Huawei and 5G: U.K. Had Little Choice but Say Yes to Chinese – Here’s Why

exposing operators to duopoly pricing. Partly for this reason, the government commissioned a review of the telecoms supply chain in 2018.

The resulting report last July said the government would develop a new security framework, and consult with industry on the best way forward. It also highlighted the need for more supplier competition, but there seems no easy solution.

The Security Issue
Without a doubt, the network operators’ commercial interests are potentially at odds with U.K. security interests over Huawei. People often worry about the threat of “backdoors” in Huawei equipment and software that would allow remote control from outside the U.K., but the issue is more systematic security failings in the software that could be remotely exploited.

The 2019 report of the board that oversees the Huawei Cyber Security Evaluation Centre (HCSEC) said much of the software “lacks basic engineering competence” and “significantly increased risk to U.K. operators”. The board could only give “limited assurance” about managing the risks, and said Huawei’s coding practices make the “job of any code auditor exceptionally hard”. In other words, the verifiers could miss insertions or oversights that might enable security breaches.

Another risk is that equipment suppliers usually have authorised remote access to their hardware to provide support or fulfil a managed services contract, and the equipment needs regular software security updates and bug fixes. Security updates could be vetted by HCSEC, but this would probably be a difficult undertaking to scale. There is also a lot of outsourcing in this sector, including to Huawei, which opens up further potential for security breaches.

The U.K. National Cyber Security Centre, which advises the government, concedes the risks of admitting Huawei, but thinks they can be made “acceptable” by limiting access. This may be challenging with the changes 5G may bring to mobile networks. For example, connected and driverless vehicles needing to exchange information quickly won’t route all their data traffic via the network core.

Instead, many 5G core functions may take place in the radio network, making it increasingly harder to define Huawei’s permitted area. And with base stations inherently connected to the network core, there is a limit to the isolation which can be put in place anyway.

Risks and Rewards
Overall, however, the government seems to have been caught between a rock and a hard place: faced with wounding the U.K. network operators and slowing the 5G roll-out, it has sought a compromise.

To some extent, this is the consequences of deciding too slowly. Had the U.K. banned Huawei in 2018 like the US and Australia, the mobile operators’ 5G roll-out plans would have been at an earlier stage. The US also compensated some of its networks for the costs of equipment removal.

The U.K. government is instead looking to the future. Nicky Morgan, the culture secretary, told the House of Lords on January 28 that the government wants to attract established equipment vendors to the U.K. who are not already present, to support new disruptive entrants, and reduce barriers to market entry.

On established vendors, she may be referring to companies that make radio network equipment but don’t compete aggressively in this space: Samsung, for example. As for new entrants, there may be a hope of enticing players who supply different types of networks, such as Cisco or Juniper. There is also significant potential to innovate in 5G networks. The U.K.’s Testbeds and Trials programme is enabling this and will continue to do so.

For the time being, the government can hardly be enjoying the fallout from its decision. To date, much focus has been on the confidentiality of communications over mobile networks, and risks of spying. A bigger issue is the need to keep the mobile phone network running. We are in an era where everything from Uber and Deliveroo to most credit card machines cannot function without it

The nightmare scenario is a hostile state-affiliated actor shutting down or damaging the mobile networks. It may have effectively been impossible for the U.K. to say no to Huawei, but the current compromise is far from ideal.

Greig PaulLead Mobile Networks & Security Engineer, University of Strathclyde. This articleis published courtesy of The Conversation.