UK to Allow Huawei Into Its 5G Networks

Posted on April 24, 2019 by Paul Thurrott in Cloud with 23 Comments

Britain’s National Security Council has agreed to allow China-based Huawei to participate in the country’s 5G networking infrastructure. That said, Britain will block Huawei from “core” parts of the 5G network

As was first reported by The Telegraph, Huawei will “help build parts of the network such as antennas and other ‘non-core’ infrastructure.”

“We welcome reports that the UK government is moving towards allowing Huawei to help build the UK’s 5G networks,” a Huawei statement reads. “While we await a formal government announcement, we will continue work cooperatively with the government and the industry and their evidence-based approach to network security.”

Some are criticizing allowing Huawei, which is based in China but privately-owned, into governmental infrastructure.

“It still raises concerns,” Tom Tugendhat, the chairman of Britain’s Foreign Affairs Committee, told BBC Radio. “The definition of core and non-core is a very difficult one with 5G. [5G] does change from a faster internet system into an internet system that can genuinely connect everything, and therefore the distinction between non-core and core is much harder to make.”

The decision is also a rebuke to the U.S. government, which has pushed for its allies to block Huawei and other China-based tech giants from 5G networks around the globe. Too, the UK decision will likely be used as a template by other countries in the EU and elsewhere when it comes to working with Huawei.

The issue? Not everyone is convinced by the United States’ evidence-free arguments against Huawei. And the UK, in particular, has argued for security and engineering over the nationality of the company.

“When we analyze a company for their suitability to supply equipment to the UK’s telecoms networks, we are looking at the risk arising from their security and engineering processes as well as the way these technologies are deployed in our national telecom networks,” Jeremy Fleming, the head of Britain’s GCHQ spy agency said Wednesday. “A flag of origin of 5G equipment is important but it is a secondary factor.”

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (23)

23 responses to “UK to Allow Huawei Into Its 5G Networks”

  1. codymesh

    still waiting on someone to provide actual clinical/digital forensics evidence as proof of Huawei's spying other than people saying "the CEO used to be part of the PLA!!!!"

      • wright_is

        In reply to anderb:

        Is that any worse than the backdoors in Cisco hardware or the CIA malware added to HP kit in transit?

        Or similar vulnerabilities in Intel, AMD, nVidia, Lenovo, Apple or other vendor's drivers?

        • anderb

          In reply to wright_is:

          "Is that any worse than the backdoors in Cisco hardware or the CIA malware added to HP kit in transit?"


          If it was used for industrial espionage then it probably is worse, unless the CIA favors Chinese businesses over American ones.


          "Or similar vulnerabilities in Intel, AMD, nVidia, Lenovo, Apple or other vendor's drivers?"


          The security write-up I read on this particular vulnerability essentially said that Huawei had introduced the vulnerability by attempting to do something themselves that Windows already had a built-in and secure mechanism to do on behalf of the vendor. So, sure, it could just be explained away as general incompetence. Then again, that's also the perfect disguise for any intentional backdoor isn't it?


          I don't think those calling for 'proof' of Huawei's 'spying' are ever going to find a hidden 'huaweispytool.exe' on their Matebook.


          • skane2600

            In reply to anderb:

            The evidence that Huawei used this vulnerability for industrial espionage is exactly the same as the evidence that these other companies used it for industrial espionage, that is absolutely none.


            Not every capability of Windows is well documented and developers take alternate approaches all the time. Doing so isn't really evidence of any bad intent. It's true that a backdoor could be subtle, but there has to be an end-to-end "solution" to actually obtain key information from key players.

            • sandy

              In reply to skane2600:

              You sound so defensive, as if you work for Huawei (or the Chinese government).


              The fact is a company based in a country which is a dictatorship, such as (but not only) China, there is the added risk that the government will force the company (or employees) to use or introduce a backdoor in a future update, and allow a country's critical networking infrastructure to be spied upon, re-routed, or even entirely shut down during a confrontation (imagine during a military escalation/conflict).


