Britain has said it is “not yet in a position” to make a final decision about Huawei’s involvement in 5G networks, while announcing that stronger, industry-wide security controls will be introduced.
The debate over Huawei’s role in 5G has been ongoing for years and echoes earlier concerns around previous-generation networks. At present, Huawei equipment in the UK is subject to inspection at the Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury.
Until last year, HCSEC reported confidence that security risks could be sufficiently mitigated. A follow-up report this year criticised Huawei for being slow to address outstanding concerns.
Central to the controversy is the allegation that Huawei is subject to control by the Chinese state and could be compelled to assist in espionage — a claim the company has consistently denied.
Because the debate has continued for so long, UK operators have already begun rolling out 5G networks. Huawei components are currently being used across every UK mobile network, so a ban now would be costly, disruptive, and could undermine the UK’s current leadership in European 5G deployment.
“We’ve already started to deploy equipment for when we launch 5G in the second half of the year,” said Three CEO David Dyson. “So if we had to change vendor now, we would take a big step backwards and probably cause a delay of 12-18 months.”
Across the European Union, member states are working toward a common approach to managing 5G risks. Earlier this week, 24 of the EU’s 28 member states completed national 5G risk assessments to feed into an EU-wide evaluation scheduled for October.
The European Commission says the assessment will concentrate on three core areas:
- the principal threats and actors that could affect 5G networks;
- the sensitivity of different 5G network components, functions, and other critical assets;
- and a range of vulnerabilities, including technical weaknesses and risks arising from the 5G supply chain.
“The completion of the risk assessments underlines the commitment of Member States not only to set high standards for security but also to make full use of this groundbreaking technology,” said Julian King, Commissioner for the Security Union, and Mariya Gabriel, Commissioner for the Digital Economy and Society, in a joint statement.
“We hope that the outcomes will be taken into account in the process of 5G spectrum auctions and network deployment, which is taking place across the EU now and in the coming months. Several member states have already taken steps to reinforce applicable security requirements while others are considering introducing new measures in the near future.”
The UK’s decision on Huawei will now be taken under a new prime minister, most likely former London mayor Boris Johnson. The choice may not be finalised until after the UK’s planned departure from the EU in October, and Washington will be closely monitoring decisions made by its European allies.
The United States has led international pressure to exclude Huawei from 5G networks and has warned it could reduce security cooperation with countries that choose otherwise.
“Insufficient security will impede the United States’ ability to share certain information within trusted networks,” warned US Secretary of State Mike Pompeo in May. “This is just what China wants — to divide Western alliances through bits and bytes, not bullets and bombs.”
While the UK has not yet decided Huawei’s fate in 5G, it has committed to implementing broader telecoms security measures.
In a statement to Parliament, UK digital minister Jeremy Wright outlined the findings of an independent review, saying that existing industry protections were unlikely to be adequate to address identified security risks and to achieve the desired outcomes.
“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes. So, to improve cybersecurity risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security-based regime than at present.”
“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”
The review also recommends significant penalties for carriers that fail to meet the tougher security standards, suggesting fines on a scale comparable to those for breaching data protection regulations.
Interested in hearing industry leaders discuss topics like these? Attend co-located industry events covering IoT, blockchain, AI and big data, and cybersecurity and cloud technology, which run in locations including Silicon Valley, London, and Amsterdam.