The British government has launched a probe into the security of supply chains in its fast-evolving telecommunications industry, in a move that will kick-start debate over the key role of Chinese telco giant Huawei in the country’s telecoms infrastructure.
Britain’s review comes just months after Australia and the US effectively blocked Huawei and fellow Chinese equipment maker ZTE as suppliers to the rollout of 5G mobile telecoms infrastructure – so it will likely be welcomed by Britain’s key intelligence partners.
In announcing its ban, Canberra cited security concerns about allowing state-owned enterprises, which can be subject to direction by their country’s intelligence agencies, into the core of a network that will eventually underpin many key parts of Australia’s critical national infrastructure.
Britain has to date taken a more softly-softly approach: its signals intelligence agency GCHQ works closely with Huawei at a co-located site near Oxford, and also pens occasional advisory letters to Britain’s telecoms operators.
The new “telecoms supply chain review”, announced without fanfare on Thursday, may signal an acknowledgement that this approach is coming under pressure following the Australian and US decisions.
This can be seen in the review’s terms of reference, which indicate that Britain will examine the “different approaches being taken” by its international partners.
The review, which is expected to wrap up in the northern spring, will also consider: the British telecoms sector’s security risks and vulnerabilities, and how these might evolve in future; the commercial needs of buyers and sellers; and the companies’ own approaches to network security and resilience.
The release of the review’s terms of reference comes just days after the Financial Times revealed that two senior British bureaucrats, including the head of GCHQ’s National Cyber Security Centre (NCSC), had written to several major telecoms operators warning them that the government was to conduct a review that “may lead to changes in the current rules”.
The letter said the operators would “need to take the review into consideration in any procurement decision”, although it did not mention Huawei by name.
This followed an earlier letter from the NCSC to the operators in April, advising them not to use ZTE as a supplier because of the “long-term negative effect on the security of the UK”.
In a speech in August, GCHQ head Jeremy Fleming said Britain “needs to deal with” the globalisation of technology. “Critical technologies – for example, in 5G – are increasingly likely to come from China,” he said. “We are looking at how we can better manage supply to our critical national infrastructure.”
When Huawei’s involvement in the 4G network first became a front-of-mind concern earlier this decade, the British government dragged the Chinese telco into a joint venture with GCHQ. The arrangement, known colloquially as “the Cell”, gives GCHQ access to Huawei’s equipment, processes and personnel, so it can identify and evaluate security risks.
The Cell is monitored by a largely government-staffed oversight board. In its annual report in July, the board said it had found “areas of concern” which meant that it could “provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated”.
The board’s report also noted that 5G represented a radically different network architecture to 4G – likely referring to the fact that the distinction between “core” and “edge” is lost in 5G, which means Huawei’s involvement cannot be corralled at the edge, as it can in 4G. The report said British security agencies would have to consider how the Cell could mitigate this new breed of risk.