Submissions to UK 5G security review are mostly hostile to Huawei

UK Parliament is reviewing the government’s decision to allow the limited involvement of Huawei kit in its 5G networks.

Scott Bicheno

May 7, 2020

9 Min Read
Submissions to UK 5G security review are mostly hostile to Huawei

UK Parliament is reviewing the government’s decision to allow the limited involvement of Huawei kit in its 5G networks.

Part of that review is a call for evidence from third parties and the defence sub-committee leading the review recently published a bunch of written evidence submitted to it. Feel free to click on the link and download it all for yourself, but if you understandably can’t be bothered, here’s a summary of the highlights.

The companies

Ericsson makes no reference whatsoever to either Huawei or China, preferring instead to churn out ten pages of general info about 5G. This is understandable as Ericsson is still doing good business in China and presumably doesn’t want to put the Communist Party’s nose out of joint.

BT stresses that it’s working to remove all Huawei gear from its core network, but that being forced to accelerate that process will divert investment from other stuff like the 5G rollout. It also says it reckons the distinction between edge and core, for the purpose of security, is a valid one.

“BT has a long-standing and robust network design approach that exclude HRVs from the sensitive core network,” writes the BT submission. “The core network handles customer-sensitive data and connects users to each other and other networks. The access network has no decision-making capabilities and just provides access to the core network.

“Since introducing Huawei into our fixed network in 2006, we have consistently followed a deliberate policy of not using Huawei equipment in the core. This means that the impact of any issue with a single item of Huawei equipment or software is minimised – they have no remote access or meaningful ability to present risk to the core network or access to subscriber data. We have the source codes from Huawei (as we have access to those of all our network suppliers) and check all Huawei code via the Huawei Cyber Security Evaluation Centre.”

A consortium of companies with an interest in OpenRAN, including Mavenir and Parallel Wireless, collectively wrote to commend Parliament on having another look at this situation and to focus on its question about credible alternatives. Funnily enough they say there is one and it’s called ORAN. “If helpful, we would be happy to come to London to meet and give you a briefing on virtualized ORAN, how it has been successfully implemented in other nations, and what that path might look like for the UK,” their submission concludes.

The Telecom Infrastructure Project also took this opportunity to lobby on behalf of ORAN. “The UK has an opportunity to improve long-term security not just for 5G but previous and subsequent generations of telecom networks,” it concludes. “We believe the structure of the network equipment ecosystem is an important factor in achieving this goal, and the approach offered by OpenRAN solutions can provide a more secure, diverse and innovative sector that will realise the UK’s technological ambitions. Moreover, with targeted support from policymakers, the UK can play a leading role in this and subsequent generations of network technologies.”

Huawei’s submission is quite understated, which is probably wise. In praising the UK approach for its great work on security it concedes its status as ‘high risk’ in the UK. “Within the policy framework set out by the government, some additional protections will be applied to the use of equipment provided by suppliers designated as high risk vendors,” it writes. “Huawei is one such company, and will face very significant additional restrictions on its ability to supply the 5G market.”

The Huawei missive goes on to list the various restrictions and enhanced scrutiny it is subject to in a clear bid to reassure the committee that the government’s decision was correct. Like BT it also stresses that the distinction between the core and peripheral network can be maintained for 5G, presenting this blog post by the NCSC (National Cyber Security Centre) as evidence.

Public sector and academia

The Department for Digital, Culture, Media and Sport and the Ministry of Defence write to defend the original decision. Here’s what they have to say on the crucial matter of risk mitigation: “The key to the NCSC’s security analysis therefore is that it is focused on understanding critical functions and providing appropriate security controls wherever those functions sit in the network – both now and in the future.

“The NCSC’s guidance to industry sets out clearly what these critical safety functions are. If operators were to start pushing core functionality to the edge of the network under 5G, high risk vendors will be excluded from performing that functionality, irrespective of where in the network the operator is performing that critical function. This would apply, for instance, to Mobile Edge Compute (MEC) or virtualisation. On this basis, it is still possible and desirable to distinguish the security critical functions.”

The most important questions for the government, concerning the geopolitical implications of the decision, are largely dodged, however. They insist the decision had no political component and that they’re in constant dialogue with UK allies, especially the ‘five eyes’ security alliance. Without getting into any specifics the government submission seeks to reassure that the political side of things is under control.

The Scotland 5G Centre is comprised of the University of Strathclyde, the University of Glasgow and the Scottish Futures Trust quango. It seems quite hostile to the original government decision which, given its apparent dependence on funding from the relentlessly adversarial Scottish government, comes as little surprise.

