The U.K. government will allow Huawei to be a supplier for some non-core parts of the country’s 5G networks, despite concerns that the involvement of the Chinese telecoms vendor could pose a risk to national security. But it will be excluded from core parts of the networks, according to reports in national press.
The news of prime minister Theresa May’s decision made during a meeting of the National Security Council yesterday was reported earlier by The Telegraph. The newspaper said multiple ministers raised concerns about her approach — including the Home Secretary, Foreign Secretary, Defence Secretary, International Trade Secretary and International Development Secretary.
The FT reports that heavy constraints on Huawei’s involvement in U.K. 5G networks reflect the level of concern raised by ministers.
May’s decision to give an amber light to Huawei’s involvement in building next-gen 5G networks comes a month after a damning report by a U.K. oversight body set up to evaluate the Chinese company’s approach to security.
The fifth annual report by the Huawei Cyber Security Evaluation Centre Oversight Board blasted “serious and systematic defects” in its software engineering and cyber security competence.
Though the oversight board stopped short of calling for an outright ban — despite saying it could provide “only limited assurance that all risks to U.K. national security from Huawei’s involvement in the U.K.’s critical networks can be sufficiently mitigated long-term.”
But speaking at a cybersecurity conference in Brussels in February, Ciaran Martin, the CEO of the U.K.’s National Cyber Security Centre (NCSC), expressed confidence U.K. authorities can mitigate any risk posed by Huawei.
The NCSC is part of the domestic GCHQ signals intelligence agency.
Dr. Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs at Oxford University, told TechCrunch he’s not surprised by the government’s decision to work with Huawei.
“It’s a message that was long-expected,” he said. “U.K. officials have been carefully sending signals in the previous months. In a sense, this makes us closer to the end of the 5G drama.”
“With proper management most risk can be mitigated. It all depends on the strategic planning,” he added.
“I believe the level of [security] responsibility at telecoms will remain similar to today’s. The main message expected by telecoms is clarity to enable them to move on with infrastructure.”
The heaviest international pressure to exclude the Chinese vendor from next-gen 5G networks has been coming from the U.S., where President Trump has been leaning on key intelligence-sharing allies to act on espionage fears and shut out Huawei — with some success.
Last year Australia and New Zealand both announced bans on Chinese kit vendors citing national security fears.
But in Europe governments appear to be leaning in another direction: toward managing and mitigating potential risks rather than shutting the door completely.
The European Commission has also eschewed pushing for a pan-EU ban — instead issuing recommendations encouraging member states to step up individual and collective attention on network security to mitigate potential risks.
It has warned too — and conversely — of the risk of fragmentation to its flagship “digital single market” project if member state governments decide to slam doors on their own. So, at the pan-EU level, security considerations are very clearly being weighed against strategic commercial imperatives and technology priorities.
Equally, individual European governments appear to have little appetite to throw a spanner in the 5G works, given the risk of being left lagging as cellular connectivity evolves and transforms — an upgrade that’s expected to fuel and underpin developments in artificial intelligence and big data analysis, among other myriad and much-hyped benefits.
In the U.K.’s case, national security concerns have been repeatedly brandished as justification for driving through domestic surveillance legislation so draconian that parts of it have later been unpicked by both U.K. and EU courts. Even if the same security concerns are here, where 5G networks are concerned, being deemed “manageable” — rather than grounds for a similarly draconian approach to technology procurement.
It’s not clear at this stage how extensively Huawei will be involved in supplying and building U.K. 5G networks.
The NCSC sent us the following statement in response to questions:
National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.
The security and resilience of the UK’s telecoms networks is of paramount importance.
As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.
“How ‘non-core’ will be defined is anyone’s guess but it would have to be clearly defined and publicly communicated,” Olejnik also told us. “I would assume this refers to government and military networks, but what about safety communication or industrial systems, such as that of power plants or railroad? That’s why we should expect more clarity.”