gchq

Auto Added by WPeMatico

Rapid Huawei rip-out could cause outages and security risks, warns UK telco

The chief executive of UK incumbent telco BT has warned any government move to require a rapid rip-out of Huawei kit from existing mobile infrastructure could cause network outages for mobile users and generate its own set of security risks.

Huawei has been the focus of concern for Western governments including the US and its allies because of the scale of its role in supplying international networks and next-gen 5G, and its close ties to the Chinese government — leading to fears that relying on its equipment could expose nations to cybersecurity threats and weaken national security.

The UK government is widely expected to announce a policy shift tomorrow, following reports earlier this year that it would reverse course on so called “high risk” vendors and mandate a phase out of use of such kit in 5G networks by 2023.

Speaking to BBC Radio 4’s Today program this morning, BT CEO Philip Jansen said he was not aware of the detail of any new government policy but warned too rapid a removal of Huawei equipment would carry its own risks.

“Security and safety in the short term could be put at risk. This is really critical — because if you’re not able to buy or transact with Huawei that would mean you wouldn’t be able to get software upgrades if you take it to that specificity,” he said.

“Over the next five years we’d expect 15-20 big software upgrades. If you don’t have those you’re running gaps in critical software that could have security implications far bigger than anything we’re talking about in terms of managing to a 35% cap in the access network of a mobile operator.”

“If we get a situation where things need to go very, very fast then you’re in a situation where potentially service for 24M BT Group mobile customers is put into question,” he added, warning that “outages would be possible”.

Back in January the government issued a much delayed policy announcement setting out an approach to what it dubbed “high risk” 5G vendors — detailing a package of restrictions it said were intended to mitigate any risk, including capping their involvement at 35% of the access network. Such vendors would also be entirely barred them from the sensitive “core” of 5G networks. However the UK has faced continued international and domestic opposition to the compromise policy, including from within its own political party.

Wider geopolitical developments — such as additional US sanctions on Huawei and China’s approach to Hong Kong, a former British colony — appear to have worked to shift the political weather in Number 10 Downing Street against allowing even a limited role for Huawei.

Asked about the feasibility of BT removing all Huawei kit, not just equipment used for 5G, Jansen suggested the company would need at least a decade to do so.

“It’s all about timing and balance,” he told the BBC. “If you wanted to have no Huawei in the whole telecoms infrastructure across the whole of the UK I think that’s impossible to do in under ten years.”

If the government policy is limited to only removing such kit from 5G networks Jansen said “ideally” BT would want seven years to carry out the work — though he conceded it “could probably do it in five”.

“The current policy announced in January was to cap the use of Huawei or any high risk vendor to 35% in the access network. We’re working towards that 35% cap by 2023 — which I think we can make although it has implications in terms of roll out costs,” he went on. “If the government makes a policy decision which effectively heralds a change from that announced in January then we just need to understand the potential implications and consequences of that.

“Again we always — at BT and in discussions with GCHQ — we always take the approach that security is absolutely paramount. It’s the number one priority. But we need to make sure that any change of direction doesn’t lead to more risk in the short term. That’s where the detail really matters.”

Jansen fired a further warning shot at Johnson’s government, which has made a major push to accelerate the roll out of fiber wired broadband across the country as part of a pledge to “upgrade” the UK, saying too tight a timeline to remove Huawei kit would jeopardize this “build out for the future”. Instead, he urged that “common sense” prevail.

“There is huge opportunity for the economy, for the country and for all of us from 5G and from full fiber to the home and if you accelerate the rip out obviously you’re not building either so we’ve got to understand all those implications and try and steer a course and find the right balance to managing this complicated issue.

“It’s really important that we very carefully weigh up all the different considerations and find the right way through this — depending on what the policy is and what’s driving the policy. BT will obviously and is talking directly with all parts of government, [the National] Cyber Security Center, GCHQ, to make sure that everybody understands all the information and a sensible decision is made. I’m confident that in the end common sense will prevail and we will head down the right direction.”

Asked whether it agrees there are security risks attached to an accelerated removal of Huawei kit, the UK’s National Cyber Security Centre declined to comment. But a spokesperson for the NCSC pointed us to an earlier statement in which it said: “The security and resilience of our networks is of paramount importance. Following the US announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks.”

