No technical reason to exclude Huawei as 5G supplier, says UK committee

A UK parliamentary committee has concluded there are no technical grounds for excluding Chinese network kit vendor Huawei from the countrys 5G networks.
In a letter from the chair of the Science & Technology Committee to the UKs digital minister Jeremy Wright, the committee says: We have found no evidence from our work to suggest that the complete exclusion of Huawei from the UKs telecommunications networks would, from a technical point of view, constitute a proportionate response to the potential security threat posed by foreign suppliers.
Though the committee does go on to recommend the government mandate the exclusion of Huawei from the core of 5G networks, noting that UK mobile network operators have mostly done so already but on a voluntary basis.
If it places a formal requirement on operators not to use Huawei for core supply the committee urges the government to provide clear criteria for the exclusion so that it could be applied to other suppliers in future.
Reached for a response to the recommendations, a government spokesperson told us: The security and resilience of the UKs telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.
The spokesperson for the Department for Digital, Media, Culture and Sport added: The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Governments decision.
In recent years the US administration has been putting pressure on allies around the world to entirely exclude Huawei from 5G networks claiming the Chinese company poses a national security risk.
Australia announced it was banning Huawei and another Chinese vendor ZTE from providing kit for its 5G networks last year. Though in Europe there has not been a rush to follow the US lead and slam the door on Chinese tech giants.
In April leaked information from a UK Cabinet meeting suggested the government had settled on a policy of granting Huawei access as a supplier for some non-core parts of domestic 5G networks, while requiring they be excluded from supplying components for use in network cores.
On this somewhat fuzzy issue of delineating core vs non-core elements of 5G networks, the committee writes that it heard unanimously and clearly from witnesses that there will still be a distinction between the two in the next-gen networks.
It also cites testimony by the technical director of the UKs National Cyber Security Centre (NCSC), Dr Ian Levy, who told it geography matters in 5G, and pointed out Australia and the UK have very different laydowns meaning we may have exactly the same technical understanding, but come to very different conclusions.
In a response statement to the committees letter, Huawei SVP Victor Zhang welcomed the committees key conclusion before going on to take a thinly veiled swiped at the US writing: We are reassured that the UK, unlike others, is taking an evidence based approach to network security. Huawei complies with the laws and regulations in all the markets where we operate.
The committees assessment is not all comfortable reading for Huawei, though, with the letter also flagging the damning conclusions of the most recent Huawei Oversight Board report which found serious and systematic defects in its software engineering and cyber security competence and urging the government to monitor Huaweis response to the raised security concerns, and to be prepared to act to restrict the use of Huawei equipment if progress is unsatisfactory.
Huawei has previously pledged to spend $2BN addressing security shortcomings related to its UK business a figure it was forced to qualify as an initial budget after that same Oversight Board report.
It is clear that Huawei must improve the standard of its cybersecurity, the committee warns.
It also suggests the government consults on whether telecoms regulator Ofcom needs stronger powers to be able to force network suppliers to clean up their security act, writing that: While it is reassuring to hear that network operators share this point of view and are ready to use commercial pressure to encourage this, there is currently limited regulatory power to enforce this.
Another committee recommendation is for the NCSC to be consulted on whether similar security evaluation mechanisms should be established for other 5G vendors such as Ericsson and Nokia: Two European based kit vendors which, unlike Huawei, are expected to be supplying core 5G.
It is worth noting that an assurance system comparable to the Huawei Cyber Security Evaluation Centre does not exist for other vendors. The shortcomings in Huaweis cyber security reported by the Centre cannot therefore be directly compared to the cyber security of other vendors, it notes.
On the issue of 5G security generally the committee dubs this critical, adding that all steps must be taken to ensure that the risks are as low as reasonably possible.
Where essential services that make use of 5G networks are concerned, the committee says witnesses were clear such services must be able to continue to operate safely even if the network connection is disrupted. Government must ensure measures are put in place to safeguard operation in the event of cyber attacks, floods, power cuts and other comparable events, it adds.
While the committee concludes there is no technical reason to limit Huaweis access to UK 5G, the letter does make a point of highlighting other considerations, most notably human rights abuses, emphasizing its conclusion does not factor them in at all and pointing out: There may well be geopolitical or ethical grounds to enact a ban on Huaweis equipment.
It adds that Huaweis global cyber security and privacy officer, John Suffolk, confirmed that a third party had supplied Huawei services to Xinjiangs Public Security Bureau, despite Huawei forbidding its own employees from misusing IT and comms tech to carry out surveillance of users.
The committee suggests Huawei technology may therefore be being used to permit the appalling treatment of Muslims in Western China.
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2021    »