              This is about a risk assessment for critical network infrastructure of the near future, not about racism, or xenophobia, so to demand proof that such a capability has already been used is the wrong question and unreasonable.


              Other supply chain risks also need to be addressed, but that doesn't discount the increased risk from a company based in a country which is a dictatorship known for killing unarmed protestors, including by sending tanks in to run over them.

              • wright_is

                In reply to Sandy:

                The US has similar laws, which would force manufacturers to add evesdropping / backdoor facilities to their hardware and software in an emergency. You point is?

                As a European, there is no difference, whether it is the USA listening in or the Chinese. One is exactly as offensive as the other.

                Then there is the fact that most hardware these days is built in China, so they could just as easily install backdoor in the latest iPhones or Android devices on the production line...

                And if China is a dictatorship, why let any Western company produce there? Make a public backlash and only buy hardware made in non-dictatorship lands. But it would cost a lot more, so people put up with it.

              • skane2600

                In reply to Sandy:

                I believe in facts and evidence. If the US government is banning Huawei solely because of China's system of government, they should say so. Of course competition with US companies could also be a motivation.

      • skane2600

        In reply to anderb:

        So, are you taking the position that any vulnerability should be classified as a backdoor? Is there any record of Huawei or any other entity compromising a system due to this vulnerability? If that was the intention, why wasn't it done before it was fixed. And what exactly would Huawei have to gain by exploiting it? If there was a widespread attack that was specific to Huawei's laptop the negative economic impact on their bottom line would likely far exceed any financial advantage of exploiting it.

        • anderb

          In reply to skane2600:

          "So, are you taking the position that any vulnerability should be classified as a backdoor?"


          Any vulnerability that allows unauthorized access can be used a backdoor. Are you suggesting an intentional backdoor has to be clearly labelled as such?

          • skane2600

            In reply to anderb:

            It doesn't matter what definition one wants to use, as long as it's applied consistently. So if a vulnerability in Huawei's driver means one should never use Huawei products then a vulnerability in any vendors product should also preclude them from being used. Any other approach is political not technical.

    • lvthunder

      In reply to codymesh:

      You probably need a high security clearance to see that.

      • skane2600

        In reply to lvthunder:

        Absolutely no reason for such information to be classified if it's actual "clinical/digital forensics evidence" since the techniques required to obtain such information have been known publicly for decades. Now if the "evidence" is Agent X in China told us so that's different.

  2. txag

    Like allowing the camel’s nose into the tent.

  3. Username

    Telcos don’t and won’t vet vendor code or updates. That’s why a blanket ruling is required by country’s security agency who need to consider possibility not just ability.

  4. bart

    Very difficult subject as there is clear political motivation by the Trump administration akin the Bush claims of nukes in Iraq.

    Not sure we'll ever see the big picture until the damage is done

  5. lvthunder

    Leo said on MacBreak Weekly that the CIA is telling people that Hhuawei is being funded by the Chinese government.

  6. roho

    Huge mistake by the UK.

    • wright_is

      In reply to RoHo:

      The problem is, there isn't much choice at the moment. If you want 5g, you need Huawei. The likes of Ericsson and Nokia aren't far enough along and Cisco and other US based companies have already been shown to have been compromised. They have had CIA/NSA mods added to their hardware in transit and Cisco has spent the last 18 months or so removing dozens of backdoors from their hardware and iOS systems.

      Huawei has only allegations against it, plus some "normal" security problems, like buffer overflows, which they have said they will address.

    • DaveHelps

      In reply to RoHo:


      Given the scale and sophistication of modern supply chain attacks, it’s going to be impractical for any country to hope that they can get “secure” equipment by selecting vendors based on country of origin.

      Even if all the equipment was designed, built and assembled in the UK by companies owned by the Queen, there would still have to be regular reviews, security assessments, monitoring and corrective action to continuously improve the security of the network.

Leave a Reply