The US-orchestrated attempt to bar Huawei and ZTE from allies’ 5G networks on grounds of national security risk has not gone smoothly. Only Australia and, to a more limited extent, Japan have imposed bans so far, though several other governments, including those of the biggest European states, are debating the issue.
But the saga is certainly having an impact, though not yet on Huawei’s financial performance (see separate item). Across Europe, it is likely to lead to reviews of current security practice and stiffer new codes of conduct, designed to improve protections against spyware, wherever it might come from, without resorting to bans which are deeply unpopular with operators and could increase the time and cost to deploy 5G.
In the UK, it has even led to the sacking of the minister of defence, who was held responsible for the leak of information that the country would sanction Huawei equipment in 5G RANs, but not in the core networks. The core is more sensitive to security risks, and none of the UK mobile operators uses a Huawei core anyway (EE is phasing theirs out, in line with established policy at parent BT).
A ban on 5G radio equipment would have been very problematic for UK operators, giving them very few choices of supplier for their next generation networks, and exposing them to limited price competition and inability to use some of Huawei’s undoubtedly advanced systems. BT, Three and Vodafone are all using Huawei kit in their 5G RANs and would potentially have had to rip that out, and even replace some 4G equipment to make it easier to support a multi-technology network.
The leaked information indicated that Prime Minister Theresa May was largely going along with the MNOs’ line that they were capable of managing any cybersecurity risks without resorting to bans which would reduce the choice of suppliers and possibly jeopardize the government’s 5G objectives. But the decision does keep Chinese suppliers out of future core network projects. This may see operators in the UK, and other countries taking this line, intensifying the pressure on Nokia, Ericsson and Samsung to deliver a fully cloud-native 5G core which can unequivocally match the performance of those of Huawei and ZTE, which are generally regarded as being a year or so ahead.
Ciaran Martin, head of the UK National Cyber Security Centre, which oversees the current Huawei networks in the country, said a “framework” will be created to ensure the 5G network will be “sufficiently safe”.
Huawei responded to the leak by saying it would wait until the UK government makes an official announcement before making a formal response, but said it was “encouraged that the UK is continuing to take an evidenced approach to its work”- by contrast, this implies, with the USA, where there are calls for more and more stringent sanctions but very little sign of hard evidence of spying.
The Netherlands’ KPN is also taking the middle ground and selecting Huawei for some of its 5G radios and antennas, while choosing the 5G core from a “western vendor”. Its new fixed network is being supplied mainly by Nokia.
KPN also said it would tighten its security policy for all its fixed and mobile network suppliers. The operator used Huawei equipment extensively in its 4G networks.
The Dutch government has not decided whether to impose a ban on Huawei, but the telco said its agreement with the Chinese vendor “can be adjusted or reversed to align it with future Dutch government policy”.
After the UK revelations, the focus shifted to Italy, where Vodafone and Huawei both denied that “vulnerabilities” in equipment supplied by the vendor between 2009 and 2012 posed a security risk through a “hidden back door”. The denial was in response to a report from Bloomberg, alleging that Vodafone had identified security flaws that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy. Bloomberg’s report was based on Vodafone’s security briefing documents from 2009 and 2011, “as well as people involved in the situation”, the article said. Vodafone and Huawei acknowledged that vulnerabilities had been found in routers, but said they were not back doors and would not have permitted spying.
In a statement, Vodafone said: “The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012. The ‘back door’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the Internet. Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy’.”
Across the Atlantic, AT&T is likely to phase out Huawei equipment from its cellular networks in Mexico when it migrates these to 5G. In the USA, Huawei has been barred from critical infrastructure contracts since 2013, and the networks of the four national operators fall into this category, though the Chinese vendor still sells to some smaller MNOs.
But AT&T still has Huawei equipment in the networks it acquired with Iusacell and Nextel Mexico in late 2014, and has even added new Huawei products since then, according to reports in the Wall Street Journal. So far, the US government has not suggested that US operators remove Huawei kit from their foreign networks.
An AT&T spokesperson told the WSJ that the telco has since replaced Huawei products in its core network in Mexico with equipment from the same vendors it uses in the USA in order to achieve “consistency in design and scale in purchasing”; and it expects to “harmonize our networks in the same way when we upgrade to 5G in Mexico”.
Mexico has no plans to impose bans on Huawei, which has won four wireless infrastructure contracts in the country since 2011.
Of course, Huawei and ZTE have long ago omitted major US network contracts from their plans and their finances have not suffered greatly as a result. However, the real risk is that the USA imposes a ban on the Chinese companies buying components from US vendors, as it temporarily did to ZTE last year. At the time, ZTE was forced to suspend operations because it is heavily reliant on buying chips and other parts from US suppliers such as Qualcomm and Intel.
Huawei is less dependent, and is investing huge sums in building up its own portfolio of processors for infrastructure and devices. Any such action by the USA would redouble those efforts, and those of the Chinese government, to make the country self-sufficient in core technology. But it would certainly be a blow not to be able to procure parts from US companies, where they have a significant lead over their Chinese counterparts, with Intel being a good example.
Such a situation would, however, boost ARM, which is owned by a Japanese firm and has offloaded much of its Chinese IPR into a separate operation. Huawei announced recently that it had developed a range of server processors based on ARM cores.
The USA has flip-flopped in its attitude to allies which fail to bar Chinese equipment from critical systems. The issue is particularly difficult when it comes to the Five Eyes Alliance, a group of countries with advanced intelligence sharing agreements (they are the USA, Canada, the UK, Australia and New Zealand).
Some administration members have threatened a reduction in intelligence sharing or other sanctions, while others have taken a more conciliatory line. Last week, Robert Strayer – deputy assistant secretary for cyber, international communications and information policy at the US State Department – was taking the hard line, saying the USA may withhold intelligence from the UK if it does go ahead and procure 5G networks from Huawei.
“It is the United States’ position that putting Huawei or any other untrustworthy vendor in any part of the 5G telecommunications network is a risk. If other countries insert and allow untrusted vendors to build out and become the vendors for their 5G networks we will have to reassess the ability for us to share information and be connected with them in the ways that we are today,” he told journalists.
Meanwhile, Huawei’s founder and CEO, Ren Zhengei, has been touring several countries where the firm has hopes of 5G deals in future, to persuade governments of the Chinese firm’s good intentions. He met the president of the Czech Republic, Miloš Zeman, who – according to Huawei – “voiced his support for Huawei, saying that he believes the allegations are groundless. The president also hopes Huawei will play a bigger role in the Czech Republic’s economic digitization and 5G deployment.”
He also held talks with Pakistani prime minister Imran Khan about future cooperation on ICT technologies. Khan said Huawei may strengthen its collaboration with Pakistan through local manufacturing, technology transfer in fields like AI, and further investments.
And the chairman of Huawei’s board of directors, Liang Hua, was doing his bit too, meeting the president of Chile, Sebastián Piñera, in Shenzhen. Piñera announced plans for open bidding in areas such as 5G, trans-Pacific submarine cable deployment, and best practices in cybersecurity and data protection. He said: “Huawei is welcome to participate in public tenders.”