British authorities have allowed Huawei to take a limited role in UK 5G roll-outs. A former Australian cyberspook thinks that's a mistake.
"It is disappointing that the Brits are doing the wrong thing on 5G, having not exhausted other possibilities," wrote Simeon Gilding at The Strategist, the blog of the Australian Strategic Policy Institute (ASPI).
Until December 2019, he was the head of signals intelligence and offensive cyber missions at the Australian Signals Directorate (ASD). He now a senior fellow at ASPI.
Gilding was part of an ASD team that designed pages of cybersecurity mitigation measures which would "give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks".
"But we failed," he wrote.
ASD then asked itself what it could do if it had powers like the 2017 Chinese Intelligence Law. If it could actually direct a company which supplies 5G equipment to telco networks, what could we do? Could anyone stop them?
"We concluded that we could be awesome, no one would know and, if they did, we could plausibly deny our activities, safe in the knowledge that it would be too late to reverse billions of dollars' worth of investment," Gilding wrote.
"Ironically, our targets would be paying to build a platform for our own signals intelligence and offensive cyber operations."
Gilding's article explains that the hardest part of hacking is "the access problem". You need exploitable vulnerabilities, often a chain of them.
"If they are super great, the chances are Five Eyes agencies will need to disclose them, as the US National Security Agency [NSA] did recently when it found a Windows 10 security flaw," he wrote.
"As a citizen, I'm glad that hacking is difficult and that Five Eyes agencies think it [is] more important to protect their own national networks than to pursue those of their adversaries."
But if foreign vendors already have equipment in the network, and already have access points for maintenance, things become very different.
"Chinese intelligence agencies [would have] scaled and persistent access to hundreds of foreign telco networks via legally compelled Chinese suppliers of competitively priced, high-quality technology to these telcos."
Britain's decision is based on a misunderstanding of the architectural differences between 4G networks, and full 5G networks where the distinction between "core" and "edge" disappear, Gilding wrote.
"With 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network."
Gilding is also skeptical of the claimed cost savings of using Huawei's cheaper equipment.
"Leaving aside the obvious point that digital sovereignty and the integrity of critical infrastructure are priceless, I have not seen any independent analysis of the impact of excluding Chinese vendors from 5G," Gilding wrote.
Huawei's equipment continues to be banned from Australian 5G networks. In March 2019, defence minister Marise Payne called it a resolved question.
The company is working hard to change that, claiming rather boldly last month that 1,500 jobs would be lost if it were excluded.
It has also hired political law firm Xenophon Davis as its strategic counsel. Xenophon Davis is an eponymous firm set up by former politician and stunt machine Nick Xenophon and former investigative journalist Mark Davis.
Prime Minister Scott Morrison has been blunt about the ban, however: "We stand by it."
On Friday morning, both Australian major parties dismissed talk of revisiting the ban.
Canberra will not revisit the ban on Huawei supplying 5G equipment in Australia.
Reports suggest that the White House will allow some non-sensitive goods to be purchased by the Chinese firm.
Former Prime Minister who brought in Australia's anti-encyption laws says the technology can prevent potential tapping by telco equipment manufacturers.
Chinese tech giant's 2019 sales were lower than projected and 2020 will remain tough as the vendor remains on the US Entity List, warns rotating chairman Eric Xu, who highlights need for Huawei to diversify its supply chain to minimise business risks.
Chinese giant has labelled the ban a violation of US federal law.