US security officials acknowledge that some allies will continue using Huawei 5G gear despite their warnings and have planned accordingly.
Sue Gordon, the deputy to the director of the U.S. intelligence community, gave her views on the situation during a conference last week.
“We are going to have to figure out a way in a 5G world that we’re able to manage the risks in a diverse network that includes technology that we can’t trust,” said Gordon. “We’re just going to have to figure that out.”
The US has increased pressure on its allies to ban Chinese network vendors over concerns about state control. While the likes of Huawei deny such control exists, security officials warn Chinese firms would be forced to comply with any surveillance requests from Beijing.
Such concerns are not new but have increased ahead of the 5G rollout due to an expected use for critical applications such as smart cities and healthcare.
“You have to presume a dirty network,” explained Gordon. “That’s what we’re going to have to presume about the world.”
In Europe, many operators have used Huawei’s equipment for their 4G networks and are reluctant to switch for 5G due to added costs in addition to a delayed rollout.
“We’ve already started to deploy equipment for when we launch 5G in the second half of the year,” said Three CEO David Dyson. “So if we had to change vendor now, we would take a big step backwards and probably cause a delay of 12 to 18 months.”
The US has been particularly concerned about its allies in the ‘Five-Eyes’ intelligence-sharing alliance which also consists of the UK, Australia, New Zealand, and Canada. Officials are concerned a weak link compromises the whole alliance.
Only Australia has committed to a ban. Even the US hasn’t outright banned Chinese vendors, only deterred all major operators with the threat of being ineligible for government contracts.
The UK and Canada have maintained a system of having Chinese equipment checked by intelligence experts for backdoors or vulnerabilities prior to use in national infrastructure.
Earlier this week, the UK’s dedicated Huawei Cyber Security Evaluation Centre (HCSEC) released a scathing report highlighting the company has been slow to address concerns.
The report noted that “no material progress has been made by Huawei in the remediation of the issues reported last year, making it inappropriate to change the level of assurance from last year or to make any comment on potential future levels of assurance.”
Last year, HCSEC reported that it could no longer assure that risks to UK infrastructure posed by the use of Chinese telecoms equipment could be successfully mitigated.
“HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation,” the latest report stated.
In preparation for the likelihood of Huawei playing a major role in global 5G networks – including those of close allies – US security officials have begun exploring ways to use encryption, segmented network components, and stronger standards to protect critical systems.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam to learn more.