5G & Huawei: The Telecoms Security Bill Building a UK Firewall
As the ongoing trade war between China and the West escalates day-by-day, the UK government introduced tougher security rules earlier this week (24th of November), on UK telecoms companies under the Telecoms Security Bill (the 'Bill'). The Bill purports to exclude Huawei's contribution in the UK's telecoms and 5G industry on a 'national security' basis, with potential fines of up to 10% of turnover, or in the case of continuing contravention, £100,000 per day. Fines are set to be allocated where companies fail to eliminate reliance on Huawei's software, routers and antennas.
Following on from the much-publicised and dramatic divorce between the US and China, the new UK Bill similarly spurs further tensions over security concerns and Huawei’s alleged breaches. The Bill is set to form the legislative backbone of the UK government’s plan to reduce Britain’s reliance “on high-risk vendors” for the future 5G networks, including China’s Huawei and ZTE.
The government's plans include passing follow-up legislation which will specify the requirements on how operators are expected to design their telecom networks, protect them from cyberattacks, as well as rules on who can access sensitive parts of the “core” network, and ways with which to audit security.
Tech 101: What is 5G?
5G is the next level in wireless connectivity after 4G LTE, and it transmits data through a mix of radio frequency waves. It differs from 4G since 4G connections only used the lower end of the radio frequency spectrum; low-band frequencies are widely more reliable and result in less signal distortion, but they are also slower.
Instead, 5G uses a mix of low, mid, and high frequencies by using the method of ‘adaptive beam switching’, whereby the signal is constantly looking for the best and most stable frequencies available, and hop to them to maintain strength.
The sheer amount of bandwidth that 5G can support means terabytes of data can be received and crunched in seconds with less backlog. Businesses that move massive amounts of user data per day, could see their industries transform.
What are the ‘Huawei breaches’?
Huawei (UK)’s parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company, which is now one of the world’s largest telecom providers. The ‘Huawei breaches’ refer to the alleged security breaches occurring in Western nations, and the alleged leakage of power over Western markets, out of the hands of Westerners and into Chinese control.
Although Huawei sells consumer devices such as laptops and phones, the real source of concern arises from its work closer to data centres. The company designs and manufactures kits which control how and where data is sent, and more importantly, the company makes radio equipment including antennas, which are critical for the facilitation of 5G connectivity.
The past few months, Downing Street has seen intense pressure from US authorities and conservative backbenchers to ban the Chinese company from Britain’s telecoms networks, on ‘national security’ grounds due to the risks it poses on the chip supply chain. The US government has been led by beliefs that Huawei may be enabling ‘spying activities’ on behalf of the ruling Chinese Communist Party, against other countries and their companies, undermining their national security and stealing commercial secrets.
This move has cut the group’s access to global technology suppliers, whilst it struggles to ensure its brand's survival in Western markets. A report by the Oversight Board from the Huawei Cyber Security Evaluation Centre has not helped alleviate the situation. From an enveloped view of the company's activities, the report, published in September 2020, highlights concerning issues in Huawei’s approach to software development and alleges that such approach brings “significant risks” to UK operators.
"This decision is politically motivated and not based on a fair evaluation of the risks," said Huawei VP, Victor Zhang, while Huawei UK’s Ed Brewster said: “Regrettably our future in the UK has become politicised, this is about US trade policy and not security.”
What is the Bill’s scope?
The current framework allows telecoms providers to be responsible for setting their own security standards in their networks, often referred to as an ‘industry of self-regulation’. Major issues were flagged with this approach last year by the Telecoms Supply Chain Review, which suggested that the incentive to adopt the “best security practices” is not attractive enough. This also comes after concerns were raised about the UK's level of protection against hostile cyber activity by “state actors or criminals”, with the Government attributing main threats to Russia and China, as well as North Korea and Iran.
Attacks to be guarded against are said to be of the likes of the Chinese ‘APT10’ group attack in 2018, widely referred to as ‘Cloudhopper’; a cyber intrusion which targeted a range of companies, specifically aiming for trade secrets and economies around the world.
The Bill is set to strengthen the security framework for technology used in 5G and full-fibre networks (FTTP), and give telecoms watchdog Ofcom – the UK communications regulator – the powers needed to monitor and enforce compliance. These are said to include the power to direct telecoms providers to take interim steps to address security gaps during the enforcement process, and streamline procedures for the new Codes of Practice to be introduced.
In terms of competition concerns, the government also cites issues with the fact that global markets have become overly reliant on too few vendors, due to a lack of competition in the global telecoms supply chain. One way of addressing this has been the 5G Diversification Strategy, whose end-goal is to address the lack of diversity in the market by outlining new measures to boost competition and innovation in the telecoms supply chain, and subsequently reduce dependence on individual suppliers.
[The bill] "will give the U.K. one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks." Digital Secretary Oliver Dowden
What does this mean for 5G?
Sadly, this move is expected to delay completion of the 5G rollout by 2 to 3 years, and adds costs of up to £2bn for operators. As an example, BT expects to take a £500m hit from this move. The “five-year transition plan” was introduced for the avoidance of mobile blackouts on 4G and 2G across the UK, as companies like BT and Vodafone, seek to remove Huawei’s equipment. ISP review mentions that “it is worth remembering that there is no such thing as 100% security”, whilst “a cunning hacker, or state-sponsored espionage, will often be able to find a way around even the best defences”. As a result of the Bill, by 2027 companies will have to deal with the complex task of overhauling their mobile networks, and weeding out Huawei software, routers and antennas.
[Read More]: The TikTok Saga: A US-China trade war