The leak is concerning but a mere foretaste of problems to come, says the UK’s former national security adviserby Peter Ricketts / April 29, 2019 / Leave a comment
The leak from the National Security Council on whether Huawei products should be used in the UK’s 5G network produced an odd spectacle: politicians and commentators rushing to stake out strong positions on the arcane details of next generation telecoms infrastructure. In the process, three issues got tangled up, and it is worth looking at them separately.
The first is the risk posed by Huawei to Britain’s cyber security. Whoever leaked the NSC deliberations clearly favoured an outright ban on Huawei equipment as Britain rolls out 5G, given the reported links between the company and the Chinese intelligence community. That would mirror the position currently taken in the US and Australia. However I am instinctively wary of simple-sounding solutions to complex problems, and inclined to listen to the experts on the subject. Britain’s security professionals have been dismantling and inspecting Huawei kit since 2010 in a lab known as the Huawei Cyber Security Evaluation Centre. So they know the nature of the beast. Their concerns have been much more about engineering quality than the presence of bugs.
As the informative website of the National Cyber Security Centre makes clear, modern telecoms and data systems are hugely complex. Equipment that has any access to content is obviously far more sensitive than the parts that are simply transporting encrypted data. Since Huawei products are cheaper than those of other vendors, an outright ban would certainly increase the costs of 5G for telecoms providers, without necessarily increasing security—since 5G equipment made by any supplier contains a large proportion of Chinese-made components.
My own conclusion is that it may well be right to keep Huawei out of the most sensitive parts of the future 5G network, but not to shut the company out of contributing to a diversity of suppliers across the rest of the system. As so often in national security, the best approach is probably risk management rather than giving the impression that a zero-risk solution is possible. In any case, the biggest risk to cyber security for governments, businesses and the public is failure to attend to basic cyber hygiene like choosing complex passwords and keeping them secure.
The second issue is how to balance economic and security interests in dealing with states like China where government control of the economy is strong. The Huawei issue brought…