UK Deems Huawei a Manageable Risk for 5G

Security experts have broadly welcomed the UK’s decision to allow Huawei to participate in non-core 5G network infrastructure, even if nearly half of consumers believe the Chinese firm represents a cyber-threat.

The government confirmed long-running rumors yesterday that it would defy Washington and allow the Shenzhen telecoms kit maker to contribute to its carriers’ 5G networks.

However, it appears to have dialed down tensions with the US by: designating the firm a “high risk” vendor, excluding it from core parts of the networks, nuclear sites, military bases and critical infrastructure and limiting its presence to no more than 35% of non-core networks.

National Cyber Security Centre (NCSC) CEO, Ciaran Martin, claimed the decision will give the UK “a very strong, practical and technically sound framework for digital security in the years ahead.

“The NCSC has issued advice to telecoms network operators to help with the industry rollout of 5G and full fiber networks in line with the government’s objectives,” he added.

“High-risk vendors have never been – and never will be – in our most sensitive networks. Taken together these measures add up to a very strong framework for digital security.”

This is despite some experts, such as Australian Signals Directorate director-general, Mike Burgess, warning that there is no distinction between core and non-core parts of a 5G network, meaning that a threat anywhere in the network could be hard to contain.

Malcolm Taylor, director of cyber advisory at ITC Secure and former GCHQ intelligence officer, welcomed the UK news as evidence of politicians listening to the UK’s security agencies, who have repeatedly claimed the Huawei risk is manageable.

A dedicated Huawei Cyber Security Evaluation Centre (HCSEC) staffed partly by GCHQ boffins has been running for years to scrutinize the firm’s products. Although it recently found serious security shortcomings, they were not thought to have been engineered deliberately.

“There is risk in using Huawei – the point is managing it. Already heavily monitored and managed, Huawei can expect to see that scrutiny only increase,” Taylor added.

“There is no hard evidence of any espionage using Huawei technology, globally, and Huawei senior figures have made this point again and again. The UK’s security apparatus believes the risk can be managed. What more do we need?”

Dimitris Mavrakis, research director at ABI Research, congratulated the UK for not being pressured by geopolitical tactics, and said it was a good compromise between security and 5G development.

“The fact that Huawei is quite well deployed for 5G in the UK means that it would be a massive disruption to stop or worse, remove this infrastructure. This could set UK operators years behind in the 5G market,” he continued.

“Plus, Huawei has already been well deployed for 4G across the UK. Even if Huawei is blocked for 5G, how can anyone guarantee that security-sensitive communications will go over these non-Huawei 5G networks, and not Huawei 4G networks?”

That said, a GlobalData poll this week revealed that UK consumers are virtually split down the middle in their view of Huawei: 47% said they thought the firm was a security threat while 53% did not.

What’s Hot on Infosecurity Magazine?