The NCSC advice over Huawei is convoluted but ultimately makes sense

Tech

A closer look at the advice on which the UK based its decision to ban Huawei from its 5G networks reveals a mixture of rigour and improvisation.

As we reported earlier today, the only apparent reason for the drastic shift in UK government policy over Huawei was the US decision to starve Huawei of access to any products that contain US intellectual property. To its credit, the National Cyber Security Centre immediately published a document detailing its rationale, so we decided to have a look through it, because we don’t have a life.

At the core of the matter is the answer to this question: if it was safe to allow Huawei kit in our 5G networks six months ago, how come it isn’t now? The answer, as you will see below, is that it’s not as clear cut as that, but given the extra risks created by the US decision, we’ve decided to err on the side of caution.

“It is too early to say with confidence when exactly this US action will disrupt Huawei’s supply chain, although there are indications that it is already taking effect,” commences the section focusing on the implication of the US decision. At this time, our estimate is that Huawei’s supply will be impacted within the next 3-12 months.

“The exact timeframe will be largely based upon the quantity of processors and other complex, custom semiconductors that Huawei may have stockpiled, which is not known. However, Huawei has indicated to the NCSC and wider government that it would, exceptionally, ringfence sufficient equipment and spares from these existing stockpiles to satisfy the expected rollout needs for the next five years for two UK operators.”

The rationale went on to say that nobody really know what effect the US Foreign-Produced Direct Product Rule Amendment (FDPRA) will have on the supply of Huawei kit. It also noted that “in relation to supply issues specifically, it does not directly impact the UK’s mitigation strategy with Huawei.” In other words, security of supply is another concern entirely and, surely, one for the operators, not the government.

It then outlines the broader implications of the FDPRA on the UK’s security mitigation strategy for Huawei, which fall into four main areas:

  • Huawei supplies equipment in contravention of US export control, something that Huawei has said it would not do, and the UK government and industry would not accept.
  • Huawei utilises generic third-party processors rather than existing, Huawei-designed processors.
  • Huawei, or a third party, design and build equipment largely independent of US technology or tools.
  • The US government remove or reduce the sanctions against Huawei, which does not appear to be likely.

The analysis concludes that, even if Huawei managed to source non-US chips or design its own, it would be very difficult to be sure they were secure enough. With that being the case, the mitigation strategy that formed the basis of the previous advice is no longer applicable, hence the U-turn. While that is a plausible rationale, it does seem to imply the previous position had flimsy foundations.

“For the reasons already set out above the NCSC has significant concerns about the viability of being able to continue to use Huawei’s post-FDPRA network equipment in UK networks,” continues the analysis. “We consider that the advice we provided to operators in January is no longer appropriate in light of this unprecedented change. We are therefore updating our mitigation strategy for Huawei.

“Given the situation outlined above, the risk is sufficiently high for the NCSC to recommend that Huawei’s post-FDPRA equipment is not used in the UK at all.  However, due to the diversity issues in the telecoms sector, that would have severe negative consequences for the security and resilience of the UK’s networks.  The NCSC has therefore had to balance these competing risks in providing advice.”

Essentially the NCSC is saying it had to balance the risk of having Huawei in the network with risk of having no network at all. This still feels like a post hoc justification for balancing the interests of the US and UK operators like BT and Vodafone but, to be fair, it’s quite a good one. The extent to which the American and the UK operators moan will be the measure of how effective this latest fudge has been. It is probably too much to hope that China will sympathise with the difficult course this decision attempted to navigate.

Articles You May Like

Venues Begin Teasing Linkin Park Tour by Posting Photos
Where Indians Are Traveling Now
Anthony Boyle Shares Why He Did ‘Say Nothing’ After Avoiding Roles About The Troubles
Booking Holdings to Lay Off Employees, Shift Spending Priorities
Book Riot’s Deals of the Day for November 8, 2024