Following a lengthy process, the UK has finally made a decision on whether Huawei and other Chinese tech companies will be allowed to access the country’s 5G networks. And, as has been widely reported over recent days, the decision is to allow Chinese companies access to “non-core” parts of the UK’s 5G networks, but with new restrictions put in place.
In a press release from the Department for Digital, Culture, Media and Sport (DCMS), headed by Nicky Morgan MP, it was announced that: “New restrictions should be placed on the use of high risk vendors in the UK’s 5G and gigabit-capable networks.”
Ahead of the decision taken today, Prime Minister Boris Johnson chaired a meeting of the National Security Council (NSC), and it was agreed that the National Cyber Security Centre (NCSC) should issue guidance to UK Telecoms operators on high risk vendors following the conclusions of the Telecoms Supply Chain Review.
High risk vendors
High risk vendors are to be excluded from sensitive ‘core’ parts of 5G and gigabit-capable networks, and there will be a 35 percent cap on high risk vendor access to “non-sensitive” parts of the network. However, exactly what constitutes “core”, “non-core”, and “non-sensitive” is currently posing more questions for network operators, desperate for some clarity.
Although Huawei technology was not mentioned specifically in the announcement, the implications were clear, as Huawei has been regularly referred to by Number 10 and those sitting on the National Security Council as a “high risk vendor”.
A number of guidelines have been issued, and will be communicated to the UK’s mobile network operators (MNOs) over the coming days. But at the top level, these guidelines will require that “high risk vendors” be:
- Excluded from all safety related and safety critical networks in Critical National Infrastructure
- Excluded from security critical ‘core’ functions, the sensitive part of the network
- Excluded from sensitive geographic locations, such as nuclear sites and military bases
- Limited to a minority presence of no more than 35 per cent in the periphery of the network, known as the access network, which connect devices and equipment to mobile phone masts
However, the conclusion of the British government’s ‘Telecoms Supply Chain Review’ is likely to have consequences for the UK’s relationship with the US, which has repeatedly suggested that the UK remove all Huawei technology from the country’s network infrastructure, citing 5G security concerns and the potential for state intervention from the People's Republic of China (PRC).
“In spite of the persistent pressure from the US, it is not surprising that the UK has finally taken the decision to maintain Huawei technology as part of the nation's 5G infrastructure - with certain restrictions," said Jimmy Jones, Telecoms Cyber Security Expert at Positive Technologies.
Whilst the US has taken a more hard-line stance, the reality is that a lot of the major UK operators (Vodafone, EE and Three) have already purchased Huawei’s 5G infrastructure, which means a ban would have more impact in the UK than the US.
"If Huawei was taken away as an option, this whole process - including testing - would have to be started all over again," Jones said. "Overall, the UK has taken the decision not to give its economy a technological and financial handicap against fast-developing nations who have already chosen to use Huawei."