US security officials acknowledge that some allies will continue to use Huawei 5G equipment despite repeated warnings, and they have begun planning for that reality.
Sue Gordon, deputy to the director of the US intelligence community, outlined the issue at a recent conference.
“We are going to have to figure out a way in a 5G world that we’re able to manage the risks in a diverse network that includes technology that we can’t trust,” Gordon said. “We’re just going to have to figure that out.”
The United States has stepped up pressure on allies to exclude Chinese network vendors over concerns about state influence. Huawei and other Chinese firms deny state control, but US security officials argue those companies could be compelled to assist Beijing with surveillance requests.
These concerns are long-standing, but they have intensified with the upcoming 5G rollout because next-generation networks are expected to support critical infrastructure and services such as smart cities, healthcare systems, and industrial controls.
“You have to presume a dirty network,” Gordon said. “That’s what we’re going to have to presume about the world.”
Across Europe, many operators installed Huawei equipment in their 4G networks and are reluctant to replace it for 5G because of the significant costs and the potential for prolonged rollout delays.
“We’ve already started to deploy equipment for when we launch 5G in the second half of the year,” Three CEO David Dyson said. “So if we had to change vendor now, we would take a big step backwards and probably cause a delay of 12 to 18 months.”
US officials are especially focused on the ‘Five Eyes’ intelligence-sharing alliance—composed of the United States, the United Kingdom, Australia, New Zealand, and Canada—fearing that a single weak link could compromise the entire partnership’s security.
To date, only Australia has enacted a full ban on Huawei equipment. The US itself has not issued an absolute ban either, but it has deterred many major operators by making companies that use certain Chinese vendors potentially ineligible for government contracts.
The United Kingdom and Canada have adopted a different approach by subjecting Chinese equipment to independent technical review by intelligence and cyber-security experts to check for backdoors and vulnerabilities before it is deployed in national infrastructure.
Earlier this week, the UK’s Huawei Cyber Security Evaluation Centre (HCSEC) published a critical report that said Huawei has been slow to address identified problems.
The report stated that “no material progress has been made by Huawei in the remediation of the issues reported last year, making it inappropriate to change the level of assurance from last year or to make any comment on potential future levels of assurance.”
Last year, HCSEC concluded it could no longer guarantee that risks to UK infrastructure from the use of Chinese telecoms equipment could be fully mitigated.
“HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators, which requires ongoing management and mitigation,” the latest report said.
Anticipating that Huawei will play a major role in many global 5G deployments—including in allied countries—US security planners are exploring technical mitigations. Proposed measures include broader use of strong encryption, stricter network segmentation, placing critical functions on verified, trusted components, and raising supply-chain and software development standards.
Interested in hearing industry leaders discuss these topics and share their experiences? Attend the Cyber Security & Cloud Expo World Series, with events scheduled in Silicon Valley, London, and Amsterdam, to learn more.