The Scots express scepticism about the security distinction between the core and the edge, making the good point that much of 5G, especially low-latency features, will take place at the edge. They also allege that the original decision was made largely as a result of lobbying from operators who don’t fancy the expense of swapping out loads of kit. This is easy to claim but much harder to prove and they undermine their whole submission with such a loose accusation.

The experts

The many individuals who submitted written evidence felt a lot freer to comment on the geopolitical implications on the government decision. “As an interested observer, the government’s decision seemed to be a post-Brexit hedge between its historic allegiance to the transatlantic alliance and the likely economic realities of seeking to enhance its non-European trading position,” wrote Dr Robert Dover, Associate Professor of Intelligence and International Security at the University of Leicester. “A decision based purely on security would have looked markedly different and likely mirrored the position of the United States.”

Retired Brigadier General Robert Spalding linked to this piece to cover his views on the matter. He thinks the government decision was: “100 percent political because BT is all Huawei. In order for a non-Huawei 5G network to be built in the UK it would have to be influenced and incentivized by the UK government.” He is also worried about upsetting the Americans, in common with all defence types as far as we can tell.

“While the technical vulnerabilities of equipment produced by Chinese state-owned and affiliated enterprises such as ZTE and Huawei are considerable and present opportunities for theft, surveillance, espionage, and sabotage, China’s legal framework alone is reason enough to prohibit the use of technology made by Chinese state owned and affiliated enterprises in UK networks,” writes Academic Roslyn Layton, co-founder of China Tech Threat.

“China’s regime effectively promotes information communication technology as tools of the Chinese state, requiring any data collected on any Chinese-made product or service to be confiscated by the Chinese government for any reason and with no respect to due process or UK rule of law.”

The other co-founder of China Tech Threat, Analyst John Strand, also got involved. He was keen to downplay the presumed costs of replacing Huawei kit and points to some of his own studies on the matter. Strand echoes Layton’s observations about Chinese state control of its companies and reflects on China’s reputation for industrial espionage.

“China has been engaged in a decades long, systematic, state-sponsored effort to steal UK technology,” writes Strand. “Beijing has relied heavily on stolen trade secrets and intellectual property to build its own indigenous manufacturing and technology base. Recent U.S. intelligence community estimates suggest that China employs 30,000 military cyber spies and 100,000 private sector cyber experts whose job is to steal foreign secrets and technology.”

Christopher Balding is an Associate Professor at the Fulbright University Vietnam as well as an Associate Fellow at the Henry Jackson Society. He fled China in 2018 after fearing for his personal safely and is an active commentator on geopolitical matters, specialising in China.

“The evidence presented here demonstrates that high-risk vendors within Civil Military Fusion authoritarian states engage in surveillance and monitoring activity of domestic and international individuals and institutions,” introduces Balding. “This should raise significant concerns for open liberal democracies considering allowing high risk vendors to participate in their telecommunication network.”

Lastly and most entertainingly we have retired Royal Navy Lieutenant Commander Lester May who kept his submission short and sweet, so we reproduce it in full. “Whitehall – always more bureaucracy and time-wasting than necessary! Much the same when I worked in Main Building in the 1980s,” opens May.

“My comments about Huawei and 5G are simple. As a One Nation Conservative and patriot, I want us to do as little business with wayward and criminal dictatorships as possible – and the two main nations that we must avoid working with are, of course, China and Russia.

“The coronavirus pandemic should be a wake-up call. No Huawei 5G even if it slows us down and costs us more. I was quite angry that HMG was prepared to work with Huawei and thought that the Government had gone mad. I don’t trust China. You shouldn’t trust China. This pandemic makes clear that China is not trustworthy. Do not do business with China. Wise up. Start to invest in British industry and British workers and start it now.”

If the written submissions are anything to go by, Huawei is in trouble in the UK. The only ones defending the decision were from the government itself and from the two companies with the most to lose from a total ban on Huawei kit in the UK’s 5G networks. Everyone else is urging the government to change its position to just that. If the government decides not to it will at least need to demonstrate why it has ignored all this advice. There is not hard deadline for completion of this review, but the government is indicating we should see something over the summer.

About the Author

Scott Bicheno

As the Editorial Director of Telecoms.com, Scott oversees all editorial activity on the site and also manages the Telecoms.com Intelligence arm, which focuses on analysis and bespoke content.
Scott has been covering the mobile phone and broader technology industries for over ten years. Prior to Telecoms.com Scott was the primary smartphone specialist at industry analyst Strategy Analytics’. Before that Scott was a technology journalist, covering the PC and telecoms sectors from a business perspective.
Follow him @scottbicheno

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like