Published in the September/October 2020 Issue – The UK has banished Huawei from its telecommunications networks. Was this the result of US pressure, or domestic concern over the reliance Britain placed on the firm for critical infrastructure?
“We welcome the news that the United Kingdom plans to ban Huawei from future 5G networks and phase out untrusted equipment from existing networks,” said Mike Pompeo, US secretary of state on 14 July. Pompeo was welcoming the British Government’s decision taken that day to ban UK telecommunications firms from buying and using equipment provided the Chinese telecommunications giant Huawei. The ban also requires all Huawei equipment to be phased out of UK telecommunications by 2027.
At first glance, the decision seemed to be the result of direct pressure from the administration of US President Donald Trump. The US government had concerns Huawei’s equipment could contain ‘back doors’ to enable Chinese intelligence operatives to spy on traffic moving through telecom networks. In 2018 the US defence funding bill which legislated defence spending for fiscal year 2019 contained a passage preventing the federal government from doing business with Huawei.
The UK’s involvement with Huawei gathered momentum back in 2004. British Telecom, the UK’s largest telecommunications provider, had begun work on its 21st Century Network (21CN). 21CN was to replace the UK’s System-X digital telephone exchange architecture. This had been used to for the country’s trunk telephone network since the early 1980s. System-X was noteworthy as it digitally moved telecommunications traffic around the network as opposed to the legacy electromechanical system it replaced.
21CN takes the digital approach of 21CN further by harnessing an IP (Internet Protocol) technology. Along with several other firms Huawei was supplying the 21CN’s Multi-Service Access Nodes (MSAN). MSANs send and receive traffic to and from homes and businesses. This traffic is sent across standard digital and, to a lesser extent analogue, telephone lines. The MSANs connect these homes and businesses to the wider trunk or ‘backbone’ network using a process called backhaul. Using the analogy of a road network, an MSAN is like a junction connecting several small village roads to a highway which links cities to one another. The MSANs will convert traffic to IP standards for transmission across the network.
In January, the UK’s National Cyber Security Centre (NCSC), a government agency advising the public and private sector on how to avoid cyber security threats, published a summary of its findings concerning a security analysis of the UK telecoms sector. The document noted that the signalling networks connecting networks to one another have traditionally been built on the assumption that the traffic received from other networks can be trusted. Now that these networks use digital and IP standards the report warned “that assumption is no longer valid as … international networks can be exploited by attackers to conduct attacks.” Just as IP data received by a computer can potentially be malicious, so IP data received in a telecom network might be just as nefarious.
The report cautioned against the UK becoming reliant on any individual supplier. Such a course of action would make the country dependent on that firm for the operation of all, or a large part of a telecoms network. The report warned that “national dependence would reduce our ability to hold the supplier to an appropriate standard of behaviour and security.” Given Huawei’s involvement in UK telecoms to date, and casting an eye towards the future, the NSCS warned that “without government intervention (there is) a realistic likelihood that due to commercial factors the UK would become ‘nationally dependent’ on Huawei within three years.” It added that in 2018 and 2019, the NCSC’s Huawei Cyber Security Evaluation Centre (HCSEC), based at a Huawei facility in Oxfordshire, southern England overseen by the NCSC, raised concerns regarding the quality and security standards of the company’s engineering. While discounting that these shortcomings were the result of malicious intent, the report stated that they “increase the risk to the UK regardless” warning that “the risk to the UK is determined by the type and quantity of the equipment supplied.” The HCSEC added that it considered the cyber security risk posed by Huawei equipment as “manageable.”
Did the UK pull the plug on Huawei solely because of US pressure? It is clear the NCSC already had concerns about the reliance of the UK telecoms sector on Huawei technology. Likewise the UK is a trusted member of the so-called ‘Five Eyes’ intelligence sharing club which also includes Australia, Canada, New Zealand and the United States. Having her access to this club restricted, or cancelled altogether, would have grave implications for UK intelligence gathering. It is clear there were already concerns regarding Huawei’s equipment within the UK’s intelligence community, ironically US pressure provided the perfect opportunity to turn these concerns into action.