Telecoms giant BT (EE) has confirmed that they will remove Huawei’s kit from their core 3G and 4G network within the next 2 years. On top of that they will also exclude the Chinese company from bidding on future 5G contracts (core network only), but it’s unclear if Openreach will adopt a similar policy for fixed line broadband.
At present Huawei‘s equipment is widely used in the United Kingdom by various fixed line network suppliers, ISPs and mobile operators. For example, Huawei supplies lot of the kit for Openreach’s FTTC (VDSL2) broadband street cabinets and G.fast modems. Meanwhile EE has related kit in their existing 4G network and until recently it seemed almost inevitable that they’d also be helping to supply the operator’s future 5G services.
Broadly speaking the Chinese company has a strong reputation for building good quality equipment and selling it an affordable price, but over the past few years’ the company has also become the target for some increasingly vocal security warnings from various different countries.
Back in 2013 a report from the government’s Intelligence and Security Committee (ISC) warned UK operators that deployment of broadband and telecoms equipment supplied by Huawei could have “implications for national security” (here), which was despite GCHQ establishing the joint Cyber Security Evaluation Centre (The Cell) with Huawei to examine their kit.
Earlier this year the National Cyber Security Centre (NCSC) took an even tougher line by calling on telecoms firms not to use hardware and services provided by ZTE – a Chinese state-owned enterprise – because of the “potential risks to the UK’s national security” (here).
So far Huawei has avoided that same level of concern, but it’s often suggested that recent changes in policy by the Chinese government (i.e. requiring such firms to work with their state intelligence agencies) may have raised the perceived threat level. Previously Huawei has tried to demonstrate some distance between themselves and their government but that is now harder to argue.
The first warning shots came in July 2018 when the Oversight Board for the Huawei Cyber Security Evaluation Centre (HCSEC) said it had identified “shortcomings” in Huawei’s engineering processes, which they claimed “exposed new risks in the UK telecommunication networks” (here).
On Monday the aforementioned concerns were followed by a stark warning from the chief of MI6, Alex Younger, who said: “We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken a quite definite position” (e.g. Australia, New Zealand and the USA have taken a very tough line).
A Spokesperson for BT told ISPreview.co.uk:
“In 2016, following the acquisition of EE, we began a process to remove Huawei equipment from the core of our 3G and 4G networks, as part of network architecture principles in place since 2006.
We’re applying these same principles to our current RFP for 5G core infrastructure. As a result, Huawei have not been included in vendor selection for our 5G core.
Huawei remains an important equipment provider outside the core network, and a valued innovation partner.”
BT’s reference to “outside the core network” reflects the seemingly more benign parts of their infrastructure, which for example means that Huawei’s kit will still be used on masts. Some may suggest that this does not go far enough, while others may take the opposite view and warn of protectionism or potential repercussions in relations with China.
At this stage BT’s position has only been referenced for their mobile network and it’s unclear whether Openreach plan to adopt a similar stance on their national fixed line network. However it seems inconceivable that Openreach will go around removing existing Huawei equipment and street cabinets (not core), although it remains to be seen whether future contracts are affected.
At the same time it’s worth remembering that no operator can ever completely eliminate the risk of unauthorised access, which goes just as much for Huawei’s kit as it does for the equipment from any other country in the world. As GCHQ said a few years ago, “It is just impossible to go through that much code and be absolutely confident you have found everything.”
UPDATE 1:53pm
Huawei has now responded.
A Spokesperson for Huawei said:
“Huawei began working with EE in 2012. As part of this collaboration, we provided EE with a series of innovative and competitive 3G and 4G network solutions, including core network equipment. We have never had a cyber security related incident.
Huawei has a robust cyber security assurance system and a proven track record. Our products and solutions serve customers in more than 170 countries and regions, including major carriers, Fortune 500 companies, and hundreds of millions of individual consumers. We have earned the trust of our partners across the global value chain.”
A FTTC cabinet isn’t part of the core likewise the OLTs by same vendor.
By ensuring different vendors at access level & core you mitigate risk from a vulnerability in one vendor (unitentional or malign)
For 5G it is more complex as to deliver the throughput and latency targets the Core ends up much deeper in the network and there is a blurring between Access & Core that doesn’t occur in Fixed networks
Gfast is more of an ongoing issue but fttc is a dead end and just letting it die in due course will remove the kit from ORs network anyway. The question is how much are they going to let them put kit in the FTTP/B/H network. If they have sufficient concerns then the obviously end point is to cease but I doubt they can replace them atm even if they wanted.
Security is always a balance. Huawei are not alone. Most of the technology we use has back doors which may be there for sinister intentions but often they are there simply for development testing whether in the hardware, firmware or software often simply overlooked especially if undocumented. If you think CISCO kit is secure think again. It is not that back doors exist but who has access to them.
Assuming they do exist then the next level of security is can these be accessed. If the technology is used in such a way that either prevents or reduces unauthorised access and hence risk considerably then it becomes manageable.
Clearly there is evidence that mobile networks are more vulnerable and why many countries are reconsidering their manufacturers who may be influenced by the “wrong” people.
BT like others are moving to strategies of white box where the kit is reduced to just that. Manufacturer back doors may still exist of course but the risk reduces. More openness from manufacturers will be required going forward regarding their designs. But any developed software may also have back doors for both innocent and sinister intentions.
The issue that remains for those that import technology is who are the “wrong” people.
You’re right all systems have weaknesses but there is a different between those for benign purposes and those potentially controlled/inserted by a state. I think given China’s record on state controlled hacking (both state and private firms) most western countries have concerns and ought to act.
State agencies rely on “plausible deniability” when installing backdoors for espionage through telco equipment. Things like deliberate flaws introduced into the processor stack management in the firmware.
Very difficult to prove it was done deliberately rather than a result of “poor coding” (a la Microsoft Windows). But the net result is the same. The stack is deliberately overflowed through carefully crafted input. The stack spews over legitimate object code, overwriting it. The object code is re-entered and executed. Binding a command shell to a network port (or whatever). Meaning it’s game over for security.
As for the Huawei psyop, it reads like more of the escalating trade war between Orient and Occident. The embargo not based on any genuine concerns over security. At intelligence levels, all agencies are basically on the same side. Their enemies are their own countrymen, not each other.
Proof in point, GCHQ set up a joint security venture with Huawei to “audit” the firmware of the company’s kit. Which we should take to mean a collaboration to install well-hidden (and plausibly deniable) backdoors for spying on our own populus.
I have just purchased an huawei mobile phone for xmas should i be worried and should i return it. Thanks.
It’s made in China, sure. But iPhones are made in China too (by Foxconn). Don’t worry too much.
Definitely return it.