Excluding Huawei from UK's 5G will harm security, MPs warn
A decision must be made as a 'matter of urgency', says Intelligence and Security Committee
Excluding Huawei from the UK's 5G network infrastructure would harm resilience and "lower security standards", the Intelligence and Security Committee (ISC) warned today.
It also called for Britain's next prime minister, which most think will be uncombable hair syndrome sufferer Boris Johnson, to help make a decision on the matter of the Chinese kitmaker's inclusion so that UK networks can all move on with their plans.
"The extent of the delay is now causing serious damage to our international relationships: a decision must be made as a matter of urgency," said the committee.
The committee released its statement on the status of 5G suppliers ahead of the government's delayed Telecoms Supply Chain Review, which will determine whether Huawei's gear can be included in the UK's network infrastructure.
The supply chain review was supposed to be published "by spring 2019" and has since been put on ice until the end of August, weeks and in some cases months after the initial rollouts of 5G NSA kit by some of the UK's networks.
Vendor consolidation in the telecoms market means just a few major players remain: Nokia, Ericsson and Huawei, ISC noted.
Limiting the field to just two, on the basis of the above arguments, would increase over-dependence and reduce competition, resulting in less resilience and lower security standards. Therefore including a third company - even if you may have some security concerns about them and will have to set a higher bar for security measures within the system - will, counterintuitively, result in higher overall security.
Both PRISM surveillance-purveyor the US and Australia have banned the company from their 5G networks, voicing concern over the nature of Huawei's relationship with the Chinese state and therefore the potential risk of espionage or sabotage.
Spy vs spy
On the subject of intelligence-sharing between the "Five Eyes partners" – the UK, US, Canada, Australia and New Zealand have a long-standing agreement – the ISC said the United States and Australia had already been vocal in their concern that the UK might employ Huawei within its 5G network. "We should emphasise that this is not about any risk to the communication channels which are used for intelligence exchange - these would always be kept entirely separate," it said.
"However, the National Cyber Security Centre (NCSC) ... has been clear that the security of the UK's telecommunications network is not about one company or one country: the 'flag of origin' for telecommunications equipment is not the critical element in determining cyber security.
"The point being made in NCSC's statements thus far appears to be that this is not about whether or not Huawei - or indeed any company - might wish to, or be instructed to, sabotage the UK network or use it to spy on the UK. It is that the UK network has to be built in such a way that it can withstand attack from any quarter - whether that be malicious action from someone within the network, a cyber attack from actors outside, or simple human effort."
Brexit schmexit: make a call on 5G kit, for Pete's sake
It concluded: "In terms of the immediate issue, restricting those companies who may be involved in our 5G network will have consequences: both in terms of time and cost. And the government must weigh these, together with the security advice that any risk posed could be managed in a secure system, against the geostrategic issues outlined above.
Vodafone urges UK.gov to get on with it and conclude review into HuaweiREAD MORE
"It is important to take the right decision, and take it we must: this debate has been unnecessarily protracted and this has damaged our international relationships. The new prime minister will no doubt have many issues to deal with in his first days in office.
"Nevertheless, this committee urges him to take a decision on which companies will be involved in our 5G network, so that all concerned can move forward." ®
Sponsored: Beyond the Data Frontier