Huawei set for limited role in UK 5G network

The UK has decided to let Huawei continue to be used in its 5G networks but with restrictions, despite pressure from the US to block the firm.

The Chinese firm will be banned from supplying kit to "sensitive parts" of the network, known as the core.

In addition, it will only be allowed to account for 35% of the kit in a network's periphery, which includes radio masts.

And it will be excluded from areas near military bases and nuclear sites.

US Secretary of State Mike Pompeo had previously suggested that use of Huawei's equipment posed a spying risk, saying that "we won't be able to share information" with nations that put it into their "critical information systems".

But the Foreign Secretary Dominic Raab has said the decision would not affect the UK's intelligence-sharing relationship with the US and other close allies.

"Nothing in this review affects this country's ability to share highly-sensitive intelligence data over highly-secure networks both within the UK and our partners, including the Five Eyes," the minister told the House of Commons

A document published by the National Cyber Security Centre (NCSC) indicates that the UK's networks will have three years to comply with the caps on the use of Huawei's equipment.

"Huawei is reassured by the UK government's confirmation that we can continue working with our customers to keep the 5G rollout on track," the firm's UK chief Victor Zhang said in a statement.

"It gives the UK access to world-leading technology and ensures a competitive market."

'Strategic defeat'

The prime minister had faced pressure from the US and some Conservative MPs to block the Chinese tech giant on the grounds of national security.

A Trump administration official has said the US "is disappointed" with the decision.

Beijing had warned the UK there could be "substantial" repercussions to other trade and investment plans had the company been banned outright.

The choice has been described as the biggest test of Boris Johnson's post-Brexit strategy to date.

Senator Tom Cotton, a Republican member of the US Senate Intelligence Committee tweeted his dismay.

"I fear London has freed itself from Brussels only to cede sovereignty to Beijing," he posted.

Huawei has always denied that it would help the Chinese government attack one of its clients. The firm's founder has said he would "shut the company down" rather than aid "any spying activities".

Conservative MP Tom Tugendhat, former chair of the Foreign Affairs Select Committee, tweeted that the government's "statement leaves many concerns and does not close the UK's networks to a frequently malign international actor".

Over the limit

Three out of four of the UK's mobile networks had already decided to use and deploy Huawei's 5G products outside the core in the "periphery".

Two of them - Vodafone and EE - now face having to reduce their reliance on the supplier, as more than 35% of their existing radio access network equipment was made by it.

The cap also applies to the Shenzen-based firm's involvement in the rollout of full-fibre broadband.

According to a government report published last June, Huawei currently has a 45% share of that market.

"We want world-class connectivity as soon as possible but this must not be at the expense of our national security," said Britain's digital secretary Baroness Morgan.

"High-risk vendors never have been and never will be in our most sensitive networks," she said referring to government and intelligence systems.

BT has some of Huawei's equipment in the core of its EE network but is in the process of replacing it.

"This is a good compromise between alleviating 'security' concerns and making sure that the 5G UK market is not harmed," commented Dimitris Mavrakis, a telecoms analyst at ABI Research.

"It means there will be minimal disruption to existing 5G rollout plans."

New 5G suppliers

The government has also said the UK needs to "improve the diversity in the supply of equipment" to the country's telecom networks.

Beyond Huawei, the world's four main providers are:

• Nokia - a Finnish company
• Ericsson - a Swedish company
• Samsung - a South Korean company
• ZTE - a Chinese company that the country's government part-owns

At present, the UK is mostly dependent on Huawei, Nokia and Ericsson - a situation that has caused the NCSC's technical director to claim that the "market is broken".

"That's crazy," Dr Ian Levy added.

"We need to diversify the market significantly in the UK so that we have a more robust supply base to enable the long-term security of the UK networks and to ensure we do not end up nationally dependent on any vendor."

In response, the Department for Digital, Culture, Media and Sport has said it will now support "the emergence of new, disruptive entrants to the supply chain" and promote "the adoption of open, interoperable standards".

The new rules still have to be debated and approved by MPs.

Tim Morrison, a former US National Security Council official, urged them to rebel.

"There is still time for backbenchers in both parties to save the special relationship and the privacy rights of Britons if they vote to block this mistake by the government."

What is the core and why is Huawei being kept out of it?

A mobile phone network's core is sometimes likened to its heart or brain.

It is where voice and other data is routed across various sub-networks and computer servers to ensure it gets to its desired destination.This involves:

• authenticating subscribers so that specific users only get access to the services they have paid for and opted into
• sending a call to the right radio tower to connect to another person's mobile phone
• managing facilities such as call-forwarding and voicemail
• delivering SMS messages and multimedia from one handset to another
• routing data back and forth to third-party services such as apps and websites
• keeping track of usage to calculate an individual's bill

While once, a lot of this involved physical equipment known as routers and switches, in the 5G world much of this kit has been "virtualised". That means software rather than specialised hardware now takes care of much of the job.

This opens the door to new capabilities. But a perceived risk is that it could also open the system up to new kinds of attack.

And even if encryption means the information being handled cannot be spied upon, the fear is that a rogue participant could still crash the network - or at least disrupt the data flow.

How does this differ from the rest of the network?

The core is distinct from the Radio Access Network, which is sometimes referred to as the "periphery".

The RAN includes the base stations and antennas used to provide a link between individual mobile devices and the core.

Insiders sometimes describe this as the "innovative but dumb" part of the network. That is because new traffic management software and other advances mean more traffic can be handled than before, but the equipment does not actually affect what happens to the data itself beyond transmitting it back and forth.

• Huawei 5G verdict is a decision 'with few good options'
• What is 5G and what will it mean for you?
• Panorama: Can we trust Huawei?

Although it has commonly been reported that Huawei's advantage here is cost, industry insiders say a bigger advantage is that it can currently do the same job as its rivals using fewer antennas. That means fewer planning permission requests need to be approved, and 5G can be rolled out more quickly as a result.

The theory is that by limiting Huawei to the RAN but banning it from the core, the authorities make the risk of its involvement more "manageable".

So why are the Americans still worried?

The Trump administration's cyber-security chiefs, along with their Australian counterparts, contend that over time the "edge" - the name given to the boundary between the core and periphery - will disappear, as more and more sensitive operations are carried out closer to users.

As a result, they claim it will no longer be possible to keep Huawei, and by extension the Chinese state, out of the network's most sensitive areas.

UK network operators acknowledge that over time more functions will indeed move from centralised sites to individual exchanges and even base stations themselves.

But they are adamant that they can still design the architecture of their networks to keep the core distinct and protected.

As such, 5G should never evolve into a system where data is simply bounced from device to antenna to device, without having to go through a secured core where each user must still be authenticated, helping safeguard the system.

However, some security experts warn that this kind of segmentation might still not prevent the RAN being used to mount an attack.

"This is not a foolproof plan, as networks are dynamic and managed by people - who make mistakes," commented Elad Ben-Meir of Scadafence - an industrial security specialist.

"So, over time this ring-fencing may be broken or even worse, may have a vulnerability or weakness which could be utilised by threat actors."