicts that policymakers will pick this up in 2023.

Net neutrality:

Following the lead of United Kingdom’s Ofcom which proposes to modernize its rules, Strand Consult predicts that European and Latin American telecom regulators will issue a call for evidence on the performance of net neutrality regulation. Invariably they will find that the policy is failing consumers, innovators, and investors. These countries want to move forward with 5G smart networks, but they have policy designed to maintain a dumb pipe. This can’t be resolved, even with the proffered “5G slicing” techniques.

More important, consumers are denied their freedom of choice by being forced to value all data uniformly and equally when their preferences show that they place different values on different data. Policymakers will see that they are trading away billions of dollars in network investment for the sake of a “look good, feel good policy” which does not serve consumers, startups, or investors. Simply put, no leading 5G nation has hard net neutrality rules, and yet they protect consumers and the ecosystem with competition law and transparency rules.  Strand Consult will launch a report on this topic in early 2023. Check out our library of reports and research notes covering this issue for the last decade.

Mobile operators will mature their ESG practices

Green energy consumption is a big deal in broadband. Many mobile telecom operators have formalized in Environmental, Social and Governance (ESG) goals into key performance indicators. Yet the corporate maximization of ESG by some companies has led to “greenwashing”, deceptive marketing to create the illusion of goodness and to hide malpractice perpetuated by ESG practices and regulation.

Politicians, regulators, and business leaders often claim to be focused on sustainability. Yet, few fully appreciate the difference between being truly sustainable and just “less bad”. The traditional ESG metrics of CO2 emissions, energy consumption, etc. are used as proxies for sustainability progress, but often performance is merely incrementally improved and then celebrated as sustainability. This is not sustainable – it is just “less bad” performance, as the negative impact is still there.

As such, the Future-Fit Business Benchmark has emerged for clear, actionable guidance to perform without negatively impacting people, society and the planet. European solar power producer Better Energy uses Future Fit in its provision of Purchasing Power Agreements for certified green energy to mobile telecom operators and content/application companies, and its performance model is likely to be adopted even more widely.

Another key learning is that operating parallel infrastructures with small cells is not sustainable. The business case for small cell is in network sharing. Mobile operators in United Kingdom just announced trials of a shared small cell network which hosts all 4 mobile operators.


Strand Consult’s Christmas wish is that the war in Ukraine will end in 2023. We have a simple choice in this world: democratic capitalist systems with promote human freedom, rights and flourishing OR totalitarian systems which demand control over public and private life and prohibit opposition.  Mobile networks telecom networks improve quality of life for their users. In 2023 Strand Consult will continue its work in policy transparency to ensure that mobile telecom networks have sustainability, security, and integrity.

This past year In 2022 Strand Consult published many research notes and reports, and featured half a dozen industry experts on our guest blog. Strand Consult’s analysis was quoted in some 1000 news stories globally. Our work took us to all the continents but Antarctica. Our readership continues to grow.   For the last 22 years, Strand Consult has made predictions for the coming year. You can check our archive to see whether we were right.

Sincerely,  John Strand, CEO