CNI exclusions unlikely to placate US partners
Prime Minister Boris Johnson has controversially agreed to allow Huawei equipment into Britain’s 5G networks, in a move likely to enrage Donald Trump’s administration, and greeted by Republican stalwart Newt Gingrich today as “a major defeat for the United States.” The UK Huawei decision, in brief, is as follows:
- Huawei will be limited to a minority presence of 35 percent in the “periphery of the network” which connect devices and equipment to mobile phone masts
- It will be excluded from safety critical networks in Critical National Infrastructure, nuclear sites and military bases
- HMG will develop an “ambitious strategy” to help diversify the supply chain, including supporting ” new, disruptive entrants”
UK Huawei Decision: Setting the Scene for a Mighty Row
Since 2010, Chinese telecommunications giant Huawei has been forced to pass every device headed to the UK through a factory set up by GCHQ, where products are weighed, measured, and often found wanting.
The Huawei Cyber Security Evaluation Centre (HCSEC), which oversees this prodding and poking, does not hold back about what it finds.
Its last annual report [pdf], published in March 2019, revealed Huawei flaws that cause “significant cyber security and availability risks”. HCSEC said at the time it is “not confident” Huawei can remediate these “significant problems”.
But security figures at the highest echelons of the British government have previous urged against an outright ban. As the outgoing head of the country’s National Cyber Security Centre put it at the CYBERSEC 2019 conference: “Last year, the NCSC publicly attributed attacks… [on] telecoms networks, to Russia…
“Those networks didn’t have any Russian kit in them, anywhere”.
He added: “If you’ve built a telecommunications network in a way that the compromise of one supplier can cause catastrophic national harm, then you’ve built it the wrong way.”
It’s an attitude that appears to won out, despite pressure from the US.
Victor Zhang, Vice-President, Huawei, said today: “Huawei is reassured by the UK government’s confirmation that we can continue working with our customers to keep the 5G roll-out on track. This evidence-based decision will result in a more advanced, more secure and more cost-effective telecoms infrastructure that is fit for the future. It gives the UK access to world-leading technology and ensures a competitive market.”
“We have supplied cutting-edge technology to telecoms operators in the UK for more than 15 years. We will build on this strong track record, supporting our customers as they invest in their 5G networks, boosting economic growth and helping the UK continue to compete globally.”
He added: “We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology.”
Huawei’s build quality remains poor.
HCSEC last year warned that Huawei’s underlying build process provides “no end-to-end integrity, no good configuration management, no lifecycle management of software components across versions, use of deprecated and out of support tool chains (some of which are non-deterministic) and poor hygiene in the build environments”.
But it also said it “does not believe that the defects identified are a result of Chinese state interference”, and US kit has also been rife with security flaws.
See also: Critics Hit Out at Cisco After Security Researcher Finds 120+ Vulnerabilities in a Single Product
Vulnerabilities previousky identified in Huawei equipment include unprotected stack overflows in publicly accessible protocols, protocol robustness errors leading to denial of service, logic errors, cryptographic weaknesses, default credentials and many other basic vulnerability types, HCSEC reported.
The decision today concludes the Telecoms Supply Chain Review, first published in July 2019. But to some market watchers, it is all a mighty distraction from the underlying issue, which is that there is little incentive yet for telcos to really build out 5G infrastructure anyway…
Is this all a Distraction from the Bigger Issue?
As Angus Ward, CEO of BearingPoint//Beyond, the management and technology consulting firm put it in an emailed comment: “[This decision] means UK operators can move forward with their plans for 5G roll-out. In my view, this news could take focus away from what should be the main focus of mobile operator boards: how well are they prepared to monetize their massive 5G investments, how do they get a suitable return on investment?
“Significant questions around the economics of 5G remain. 5G networks are expensive. Rapidly available consumer-led services will bring substantial subscriber numbers – but they’ll fail to generate enough revenue by themselves to justify 5G’s expense. Indeed, I would expect to see a ‘re-run’ of the 4G experience – where operators build the networks and other companies extract the real value.
“The commercial success of 5G is entirely dependent on business customers. Most operators around the world, and especially in Europe, are way behind putting in place the platform-based business models and partner ecosystems essential to serving businesses. They still need to complete the intellectual and technological groundwork necessary to recoup their massive investments and ensure their relevance in the 5G era. Today’s decision encourages speed to market, but robs operators of the time they need to make their businesses ‘5G-ready’.”