After nearly a year of wrangling, rumour and high-stakes political lobbying, and much to the relief of the country’s telco community, the UK government has decided not to follow the US and ban totally Chinese tech suppliers from supplying their equipment for the UK’s growing 5G infrastructure.
In its Telecoms supply chain review, first published in July 2019, in relation to high-risk suppliers, the UK government asked the country’s National Cyber Security Council (NCSC) to consider issuing guidance to UK telecoms operators in relation to high-risk suppliers – defined as those which pose greater security and resilience risks to UK telecoms networks, with Chinese firms ZTE and Huawei commonly regarded as key examples.
The NCSC had in March 2019, under prime minister Theresa May, approved the use of Huawei’s networking equipment in non-core parts of future 5G mobile networks, gaining the wrath of key allies around the world, in particular the US where the Federal Communications Commission (FCC) imposed a ban on carriers using federal funding to buy equipment from firms such as ZTE and Huawei which the regulator designated as a threat to US national security.
That decision came in spite of a March 2019 damning report from the NCSC’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, which said the HCSEC’s work “continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators”.
NCSC noted in the Telecoms supply chain review that Huawei had been on its radar in the UK telecoms sector since 2003 and that it had always treated the company as a “high-risk vendor” and that it had worked to limit its use in the UK and put extra mitigations around the company’s equipment and services.
Nicky Morgan, DCMS
Fundamentally, the Telecoms supply chain review concluded that new restrictions be placed on the use of the so-called high-risk suppliers in the UK’s 5G and gigabit-capable networks. The advice was that high-risk suppliers such as Huawei should be excluded from all safety-related and safety-critical networks in critical national infrastructure; excluded from security-critical “core” functions, the sensitive part of the network; excluded from sensitive geographic locations, such as nuclear sites and military bases; and limited to a minority presence of no more than 35% in the periphery of the network, known as the access network, which connect devices and equipment to mobile phone masts.
The UK government assured that it was certain that these measures, taken together, would allow it to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals or state-sponsored attacks. It said it would legislate at the earliest opportunity to put in place the powers necessary to implement a tough new telecoms security framework.
It added that it would also develop a strategy to help diversify the supply chain. This would seek to attract established suppliers which are not present in the UK, supporting the emergence of new, disruptive entrants to the supply chain and promoting the adoption of open, interoperable standards that will reduce barriers to entry. The 35% cap will be kept under review to determine whether it should be further reduced as the market diversifies.
“We want world-class connectivity as soon as possible, but this must not be at the expense of our national security. High-risk vendors never have been and never will be in our most sensitive networks,” said UK digital secretary Nicky Morgan commenting on the announcement.
“The government has reviewed the supply chain for telecoms networks and concluded today it is necessary to have tight restrictions on the presence of high-risk vendors. This is a UK-specific solution for UK-specific reasons and the decision deals with the challenges we face right now. It not only paves the way for secure and resilient networks, with our sovereignty over data protected, but it also builds on our strategy to develop a diversity of suppliers. We can now move forward and seize the huge opportunities of 21st century technology.”
UK NCSC chief executive Ciaran Martin added: “This package will ensure that the UK has a very strong, practical and technically sound framework for digital security in the years ahead. The National Cyber Security Centre has issued advice to telecoms network operators to help with the industry roll-out of 5G and full-fibre networks in line with the government’s objectives. High-risk vendors have never been – and never will be – in our most sensitive networks. Taken together, these measures add up to a very strong framework for digital security.”
Ciaran Martin, NCSC
The decision will come as a huge relief to the UK’s communications industry, which was concerned that a blanket ban on technology from Huawei in particular could seriously threaten the rate at which the UK’s 5G infrastructure could be rolled out.
Huawei’s 5G-enabling technology, along with non-4G kit, has long been present on the operators’ networks. If forced to remove Huawei from the network, such as in the many base stations, the operators calculated that the cost would run into the hundreds of millions and would dramatically affect their 5G business case and effectively mean a refresh of 4G networks to overlay new 5G technology.
For its part, Huawei said it was reassured by the UK government’s confirmation that it could continue working with its customers to keep the 5G roll-out on track.
“This evidence-based decision will result in a more advanced, more secure and more cost-effective telecoms infrastructure that is fit for the future. It gives the UK access to world-leading technology and ensures a competitive market,” said Huawei vice-president Victor Zhang.
“We have supplied cutting-edge technology to telecoms operators in the UK for more than 15 years. We will build on this strong track record, supporting our customers as they invest in their 5G networks, boosting economic growth and helping the UK continue to compete globally. We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology.”
Read more about 5G technology supply
- Huawei dismisses US tech sabre-rattling and claims it will continue robust business growth in 5G with or without US suppliers.
- It may already enjoy pricing and technological advantages, but Huawei is calling on 5G industry to collaborate more, especially with regard to regulatory policy.
- Huawei chief security officer John Suffolk faces tough questions from parliament’s Science and Technology Select Committee over the firm’s links to the Chinese government.
- Spanish incumbent telco announces plans to add another supplier to join Huawei on its official supplier list for 5G-enabling technologies.
Read more on Network security strategy
New consultation on legal direction to restrict use of Huawei in UK telecoms networks
UK government enshrines law to strip out ‘high-risk’ suppliers’ tech from networks
UK government announces high-tech lab to boost 5G diversification strategy
Specific and targeted interventions necessary to ensure UK mobile tech diversification