5G, security and Huawei: Why the UK is taking a different approach

The old certainties about where technology comes from are going away. That means tough choices ahead.
Written by Steve Ranger, Global News Director

The message from the UK's cyber spies — and perhaps more importantly cyber-spy hunters — was polite, and measured, but also clear. When it comes to 5G and Huawei, we've got it covered.

As well as giving us more bandwidth for our smartphones, over the next few years 5G networks will underpin all sorts of innovations, from self-driving cars to smart cities. Beyond our phone calls, selfies and emails, vast amounts of sensitive data will flows over these networks. That means who builds the underlying technology and how secure it is have gone from being a matter for technical experts to one that politicians have suddenly started caring about, too.

That is why, even though the ongoing race to build 5G networks should mean good times for the companies selling the technology behind it, for Huawei the last few months have played out rather differently, as Western governments have raised concerns about having a Chinese company providing such essential infrastructure.

Australia has blocked Huawei from its 5G networks on national security grounds, and the New Zealand government late last year turned down a request from one operator to use Huawei kit in its 5G network. The US has long had concerns about the Chinese networking giant, banning it from government contracts back in 2014. More recently it has been increasing pressure on countries including the UK to dump Huawei. However, the message from the UK's cybersecurity agency this week will be interpreted by many as pushing back against the US campaign.

The UK has long taken a different path to the US in its attitude towards Huawei. The company's hardware has been used in UK telecoms networks for many years, long before 5G was even thought about. And for a number of years the UK has required the Chinese tech company to submit its products for review at a centre in Oxfordshire, which examines equipment for potential security flaws before it goes into service.

Still, this hasn't stopped UK operators from getting nervous recently; in December EE said it would not be using Huawei equipment in the core of its 5G network and was in the process of removing its hardware from the core of its 3G and 4G networks, and Vodafone has also said it would 'pause' the deployment of Huawei kit in its core network. Yet only this week Huawei and three UK operators — Vodafone, EE and 3 — demonstrated a four-way 5G video call.

SEE: IT pro's guide to the evolution and impact of 5G technology (free PDF)

Ciaran Martin, head of the National Cyber Security Centre (NCSC), said in a speech this week that the way the UK monitors Huawei is the toughest and most rigorous oversight regime in the world — and that it is proving its worth.

The UK government is currently looking at the issue of 5G security, with a review expected to be published in the spring that could include a decision on whether Huawei technology can be used in 5G networks. But the message coming from NCSC seems to be that the risk is manageable. While Martin would not be drawn on whether the US has provided any new evidence about Huawei's activities, he said he would be obliged to report evidence of deliberately malevolent activity by the networking giant — something he has not done.

Still, critics of Huawei worry that that technology supplied by Chinese companies could be used, at some point in the future, by the Chinese government to spy, and point to a 2017 law that could force the companies to comply. Indeed, a recent report from the well-respected RUSI defence think tank warned that allowing Huawei to be involved in UK 5G networks was "at best naive, at worst irresponsible".

The UK's cybersecurity agency argues it has taken this into account. Ian Levy, NCSC technical director, published a blog which noted that even back in 2003 their planning included the assumptions that the Chinese state "could compel anyone in China to do anything (which they've now codified in their National Intelligence Law) [and] would carry out cyberattacks against the UK at some point (which we've recently publicly confirmed)".

NCSC's point is that there is a lot more to security than just where the kit comes from. Telecoms security in general needs to be a lot tighter. As Levy points out: "If your passwords are all system defaults, it doesn't matter whose kit you use, you're stuffed." Networks also need to be more resilient — as Levy says, operators need to assume that every box in the network will fail in the worst possible way, but should design the system so that it's not the end of the whole network when it does.

But NCSC is also worried about there being enough suppliers in the market that there isn't a dangerous concentration of power in one place. Banning one of the biggest companies from the market isn't going to help much with that.

Levy makes the point: "If 5G is going to be the engine of growth and change for the UK economy that people expect, we need our implementations to be secure enough to enable that. That will need many things, not least a diverse and sustainable supply base, better cyber security in the equipment and software used, and uplifting the basic security of the networks we have today as they evolve to support a safe, digital future."

In this, the UK may have found an unexpected ally. US President Donald Trump has been tweeting about 5G and and 6G this week, saying "American companies must step up their efforts, or get left behind," he said. But he also added: "I want the United States to win through competition, not by blocking out currently more advanced technologies," suggesting an openness to rivals that is somewhat unexpected.

5G networks will be a key part of our future infrastructure. Ensuring they are secure and robust is absolutely vital. And Western governments are right to be worried about the potential reach of China being extended through technology; China has a long history of conducting sophisticated cyber-espionage campaigns and continues to do so. None of this should be forgotten.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

The bigger issue is that, thanks to Silicon Valley, most of the computing infrastructure around the world has until now been built to a large extent by US and European companies.

That has given the US and its allies a certain sense of security; while they might not be able to understand every line of code running vital systems, at least the companies and people building these systems were local and subject to their laws and regulation.

In the future, that will be less and less the case. Western governments are now recognising, and wrestling, with the fact that not every tech innovation will necessarily be a home-grown development or even one created by a close ally.

China has long been the place where the world's computer hardware has been manufactured; increasingly it is where it is being designed. China is also forging ahead in areas like artificial intelligence (AI), which will bring with it fresh concerns.

In some respects the row over Huawei embodies bigger worries about the rise of China and how to engage with it, without losing out. Western worries about intellectual property, security and creating a level playing field so that their companies can also compete in China will continue to grow, too. None of these concerns will be easy to resolve any time soon. 

The UK government will soon finish its review. But however the row over Huawei's involvement in 5G networks is resolved, expect similar, and thornier debates about technology in future. 


Editorial standards