The former US Secretary of Homeland Security has warned that intelligence-sharing between the United States and the United Kingdom could be jeopardized if Huawei equipment is allowed in UK 5G networks.
Tom Ridge, who established the Department of Homeland Security after the 9/11 attacks, delivered the warning while speaking in London. He emphasized that much intelligence is shared electronically and that telecommunications systems with potential entry points could undermine secure communications. “It will affect intelligence-sharing,” he said.
Despite strains in the so-called “special relationship” between the UK and the US in recent years, the UK remains America’s primary intelligence and military ally in Europe. The UK is a member of the Five Eyes intelligence alliance alongside the US, Australia, Canada, and New Zealand. Washington has pushed its allies to exclude Chinese 5G vendors from critical networks over national security concerns, and it has been especially insistent that Five Eyes partners do the same.
Ridge said he was surprised that the UK was the only Five Eyes partner to judge the risks posed by Chinese 5G equipment as manageable. The UK has not yet reached a formal decision on Huawei’s role in national 5G infrastructure; amid a leadership contest, the final choice will likely fall to the incoming prime minister. Both remaining leadership contenders have publicly voiced reservations about using Chinese suppliers for 5G and have stressed the importance of the US-UK security relationship.
However, imposing a ban on Huawei at this stage would be costly and could undermine the UK’s current lead in Europe’s 5G rollout. Industry reporting indicates that every major UK carrier has already incorporated at least some Huawei equipment into their networks. Three CEO David Dyson explained that his operator has already begun deploying 5G hardware and that a vendor change now could set deployments back by 12–18 months.
Ridge cited past incidents to illustrate the risks. He pointed to Huawei’s 2003 installation of a network at the African Union headquarters in Addis Ababa, Ethiopia. Observers reported that the network remained active well outside normal hours—between midnight and 3 a.m.—and that Chinese officials seemed unusually well-informed about AU negotiators’ positions. A French security firm later engaged to assess the installation reportedly identified software issues that led to data being transmitted back to Beijing.
“The employees of Huawei are pretty much public employees even though they’ve got Huawei t-shirts on,” Ridge said, reflecting concerns about potential links between the company and the Chinese state.
Independent security research has added to those worries. A study by cybersecurity company Finite State found that Huawei devices had an average of 102 vulnerabilities—more than any comparable vendor in their analysis—attributing much of the risk to the use of vulnerable open-source and third-party components.
Huawei has been involved in UK mobile networks over several technology generations. To manage potential risks, equipment has been examined at the Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury. Until recently, HCSEC stated it was confident that security risks could be mitigated. A later follow-up raised concerns, criticizing Huawei for being slow to address issues.
HCSEC’s report echoed Finite State’s findings about software vulnerabilities. It stated that continued work had identified significant concerns in Huawei’s software development practices, increasing risk for UK operators and necessitating sustained management and mitigation.
The UK government maintains that any final decision regarding Huawei will rest on its own national security assessments, while valuing input from international partners. “We’ve been through so much together historically that it would be foolish for us not to sit down as friends and allies and challenge each other,” Ridge said.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo events taking place in Silicon Valley, London, and Amsterdam.