iaremenko - stock.adobe.com
The UK’s National Security Council (NSC) has reportedly approved the use of Huawei’s networking equipment in non-core parts of future 5G mobile networks, risking the wrath of key allies around the world.
The decision was made yesterday at a meeting of the NSC, which is chaired by prime minister Theresa May, and came despite apparent objections from, among others, defence secretary Gavin Williamson, home secretary Sajid Javid, international development secretary Penny Mordaunt and international trade secretary Liam Fox.
The news leaked just hours before representatives of the Five Eyes security alliance (Australia, Canada, New Zealand, the UK and the US), including GCHQ head Jeremy Fleming, shared a joint public platform for the first time ever at the National Cyber Security Centre’s (NCSC’s) CyberUK conference, currently under way in Glasgow, and ahead of a planned visit by chancellor Philip Hammond to China later this week.
The decision comes in spite of March’s damning report from the NCSC’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, which said the HCSEC’s work “continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators” and accused Huawei of making “no material” progress on addressing issues that it had raised in its previous report last year.
Foreign Affairs Committee chair Tom Tugendhat spoke out against the NSC’s decision. “Allowing Huawei into the UK’s 5G infrastructure would cause allies to doubt our ability to keep data secure and erode the trust essential to #FiveEyes cooperation. There’s a reason others have said no,” he tweeted.
In a subsequent appearance on the BBC’s Today programme, Tugendhat claimed that because of how 5G networks were being built, it was hard to distinguish between core and non-core parts of the network.
“5G does change from a faster internet system into an internet system that can genuinely connect everything, and therefore the distinction between non-core and core is much harder to make,” he said.
In response to the leak, a government spokesperson said: “National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.
“The security and resilience of the UK’s telecoms networks is of paramount importance.
“As part of our plans to provide world-class digital connectivity, including 5G, we have conducted an evidence-based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.”
The NSC’s decision risks enflaming the wrath of the US government, which has enacted an outright ban on Huawei equipment itself, and warned its allies that to allow the use of Huawei in critical national networks risked endangering future military and intelligence cooperation with the US.
US secretary of state Mike Pompeo has repeatedly attacked Huawei and issued thinly-veiled threats against European countries, such as Germany and the UK, that have signalled they may take a more pragmatic approach.
On 20 April 2019, The Times reported that the US had shared intelligence with its Five Eyes allies proving that Huawei had taken money from China’s People’s Liberation Army, its National Security Commission, and a third, undisclosed branch of the Chinese state intelligence network.
Speaking at last week’s Huawei Analyst Summit in Shenzhen, Huawei’s global cyber security and privacy officer, John Suffolk, said that in the face of US pressure over the UK’s use of Huawei, Westminster should collaborate with its European neighbours on network security standards, whether the UK remains part of the European Union (EU) or not.
“They should treat all suppliers the same, so that, in essence, it benefits from the best technology in a risk-managed way,” said Suffolk. “That’s what I’d advise the government. Get your policies right. Think what is in the best interest of UK citizens and enterprises overall, and maximise innovation.”
Diverse supply chain
Nevertheless, the NSC’s decision to approve limited use of Huawei equipment appears to reflect the views of both GCHQ’s Fleming and the NCSC CEO Ciaran Martin, both of whom have argued that it is safe to use the supplier’s hardware as part of a balanced and diverse supply chain.
In a speech in Singapore in February, Fleming said there were three pre-conditions for securing the UK’s 5G network infrastructure.
“First, we must have stronger cyber security practices across the telecommunications sector,” he said. “The market is configured in a way that does not incentivise good cyber security. That has to change.
“Second, telecoms networks must be more resilient. Vulnerabilities can and will be exploited, but networks should be designed in a way that cauterises the damage.
“Third, there must be sustainable diversity in the supplier market. A market consolidated to such an extent that there are only a tiny number of viable options will not make for good cyber security.”
Vodafone, which has worked alongside the NCSC to conduct risk assessments of how its existing and future mobile networks might be exposed to cyber security threats if Huawei was shown to be a bad actor, has taken a similar line.
The operator already excludes Huawei from its core 4G infrastructure and uses its hardware sparingly in non-core areas of the network. Its UK CTO, Scott Petty, has gone on record as saying this would also be the case when it came to 5G.
“Our belief is that by having a healthy supplier ecosystem with the right levels of interoperability and security between them – and our risk assessment based on the guidance from the NCSC – we can create an infrastructure where we can leverage Huawei so it can sense and protect the important parts of our network,” said Petty at a media roundtable event earlier in 2019, which was attended by Computer Weekly.
Read more about the Huawei affair
John Suffolk, global cyber security and privacy officer at China-based telecoms equipment supplier Huawei, tells Huawei Analyst Summit growth is the best answer to US criticism.
Troubles continue for Huawei as new bans and government reports put security into question, but the company is attempting to fight back against the criticism.
If the UK government decides to impose tighter restrictions, or an outright ban on the use of Huawei in national 5G networks, the country faces severe consequences, according to a report.
Huawei has become one of the world’s largest technology companies by revenue, suggesting the accusations over its ties to the Chinese government are failing to have much impact.
Huawei has made no material progress on addressing the issues identified last year by the NCSC, according to the latest highly critical report from its HCSEC Oversight Board.
The chair of the Science and Technology Committee has criticised the government’s vague response to concerns about Huawei’s activities in the UK.
Vodafone’s CTO and general counsel have defended their use of Huawei equipment in their mobile network and challenged its detractors to show them evidence of wrongdoing.
Huawei has filed a lawsuit accusing Washington of violating the US constitution by banning it from government contracts.
US secretary of state Mike Pompeo has reinforced his attacks on Huawei as the firm apparently prepares to sue the US government over its federal-level ban.
US secretary of state Mike Pompeo has said America may scale back or cut military and diplomatic ties with countries that use Huawei equipment in national 5G networks.
NCSC CEO uses cyber security conference in Brussels to set out his agency’s position on Brexit, 5G security, Huawei, market incentives and international cooperation on active cyber defence.
A think-tank report has branded the UK government naïve at best, irresponsible at worst, over its use of Chinese networking equipment in critical national infrastructure.
Huawei CEO Ren Zhengfei has taken a more combative stance in the ongoing row over the firm’s alleged links to the Chinese intelligence services.
The UK’s National Cyber Security Centre suggests Huawei will be allowed to form core elements of the country’s 5G mobile network infrastructure after all.
Huawei’s Ryan Ding tells the British government that the company has never, and will never, use its technology to assist the Chinese intelligence services.
Malaysia has become the latest country to look into the security concerns surrounding Huawei, which has been accused by mostly western powers of conducting corporate espionage.
Vodafone’s UK CEO has said the operator will “pause” its use of Huawei hardware for the foreseeable future.
The chair of the cross-bench Science and Technology Committee has written to Huawei seeking answers over its activities in the UK.
Huawei’s rotating chairman Guo Ping outlines the firm’s priorities to optimise its product portfolio, empower employees and build a more resilient business structure.
While the number of countries with Huawei bans in place grows and more issue warnings, a German investigation found no evidence of spying to support the fear.
The Chinese government has called for the release of Huawei chief financial officer Meng Wanzhou, who was detained in Canada at the weekend.
BT will remove Huawei’s networking equipment from the core of EE’s 4G mobile network.