Commentary: Why the UK had to say yes to Huawei

Commentary: Why the UK had to say yes to Huawei

Allowing the Chinese company to participate in its 5G mobile network was a matter of necessity, says Greig Paul.

Logo of Huawei is seen in Davos
The logo of Huawei is seen in Davos, Switzerland on Jan 22, 2020. (Photo: REUTERS/Arnd Wiegmann/File Photo)

GLASGOW: The UK’s decision not to ban China’s Huawei from being a supplier for its next-generation mobile network has caused ructions.

US politicians are outraged, with Newt Gingrich calling it a “major defeat” for his country.

In the UK, there could be a Tory rebellion against forthcoming legislation on the matter.

In truth, the government had little choice. When you look at the background, the decision is at least understandable – and more complex than just a security issue.

READ: Commentary: Out from the ashes of Brexit, the UK emerges into a brave new world

Mobile phone networks comprise two parts: the core and the radio access network or RAN. The core handles security-sensitive aspects such as user authentication, routing calls, data and so on. The radio network consists of base stations and other networking equipment across mast sites nationwide.

When a user makes a call or uses the internet, a signal from their phone is picked up by a base station and is passed across the radio network to the core, where it is routed to wherever it is supposed to reach.

While your call or data is encrypted, it is decrypted on the base station before being passed on - the base station can therefore see its content.

In the UK, the 5G equipment roll-out is well underway, with more to come. It’s difficult to get figures for the outlay by the four network operators – Vodafone, O2, EE and Three – but the radio network upgrade is certainly most of what is required and is spread throughout the country.

COMMERCIAL REALITIES

Huawei has been banned from supplying the network core, but is to be allowed to supply a maximum of 35 per cent of the radio network equipment. Let’s be clear here: the UK operators were lobbying hard for Huawei not to be excluded.

READ: Commentary: The US-China tech rivalry is fracturing the world and affecting trade, firms and jobs

They are all using the Chinese company’s equipment to some extent in the 5G upgrades to their radio networks. Though they are still having to rethink their 5G plans because of the partial ban, they were facing huge costs and delays to rolling out 5G if the equipment had to be removed altogether.

The British flag and a smartphone with a Huawei and 5G network logo are seen on a PC motherboard in
The British flag and a smartphone with a Huawei and 5G network logo are seen on a PC motherboard in this illustration picture taken January 29, 2020. REUTERS/Dado Ruvic/Illustration

This is partly because today’s 5G equipment piggybacks onto existing 4G base stations, and both the 4G and 5G kit tends to have to be supplied by one vendor. Banning Huawei would therefore mean replacing both 4G and 5G equipment. Vodafone alone said this would cost the company “hundreds of millions” of pounds.

Secondly, there are only three major radio suppliers: Huawei, Ericsson and Nokia (all of which manufacture in China). Excluding Huawei risked exposing operators to duopoly pricing. Partly for this reason, the government commissioned a review of the telecoms supply chain in 2018.

READ: Commentary: China makes inroads into Europe. That's creating some discomfort

The resulting report last July said the government would develop a new security framework, and consult with industry on the best way forward. It also highlighted the need for more supplier competition, but there seems no easy solution.

THE SECURITY ISSUE

Without a doubt, the network operators’ commercial interests are potentially at odds with UK security interests over Huawei. People often worry about the threat of “backdoors” in Huawei equipment and software that would allow remote control from outside the UK, but the issue is more systematic security failings in the software that could be remotely exploited.

READ: Commentary: Is Huawei dangerous because it’s Chinese? What about Facebook?

The 2019 report of the board that oversees the Huawei Cyber Security Evaluation Centre (HCSEC) said much of the software “lacks basic engineering competence” and “significantly increased risk to UK operators”.

The board could only give “limited assurance” about managing the risks, and said Huawei’s coding practices make the “job of any code auditor exceptionally hard”. In other words, the verifiers could miss insertions or oversights that might enable security breaches.

Another risk is that equipment suppliers usually have authorised remote access to their hardware to provide support or fulfil a managed services contract, and the equipment needs regular software security updates and bug fixes. Security updates could be vetted by HCSEC, but this would probably be a difficult undertaking to scale. 

There is also a lot of outsourcing in this sector, including to Huawei, which opens up further potential for security breaches.

The UK National Cyber Security Centre, which advises the government, concedes the risks of admitting Huawei, but thinks they can be made “acceptable” by limiting access.

FILE PHOTO:  Branding hangs outside a Vodafone shop in Oxford
FILE PHOTO: Branding hangs outside a Vodafone shop in Oxford, Britain, May 16, 2017. REUTERS/Toby Melville/File Photo

This may be challenging with the changes 5G may bring to mobile networks. For example, connected and driverless vehicles needing to exchange information quickly won’t route all their data traffic via the network core.

Instead, many 5G core functions may take place in the radio network, making it increasingly harder to define Huawei’s permitted area. And with base stations inherently connected to the network core, there is a limit to the isolation which can be put in place anyway.

RISKS AND REWARDS

Overall, however, the government seems to have been caught between a rock and a hard place: faced with wounding the UK network operators and slowing the 5G roll-out, it has sought a compromise.

READ: Commentary: Big Tech is showing some love to the US government – which comes as no surprise

To some extent, this is the consequences of deciding too slowly. Had the UK banned Huawei in 2018 like the US and Australia, the mobile operators’ 5G roll-out plans would have been at an earlier stage. The US also compensated some of its networks for the costs of equipment removal.

The UK government is instead looking to the future. Nicky Morgan, the culture secretary, told the House of Lords on January 28 that the government wants to attract established equipment vendors to the UK who are not already present, to support new disruptive entrants, and reduce barriers to market entry.

On established vendors, she may be referring to companies that make radio network equipment but don’t compete aggressively in this space: Samsung, for example.

FILE PHOTO: Britain's Digital, Culture, Media and Sport Secretary Nicky Morgan is seen outside
FILE PHOTO: Britain's Digital, Culture, Media and Sport Secretary Nicky Morgan is seen outside Downing Street in London, Britain October 24, 2019. REUTERS/Hannah McKay

As for new entrants, there may be a hope of enticing players who supply different types of networks, such as Cisco or Juniper. There is also significant potential to innovate in 5G networks. The UK’s Testbeds and Trials programme is enabling this and will continue to do so.

For the time being, the government can hardly be enjoying the fallout from its decision. To date, much focus has been on the confidentiality of communications over mobile networks, and risks of spying.

A bigger issue is the need to keep the mobile phone network running. We are in an era where everything from Uber and Deliveroo to most credit card machines cannot function without it

The nightmare scenario is a hostile state-affiliated actor shutting down or damaging the mobile networks. It may have effectively been impossible for the UK to say no to Huawei, but the current compromise is far from ideal.

Greig Paul is Lead Mobile Networks & Security Engineer at the University of Strathclyde. This commentary first appeared in The Conversation.


Source: CNA/ml

Bookmark