The controversial decision, taken on Tuesday at the National Security Council, comes as Philip Hammond, chancellor, prepares to travel to China to promote Britain’s participation in Beijing’s Belt and Road Initiative.
The decision to give Huawei limited access to the development of Britain’s 5G network, first reported in the Daily Telegraph, was taken despite the concerns of some ministers, including Gavin Williamson, defence secretary, over the impact on the UK’s relationship with Washington.
In February, Mike Pompeo, the US secretary of state, warned: “If a country adopts this [Huawei] and puts it in some of their critical information systems, we won’t be able to share information with them, we won’t be able to work alongside them.”
“In some cases there’s risk — we won’t even be able to co-locate American resources, an American embassy, an American military outpost.” US officials have lobbied their British counterparts against approving Huawei as a supplier.
The UK is part of the Five Eyes security alliance alongside the US, Canada, Australia and New Zealand. But while Australia and New Zealand have agreed to block or restrict Huawei, the UK has been more equivocal.
Those close to the NSC meeting say the decision was signed off collectively and that security concerns were reflected in the restrictions limiting Huawei’s involvement to non-core parts of the 5G project.
The core infrastructure is where sensitive information such as billing and customer details are stored. The non-core elements are the aerials and base stations on masts and rooftops and transmission equipment, which telecoms companies argue are passive in that data merely passes through and cannot be compromised.
The question of Huawei security is as much about the real as the imagined threat. This article from ARS Technica highlights the risks of using any hardware solution, not just Huawei’s. Here is a section:
The Huawei driver did make some attempts to ensure that it would only communicate with and restart Huawei's own service, but improper permissions meant that even an unprivileged process could hijack the driver's watchdog facility and use it to start an attacker-controlled process with LocalSystem privileges, giving that process complete access to the local system.
Microsoft's researchers then continued to look at the driver and found that it had another flawed capability: it could map any page of physical memory into a user process, with both read and write permissions. With this, the user process can modify the kernel or anything else, and as such it, too, represents a gaping flaw.
While there is, of course, an element of the sales pitch around Microsoft's public description of what it found and how it found it—it shows that Defender ATP can indeed yield relevant and valuable data—this example does a good job of showing how Microsoft is using the regular Windows 10 updates to boost defense in-depth measures and how cloud-based analytics can provide insights that would otherwise be hard to come by. It also highlights just some of the extraordinarily awful things that hardware vendors do when they're tasked with writing software. When your hardware vendors are opening up big security flaws and copying malware techniques, one wonders if we need protection from the good guys as well as the bad ones.
The bigger issue with Huawei is that it is producing low cost routers of sufficiently quality to outbid other providers. When it reaches 50% of global market share it will provide the Chinese government the opportunity to set global standards for the market. It is that transition which the USA wishes to avoid.
The UK’s reliance on Chinese investment and the City’s desire to become a major centre for Renminbi trading are significant factors in the desire to avoid insulting China. That’s not a great position to be in and it is something a number of Europe’s largest economies have to contend with.Back to top