Keeping Huawei out of the core of the UK’s 5G infrastructure is “feasible and plausible”, a cyber policy expert has told the Defence Committee during its inquiry into the risks of using the Chinese telco’s mobile equipment in Britain’s 5G rollout.
Speaking in the first evidence session of the inquiry, Emily Taylor, CEO of cyber intelligence consultancy Oxford Information Labs told the committee that while the non-core and core could blend in theory, “in practice they are not going to”.
It is “feasible and plausible” to keep a high-risk vendor such as Huawei out of the “brains” of the network as a means of managing risk, she said.
“While in theory the intelligent ‘brains’ of the 5G network could extend right to the edge, where people interact with the network, in practice it won’t and there is a ring around it that you could plausibly describe as the periphery, as non-core,” she added.
Britain’s 5G network can broadly be broken down into four parts: the transition networks, which act like pipes carrying the data; the core, which is the ‘brains’ of the network; access networks, which are the radio masts and the management system, which provides business support.
Huawei is banned from the core and management system. However, there are concerns that as edge computing becomes more commonplace and data is processed closer to the location it is needed, it will become more difficult to keep the non-core parts of the network separate.
André Pienaar, managing partner of cybersecurity investment firm C5 Capital, told the committee that the lines between core and non-core will become more blurred in the future, but this remains “five to six years away”.
Huawei 5G debate far from settled
It follows the UK’s decision in January 2020 to allow telecommunication firms to use Huawei technology in the non-core parts of the country’s network, capped at a 35% market share.
The decision came after delays of more than a year and political pressure from the US, which has banned Huawei technology and views it as a security threat.
British intelligence agencies ignored President Donald Trump’s threats to shun the UK from the Five Eyes intelligence-sharing group, arguing that it could manage the risk.
Since 2010, the Huawei Cyber Security Evaluation Centre (HCSEC), overseen by GCHQ, has been scrutinising Huawei’s mobile technology.
A 2019 report found “serious and systematic defects” in its software and cybersecurity practices, but to date has found no evidence of malicious behaviour.
Taylor said that while the report made “pretty grim reading”, the UK’s management of the Huawei issue has “been quite well done; it has been evidence-based and cautious”.
She pointed out that Huawei’s network technology is already in the UK’s 4G network and that the Chinese firm has had a presence in the UK since 2003.
Taylor said while Huawei technology could be phased out during repairs, maintenance and upgrades, that would not be feasible in the “medium-term” because 5G will “technically sit on top of existing infrastructure”.
She highlighted that Australia and the US banned Huawei and ZTE in 2012, which means their existing infrastructure is not “nearly as dependant on Huawei” as the UK’s, making them “more free to manoeuvre”.
“And so the approach has been one of risk mitigation, of risk management, to ensure that our people understand how the equipment is working, what its vulnerabilities and flaws are,” she said, adding that the UK’s decision was the “least worst option”.
China’s growing dominance
Pienaar and Taylor agreed that more vendor diversity and interoperability among 5G firms is needed to create a healthier telecommunications market.
An Anglo-American partnership that works with South Korea and Japan is feasible withing 3-5 years, Pienaar added.
At the heart of the discussion was China’s growing technological might, for which Huawei can be seen as a proxy.
“I think that often Huawei is a lightning rod for justifiable concerns about how comfortable do we feel about a technological world order where China is the superpower,” said Taylor.
Pienaar warned that the UK should be wary of a 2017 Chinese law that gives the state the power to compel companies, including Huawei, to “support, assist and cooperate with the state intelligence work”.
“It’s very hard to compare Huawei to the other players in the market because it’s comparing apples to pears,” he said.
“This entity has a completely different construct and makeup to what we consider to be independent companies that have independent governance, independent shareholders. Huawei is embedded in the Chinese state.”
At a geopolitical level, Huawei’s close ties to the Chinese state is also seen as a bellwether for a national security landscape that is increasingly digitally focused.
“Several countries, including China, are building their warfare doctrine on information dominance,” said Pienaar.
“So in line with this thinking, the belligerent party that will dominate the information on the battlefield and that will dominate information globally will be the winner of the wars of the future.”
Despite strong bipartisan support for banning Huawei in US, Taylor points out that there is no concrete evidence showing Huawei “overstepping the line” in practice.
Countries banning Huawei would not be able to completely avoid China in the technology supply chain, Taylor added.
“And so if you’re going to make national security type of decisions solely based on the flag of the vendor, you’re going to have to do a lot of digging right back into the supply chains and all of the manufacturing of all of your vendors and try to root out China,” she said.