View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Digital Transformation
January 28, 2020updated 29 Jan 2020 10:43am

Telcos May Have to Start Tearing Out Huawei Kit – Reliance on Three Vendors is “Crazy” – NCSC

"If your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure"

By CBR Staff Writer

Telecommunications companies in the UK may have to start pulling Huawei kit out of their networks under new rules introduced today, which limit the Chinese vendor’s inclusion in infrastructure to 35 percent at most.

In an explanation of the technical advice [pdf] it gave to the British government ahead of its closely watched decision today, the agency said telcos should get to work reducing their reliance on Huawei kit “as soon as practical”.

“Operators whose Huawei estates currently exceed the recommended level for an HRV (high-risk vendor) [should reduce this use] to the recommended level as soon as practical. We…. consider that it should be possible for all operators to reduce their use of HRVs to the recommended levels within three years.”

“Operators who chose to follow our advice were putting themselves at a commercial disadvantage; that’s unsustainable” – NCSC’s Technical Director

NCSC Technical Director, Dr Ian Levy emphasised in a separate blog that “one of the biggest problems” the country has faced in boosting network security is that “telecoms security doesn’t pay. That’s true of the basic network security and business processes that support it. But it’s also true of the enhanced mitigations we ask operators to – voluntarily – do when using a high risk vendor such as Huawei.”

He added: “Operators’ commercial drivers have come into direct conflict with the NCSC’s security advice. Those operators who chose to follow our advice and requests were putting themselves at a commercial disadvantage. That’s unsustainable.

Formalising the handling of high risk vendors “is very welcome” he wrote, noting that ti “provides clarity for operators and transparency about what we expect for the security of our national networks. Externalising the security costs of particular choices will help operators make better security risk management decisions.”

New Telco Penetration Testing Regime 

Among the new elements being rolled out today as part of the decision is a penetration testing regime, TBEST, that will be run by regulator Ofcom.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

As Levy notes: “Trusted penetration testers will regularly attack the live networks like a real attacker but in a controlled way, so we don’t accidentally break anything. Testing security controls is important and, while we expect operators to be testing themselves, independent testing is more likely to expose deficiencies or errors. The results of these tests will give operators information to help them better secure their networks.

Operators should “certainly not assume that all HRVs are Chinese companies” the NCSC added in its guidance today, while Levy emphasised a broader point: “The underlying problem in all this is that the market is broken.

“Already, we ask all mobile operators to use two vendors in their Radio Access Network (RAN) for resiliency reasons. There are only three scale suppliers of 5G RAN kit that can currently be used in the UK: Nokia, Ericsson and Huawei. That’s crazy…

“We need concerted efforts from governments and industry around the world to ensure we never end up in this position again.”

See also: UK Huawei Decision: Chinese Firm Avoids Outright 5G Ban

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU