The UK government will allow Chinese tech giant Huawei to play a limited role in supplying the country’s 5G networks, it has been announced today.
The government said the package of restrictions being announced on “high risk” 5G vendors will allow it to “mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cybercriminals or state-sponsored attacks”.
The plan for managing risks related to the next generation of cellular network technology ends months of uncertainty over the issue — which has seen warnings that the delay is harming the UK’s competitiveness and its relations abroad.
Commenting on the decision in a statement, digital secretary Baroness Morgan said: “The government has reviewed the supply chain for telecoms networks and concluded today it is necessary to have tight restrictions on the presence of high-risk vendors.
“This is a UK-specific solution for UK-specific reasons and the decision deals with the challenges we face right now. It not only paves the way for secure and resilient networks, with our sovereignty over data protected, but it also builds on our strategy to develop a diversity of suppliers.”
The decision not to bar Huawei from upgrades to domestic networks signals a failure of U.S. diplomacy at the highest level.
In recent days American has been applying top-level pressure to its European ally — with the secretary of state, Mike Pompeo, tweeting Sunday night that the country faced a “momentous” decision. “The truth is that only nations able to protect their data will be sovereign,” he wrote.
President Trump has also made his preference for US allies to ban Huawei amply clear in public.
While the decision by UK prime minister, Boris Johnson, not to bow to US pressure is likely to cause shockwaves of displeasure in Washington, the move had nonetheless looked likely for months.
Last summer a UK parliamentary committee concluded there was no technical reason for excluding Huawei — though it suggested “there may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.
And while a report last March by a UK oversight body set up to evaluate the Chinese networking giant’s approach to security was withering in its assessment of its approach to security it did not call for an outright ban.
Then in April, a leak from the National Security Council indicated that the prior Conservative administration was preparing to provide a level of access to Huawei.
Since then the government had said it was waiting for a Telecoms Supply Chain review to be completed. (A UK General Election also intervened, as well as the ongoing national preoccupation of Brexit.)
Today marks the conclusion of the review and with it the announcement of new restrictions to manage 5G risks.
The government says vendors such as Huawei will be allowed a limited role in UK 5G networks — with exclusion from “sensitive ‘core’” parts of networks.
There will also be a 35 percent cap on high-risk vendor access to non-sensitive parts of the network (aka the access network, or periphery, where devices connect to mobile phone masts).
This cap will be kept under review — and could shrink further “as the market diversifies”, it suggested.
More generally, the government says it intends to work to support market diversification — saying it’s developing “an ambitious strategy” to further that goal.
“This will seek to attract established vendors who are not present in the UK, supporting the emergence of new, disruptive entrants to the supply chain, and promoting the adoption of open, interoperable standards that will reduce barriers to entry,” it adds.
A key issue related to the decision is that Huawei is the leading global vendor in 5G, with relatively few alternative providers — such as the European firms Ericsson and Nokia — none of whom are considered to offer a like-for-like option at this stage.
So a full ban on Huawei at this stage risks delays in rolling out national 5G networks which could hamper national competitiveness on an international stage.
“We want world-class connectivity as soon as possible but this must not be at the expense of our national security. High-risk vendors never have been and never will be in our most sensitive networks,” Morgan also said in her statement, adding: “We can now move forward and seize the huge opportunities of 21st-century technology.”
The UK’s National Cyber Security Centre (NCSC) will issue guidance to UK telecoms operators regarding the limits on high-risk vendors — which also include that such providers should be:
– Excluded from all safety-related and safety-critical networks in Critical National Infrastructure
– Excluded from sensitive geographic locations, such as nuclear sites and military bases