The UK government has decided to allow Huawei to participate in some parts of the country’s 5G network, in spite of the pressure exerted by Washington to block its involvement.
US Secretary of State Mike Pompeo visited London shortly after the UK government decision was announced. He said that the United States will help the UK reduce what the US says are the risks associated with involving Huawei in its 5G network.
Pompeo said that the close intelligence-sharing arrangements between the two countries would continue.
In its January 28 announcement, the UK government said that, having concluded its Telecoms Supply Chain Review, new restrictions will be placed on the use of so-called high risk vendors in the UK’s 5G and gigabit-capable networks.
High risk vendors are to be excluded from the sensitive so-called “core” parts of 5G and gigabit-capable networks. There will be a 35% cap on high risk vendor access to non-sensitive parts of the network. High risk vendors are defined as those who pose greater security and resilience risks to UK telecoms networks.
The relevant legislation will be introduced at the earliest opportunity.
Ahead of the decision being announced, UK Prime Minister Boris Johnson chaired a meeting of the National Security Council (NSC), where it was agreed that the National Cyber Security Centre (NCSC) should issue guidance to UK telecoms operators on high risk vendors following the conclusions of the Telecoms Supply Chain Review.
This advice is that high risk vendors should be: excluded from all safety related and safety critical networks in Critical National Infrastructure; excluded from security critical “core” functions, the sensitive part of the network; excluded from sensitive geographic locations, such as nuclear sites and military bases; limited to a minority presence of no more than 35% in the periphery of the network, known as the access network, which connect devices and equipment to mobile phone masts.
As part of the review, the NCSC carried out a technical and security analysis that offers the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.
The guidance sets out the practical steps operators should take to implement the government’s decision on how to best mitigate the risks of high risk vendors in 5G and gigabit-capable networks.
The UK government said that it has high certainty that these measures, taken together, will allow it to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals, or state sponsored attacks.
The review also highlighted the need for the UK to improve the diversity in the supply of equipment to telecoms networks.
Analysts say that this reflects concern about the way in which Chinese companies have been allowed to grow to a position of dominance in the global 5G market. There is already some limited 5G coverage in the UK, and all four of the UK’s major operators (EE, Vodafone, O2 and Three) are already using the company’s equipment in their 5G networks.
The National Cyber Security Centre has issued advice to telecoms network operators to help with the industry rollout of 5G and full fibre networks in line with the government’s objectives.
The decision concludes the Telecoms Supply Chain Review, first published in July 2019. The review was a comprehensive, evidence-based review, designed to ensure the security and resilience of the UK’s networks. It recommended new Telecoms Security Requirements (TSR) to provide clarity to the telecoms industry on what is expected in terms of network security.