14 May 2019 by Kirsty-Anne Jasper
The Huawei fiasco shows that serious lessons must be learnt
The name Huawei (pronounced wah-way) has barely been out of the press in the past few weeks with resignations, leaks, national security threats and government-awarded contracts all drawing headlines and eyebrows.
The issues began when the UK government agreed to allow the Chinese telecommunications company to supply equipment for the UK’s 5G network, despite serious warnings about security risks.
The UK opted to allow Huawei to have a limited role in the network’s expansion, placing them in opposition to the US who are pressing for its allies in the ‘Five Eyes’ intelligence grouping – the UK, Canada, Australia and New Zealand – to exclude the company on security grounds.
Australia too, opposed the move, having already blocked its networks from using Huawei’s 5G technology. They concluded in August that it was impossible to ‘mitigate’ the national security risks involved in allowing Huawei to form any part of its 5G network, because next-generation networks would operate in a different way to their predecessors.
The changes allow for a greater risk of a cyber-attack. Speaking about the decision, the director general of the Australian Signals Directorate, Mike Burges, said: “Elements of the power grid may not work, water supply [and] sewage pumps may not work – it has the potential to impact our country greatly”.
Huawei has denied that it would ever compromise a client’s network because
it had been ordered to by Beijing, saying that they have been: “targeted by a sustained campaign of ill-informed accusations that its involvement in 5G infrastructure somehow poses a threat”.
The UK government acknowledged concerns surrounding the Chinese firm, but believed that they could mitigate the risk by only using their equipment for part of the project, namely the radio access network (Ran) equipment – which allows individual devices to wirelessly connect to mobile data networks via radio signals transmitted over the airwaves.
This is a direct contradiction to the US position. They believe that it is unsafe to use Huawei kit in any part of a 5G network. They are also pursuing legal cases alleging the firm has engaged in systemic intellectual property theft and fraud. Huawei denies these claims. The US State Department’s Ambassador Robert Strayer, said that:
“We view there to be no relevant distinction between the core and the edge of a
5G network. That distinction had existed in 4G networks because you basically had a smart core – where the intelligence and the software ran – and the edge was dumb, because it was just for the transmission of data to the core. In a 5G network, much of the smart computing capacity... will move to the edge. Due to the configuration of 5G networks with computing at the edge and reliance on those networks for the provision of critical services, untrusted equipment should not be allowed in any part of the network”.
Theresa May reached the decision that Huawei should only be able to provide be banned from supplying core parts of the future 5G mobile phone network, following a meeting of ministers on the National Security Council (NSC).
It is widely believed that the government stopped short of delivering an outright ban in order to maintain relationships with China.
The UK has historically taken a cautious approach to Huawei, but has not called for an outright ban. GCHQ has called for an understanding of the opportunities and threats posed by Chinese firms.
When delivering the Fullerton lecture at a conference hosted by the International Institute for Strategic Studies (IISS) in February, Jeremy Fleming, who has been GCHQ’s director since 2017, said:
“We have to understand the opportunities and threats from China’s technological offer, understand the global nature of supply chains and service provision irrespective of the flag of the supplier [and] take a clear view on the implications of China’s technological acquisition strategy in the west”.
We must “help our governments decide which parts of this expansion can be embraced, which need risk management, and which will always need a sovereign, or allied, solution. It’s a hugely complex strategic challenge which will span the next few decades…probably our whole professional lives. How we deal with it will be crucial for prosperity and security way beyond 5G contracts”.
When discussing online attacks, Fleming went on to say that GCHQ needs “in extremis, to be able to use cyber tools to disrupt, deny or degrade” threats from overseas though such actions must be “governed by appropriate international and domestic laws” and be legal, necessary and proportionate. “Offensive cyber is an essential part of a nation’s cyber toolkit”.
The decisions reached and discussions held by the NSC are contentious as they became public knowledge following a leak from the meeting to a journalist at The Telegraph.
The NSC is made up of senior cabinet ministers and its weekly meetings are chaired by the prime minister, with other ministers, officials and senior figures from the armed forces and intelligence agencies invited when needed.
It is a forum where secret intelligence can be shared by GCHQ, MI6 and MI5 with ministers, all of whom have signed the Official Secrets Act, therefore a leak was highly concerning.
Defence secretary, Gavin Williamson, has denied being the source of the leak despite being sacked by the prime minister who stated that she had “compelling evidence” that he was the source and that “no other, credible version of events to explain this leak has been identified”.
Labour’s deputy leader Tom Watson called for a police inquiry to investigate whether or not Mr Williamson breached the Official Secrets Act but the police have stated that the leak did not amount to a criminal offense.
Regardless, the leak shows a strength of feeling regarding the role that Huawei will play in the UK’s digital future. Geopolitics are an important consideration but not at the expense of national security. Whether this will ultimately be the case, remains to be seen.