Huawei pledges $2bn overhaul to ease concerns of UK government
The Chinese telecommunications equipment manufacturer Huawei has pledged to spend $2 bn in an effort to ease the concerns of the UK government about using their technology in a new 5G network.
Two questions that need answering are “what are the concerns?”, and “what even is 5G?”.
What even is 5G
With each generation of phone network, we gain more functionality. First phone calls, then texts, and by 3G we could go online and in 4G we saw improvements in speeds to 1 Gbit/second set by new standards.
5G would bring a dramatic increase in speed to 20 Gbit/second, which could be used to fuel emerging technologies such as: autonomous cars, and the ‘Internet of things’ (IoT).
Many countries around the world are discussing how best to implement such a network and even how it would be possible to reach such speeds.
The core services of the network would only stretch as far as large metropolitan areas.
Two strategies for implementation would be Stand Alone, where it is a separate network that shares transport, routing and switching layers with the existing network, or as Non-Stand Alone, where the new 5G stack is built on top of the 4G stack.
The UK debate
In 2003, BT started setting the groundwork for their nationwide network, named the ‘21st Century Network’. In discussions with the UK government they had said they wanted to use a Chinese company called Huawei for parts of the network.
The Cabinet Office were to make a decision as to outright ban the use of Huawei tech in a UK network or reach another solution. They eventually came to the decision to mitigate the risks rather than completely ban the deal.
Regulations were imposed such as:
- Every part of the network should have multiple ‘vendors’
- Keep more risky ‘vendors’ away from the crucial/sensitive parts of the network.
- Design the network to be tolerant to exploitation of any device
- Have enhanced monitoring
- No use of the equipment in sensitive networks
In 2008, other operators wanted to do the same as BT and so the Huawei Cyber Security Evaluation Centre (HCSEC/ ‘the cell’) needed to be established to explain the risks of using Huawei kits to companies. So in 2014, the National Cyber Security Centre (NCSC) would publish annual oversight reports on ‘the cell’.
As of July 2018, GCHQ published their report which said that the HCSEC had fulfilled their job however the NCSC would need to work on a long-term risk management solution to using Huawei tech.
But what raised the government’s concerns in the first place? Turns out, there is a very clear and dangerous precedent from recent times.
Around the time of the 2004 Athens Summer Olympics, the phones of high ranking officials, their families and Athens-based Arab businessmen were illegally tapped via Vodafone systems.
But how does one perform a wire tap? It requires two parts: a remote-control equipment subsystem (RES) and an interception management system (IMS). The RES is the part that allows the wiretap to be done remotely and the IMS adds the record of the tap to the RES database.
Vodafone had successfully set up the RES but had not purchased the lawful intercept options hence IMS was not present on their systems. This meant that it was possible to wiretap and there should be no record added to the RES database.
To hide the tapped phone changes from the Greek exchange, a Rootkit (hidden and typically malicious code) was installed to silently hide the evidence.
In January 2005, some text messages were not being sent and in looking for the issue the Rootkit was discovered. Vodafone Greece deactivated the active code which alerted the intruders who shut down their operations, they were not caught.
Ultimately in 2006: Vodafone Greece was fined €76 million (€500,000 per tapped phone + €15 million for impeding the investigation), more fines came later.
Could Huawei be capable of this? By Chinese National Intelligence Law, State Officials can compel anyone in China to assist in Intelligence work for National Security, and it has been recently publicly confirmed by the UK government that APT10 acted on behalf of the Chinese Ministry of State Security to carry out a malicious cyber campaign with the UK as one target.
However Huawei Founder and CEO Ren Zhengfei says that they have never shared information with the Chinese government and would never do so.
Australia and then New Zealand have banned Huawei from involvement in their 5G networks however other nations are still debating. Recently the US, Japan, Italy and Germany have been weighing the risks but have not come to any decisions as of yet.
The final verdict of the UK government will not be made for some time, at least not until the Government’s Telecoms Supply Chain Review which they are aiming to complete in Spring 2019.