US officials have warned Downing Street about the potential risks of allowing Huawei to participate in national 5G networks.
The United States has long been cautious about Chinese telecommunications equipment because of concerns that the Chinese state could exert control or use such equipment for surveillance. As 5G becomes integral to critical infrastructure, Washington has stepped up efforts to persuade allies to exclude Huawei hardware from their networks.
Huawei is known for innovative products offered at competitive prices. With around 35.3 percent of the global market, the company is one of the world’s largest telecom vendors. Many operators have already deployed Huawei equipment in their 5G rollouts, including all four of the UK’s major mobile network operators.
Andrew Stark, cybersecurity director at Red Mosquito, explained the practical reasons operators choose Huawei:
“With Huawei equipment already embedded in the UK’s 3G and 4G networks, moving to 5G with the same supplier is the path of least resistance and helps telecom companies meet tight deployment schedules. Apart from Huawei, only two other major vendors—Nokia and Ericsson—are widely able to supply large-scale 5G hardware.”
“The technical issue is that the hardware can perform deep packet inspection, allowing network data to be read and analyzed for security and management. In theory, a hardware supplier could intercept that data and monitor 5G communications. There are also concerns that Huawei technology has been used by some governments to monitor their own networks.”
“Given longstanding mistrust of the Chinese government, the US treats Huawei—despite its private ownership—as effectively state-linked and therefore a security risk. By extension, any country using Huawei 5G equipment could be perceived as a security risk if sensitive data were exposed or shared.”
A US delegation, led by Deputy National Security Adviser Matt Pottinger, met UK officials in London and presented a dossier to the UK, a partner in the “Five Eyes” intelligence alliance. According to reports, the dossier challenged British intelligence conclusions that Huawei equipment can be used in 5G networks without posing unacceptable national security risks.
The UK has taken a cautious but measured approach to Huawei. In 2010 it established the Huawei Cyber Security Evaluation Centre (HCSEC) to examine Huawei equipment and identify potential threats before products are deployed on UK networks.
For several years HCSEC reported that it could provide assurance that risks from Huawei equipment were manageable. However, more recent assessments have raised concerns.
Officials noted that shortcomings in Huawei’s engineering processes had revealed new risks and long-term challenges for mitigation and oversight. HCSEC raised specific concerns about technical limitations that constrained researchers’ ability to inspect internal product code and about the sourcing of components from third-party suppliers used in Huawei products.
Huawei welcomed HCSEC’s oversight and said the centre’s work demonstrated that the process was functioning. The company also stated it was committed to addressing the issues identified.
Nevertheless, a follow-up HCSEC report in March criticised Huawei for slow progress in resolving prior concerns. The report said, “no material progress has been made by Huawei in the remediation of the issues reported last year, making it inappropriate to change the level of assurance from last year or to make any comment on potential future levels of assurance.”
The report also highlighted that additional significant technical issues had emerged, posing new risks to UK telecoms infrastructure. HCSEC concluded that ongoing shortcomings in Huawei’s software development practices increased risk to UK operators and required continued management and mitigation.
In February, the Royal United Services Institute (RUSI), a respected independent think tank focused on defence and security, warned that allowing Huawei into 5G networks would be “naive” and “irresponsible.” RUSI pointed out that it is far easier to insert a covert backdoor into a system than it is to detect one, and suggested that in any covert contest between sophisticated Chinese attackers and HCSEC, the attackers would hold a significant advantage.
Conservative MP Bob Seely argued that Huawei “to all intents and purposes” functions as part of the Chinese state and that involving the company in national networks would enable Chinese agencies to access British infrastructure.
Huawei has repeatedly denied that it poses a security threat and insists that the Chinese government does not control its operations.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to explore the future of enterprise technology.