We’ve also reached out to DCMS for comment. Update: A government spokesperson said: “We are considering the impact the US’s additional sanctions against Huawei could have on UK networks. It is an ongoing process and we will update further in due course.”

Powered by WPeMatico

UK gives Huawei an amber light to supply 5G

The U.K. government will allow Huawei to be a supplier for some non-core parts of the country’s 5G networks, despite concerns that the involvement of the Chinese telecoms vendor could pose a risk to national security. But it will be excluded from core parts of the networks, according to reports in national press.

The news of prime minister Theresa May’s decision made during a meeting of the National Security Council yesterday was reported earlier by The Telegraph. The newspaper said multiple ministers raised concerns about her approach — including the Home Secretary, Foreign Secretary, Defence Secretary, International Trade Secretary and International Development Secretary.

The FT reports that heavy constraints on Huawei’s involvement in U.K. 5G networks reflect the level of concern raised by ministers.

May’s decision to give an amber light to Huawei’s involvement in building next-gen 5G networks comes a month after a damning report by a U.K. oversight body set up to evaluate the Chinese company’s approach to security.

The fifth annual report by the Huawei Cyber Security Evaluation Centre Oversight Board blasted “serious and systematic defects” in its software engineering and cyber security competence.

Though the oversight board stopped short of calling for an outright ban — despite saying it could provide “only limited assurance that all risks to U.K. national security from Huawei’s involvement in the U.K.’s critical networks can be sufficiently mitigated long-term.”

But speaking at a cybersecurity conference in Brussels in February, Ciaran Martin, the CEO of the U.K.’s National Cyber Security Centre (NCSC), expressed confidence U.K. authorities can mitigate any risk posed by Huawei.

The NCSC is part of the domestic GCHQ signals intelligence agency.

Dr. Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs at Oxford University, told TechCrunch he’s not surprised by the government’s decision to work with Huawei.

“It’s a message that was long-expected,” he said. “U.K. officials have been carefully sending signals in the previous months. In a sense, this makes us closer to the end of the 5G drama.”

“With proper management most risk can be mitigated. It all depends on the strategic planning,” he added.

“I believe the level of [security] responsibility at telecoms will remain similar to today’s. The main message expected by telecoms is clarity to enable them to move on with infrastructure.”

The heaviest international pressure to exclude the Chinese vendor from next-gen 5G networks has been coming from the U.S., where President Trump has been leaning on key intelligence-sharing allies to act on espionage fears and shut out Huawei — with some success.

Last year Australia and New Zealand both announced bans on Chinese kit vendors citing national security fears.

But in Europe governments appear to be leaning in another direction: toward managing and mitigating potential risks rather than shutting the door completely.

The European Commission has also eschewed pushing for a pan-EU ban — instead issuing recommendations encouraging member states to step up individual and collective attention on network security to mitigate potential risks.

It has warned too — and conversely — of the risk of fragmentation to its flagship “digital single market” project if member state governments decide to slam doors on their own. So, at the pan-EU level, security considerations are very clearly being weighed against strategic commercial imperatives and technology priorities.

Equally, individual European governments appear to have little appetite to throw a spanner in the 5G works, given the risk of being left lagging as cellular connectivity evolves and transforms — an upgrade that’s expected to fuel and underpin developments in artificial intelligence and big data analysis, among other myriad and much-hyped benefits.

In the U.K.’s case, national security concerns have been repeatedly brandished as justification for driving through domestic surveillance legislation so draconian that parts of it have later been unpicked by both U.K. and EU courts. Even if the same security concerns are here, where 5G networks are concerned, being deemed “manageable” — rather than grounds for a similarly draconian approach to technology procurement.

It’s not clear at this stage how extensively Huawei will be involved in supplying and building U.K. 5G networks.

The NCSC sent us the following statement in response to questions:

National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.

The security and resilience of the UK’s telecoms networks is of paramount importance.

As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.

“How ‘non-core’ will be defined is anyone’s guess but it would have to be clearly defined and publicly communicated,” Olejnik also told us. “I would assume this refers to government and military networks, but what about safety communication or industrial systems, such as that of power plants or railroad? That’s why we should expect more clarity.”

Powered by WPeMatico