UK.gov: Hi, it looks like you're procuring comms infrastructure. Might we suggest... all vendors?
Ministry of Fun review likely to recommend happy shopping
Huawei is girding itself for the results of a UK government review that could recommend telcos buy network equipment from different vendors.
The Department for Digital, Culture, Media & Sport's (aka the Ministry of Fun) telecoms supply chain infrastructure review is expected to deliver its conclusions in May, and is likely to recommend that networks such as those run by mobile operators forswear buying end-to-end solutions from one vendor, and source from competitors in each network layer.
"For an emerging economy it makes sense to buy from one supplier as there are enormous potential savings," a Huawei spokesperson unsurprisingly told us, acknowledging that mature markets worked differently.
Huawei sells end-to-end gear across the three layers of network: the core, transmission and access layers. BT, Huawei's first champion in the UK, has a corporate procurement policy of not using the Chinese company's kit in the core network, and when it acquired EE asked the mobile operator to fall in line.
A multi-vendor rule would formalise what was an informal procurement policy – asking buyers not to use one vendor only in one layer of the network, and use multiple vendors across layers.
Potential customers in Europe typically implement a multi-vendor strategy, as Vodafone explained recently. In a feisty defence of its procurement strategy, Vodafone said it would mix Huawei and Ericsson gear in its RAN (aka access) layer, use Nokia and Ciena (and others) in its transmission network, and a variety of non-Chinese vendors in its core network.
But it was committed to using Huawei for the radio, given the company's lead in 5G. Banning Huawei would cost Voda "hundreds of millions and slow down deployment", said Vodafone CTO Scott Petty. By contrast Hutchison's Three network has gone for Huawei for its entire radio access network.
The Ministry of Fun's likely recommendation of a multi-vendor strategy shouldn't be a surprise. NCSC boffin Ian Levy recently commended it as a way of mitigating risk. Levy noted that networks may find it "easier to stick with your 4G vendor for your initial 4G rollout for NSA [non-standalone] deployments", he wrote.
That said, Huawei was savaged by a detailed and highly critical annual Oversight Board review published last week. The Oversight Board reviews the work of "The Cell" in Banbury – an independent centre set up by Huawei which permits GCHQ to pore over Huawei source code for vulnerabilities and iffy practices.
The board said: "Work has continued to identify concerning issues in Huawei's approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation."
It added that in some cases, "remediation will also require hardware replacement (due to CPU and memory constraints) which may or may not be part of natural operator asset management and upgrade cycles… These findings are about basic engineering competence and cyber security hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors."
Plainly getting a bit impatient with political interference in private commercial decisions, Vodafone recently suggested that other suppliers may like to submit their code to an inspection regime as rigorous as The Cell – and the industry wanted to standardise these processes. It said to expect some news on this later in the year.
We asked Huawei what and when this might be – and got a polite "no comment".
Huawei's carrier unit saw a slight downturn in revenue last year, but said this was cyclical, and not related to Five Eyes nations' concerns. ®
Sponsored: Becoming a Pragmatic Security Leader