World

Untangling the disturbing implications of the Huawei leak

The leak is concerning but a mere foretaste of problems to come, says the UK’s former national security adviser

April 29, 2019
Photo: Jaap Arriens/SIPA USA/PA Images
Photo: Jaap Arriens/SIPA USA/PA Images

The leak from the National Security Council on whether Huawei products should be used in the UK’s 5G network produced an odd spectacle: politicians and commentators rushing to stake out strong positions on the arcane details of next generation telecoms infrastructure. In the process, three issues got tangled up, and it is worth looking at them separately.

The first is the risk posed by Huawei to Britain’s cyber security. Whoever leaked the NSC deliberations clearly favoured an outright ban on Huawei equipment as Britain rolls out 5G, given the reported links between the company and the Chinese intelligence community.  That would mirror the position currently taken in the US and Australia. However I am instinctively wary of simple-sounding solutions to complex problems, and inclined to listen to the experts on the subject. Britain’s security professionals have been dismantling and inspecting Huawei kit since 2010 in a lab known as the Huawei Cyber Security Evaluation Centre. So they know the nature of the beast. Their concerns have been much more about engineering quality than the presence of bugs.

As the informative website of the National Cyber Security Centre makes clear, modern telecoms and data systems are hugely complex. Equipment that has any access to content is obviously far more sensitive than the parts that are simply transporting encrypted data. Since Huawei products are cheaper than those of other vendors, an outright ban would certainly increase the costs of 5G for telecoms providers, without necessarily increasing security—since 5G equipment made by any supplier contains a large proportion of Chinese-made components.

My own conclusion is that it may well be right to keep Huawei out of the most sensitive parts of the future 5G network, but not to shut the company out of contributing to a diversity of suppliers across the rest of the system. As so often in national security, the best approach is probably risk management rather than giving the impression that a zero-risk solution is possible. In any case, the biggest risk to cyber security for governments, businesses and the public is failure to attend to basic cyber hygiene like choosing complex passwords and keeping them secure.

The second issue is how to balance economic and security interests in dealing with states like China where government control of the economy is strong. The Huawei issue brought this into focus because the Chancellor Philip Hammond set off for an investment conference in China the day after the NSC meeting. This prompted the suspicion in some quarters that Britain’s commercial interests in China had been a factor in decision-making on cyber security. I have no idea whether that’s true. But it is a foretaste of what life will be like if and when Britain leaves the EU. China (and other countries) have long tried to use access to their markets, or the prospect of winning large contracts, as a lever to influence policies in other areas such as criticism of their human rights record. As a member of the EU, Britain had some protection from these pressures. On the outside, we will find that almost every foreign and security policy decision has to take account of the potential impact on our commercial interests.

The dilemmas are likely to be sharpest in cases like China and Saudi Arabia where we have vital economic and security interests to balance. But we will have to expect that many other countries will take advantage of our need to negotiate wide-ranging free-trade agreements to extract concessions from us in areas of interest to them. Our foreign policy is bound to become more mercantilist, and tensions with other interests including security and the promotion of human rights will become a fact of life.

The third aspect is how these tensions will be managed. The answer has to be in the National Security Council. That is the only place in Whitehall where for example the different communities dealing with Britain’s economic and security interests in China can come together around the same table. The NSC can only operate properly if ministers and their advisers have confidence that the discussions on highly sensitive issues will remain confidential, and that everyone will rally to support the final decision.

That is why the deliberate leak from the 23rd April NSC was so damaging. It gave the impression that political infighting was spilling over into the handling of national security. It was clearly intended to generate opposition to the policy decided in the meeting, and it was therefore deeply corrosive of trust. The issue of Huawei and the 5G network is important. But the tensions that will arise between Britain’s various priorities if and when we launch out into the world beyond the EU will be far more severe. If the NSC is unable to arbitrate in the national interest because participants cannot be trusted to maintain the confidentiality of discussions, what hope have we of pursuing a successful national strategy?