Vodafone urges UK.gov to get on with it and conclude review into Huawei

One-third of network dependent on Chinese kit maker

Interview Vodafone's CTO has urged the British government to release the results of its delayed telecoms supply chain review, so that it can get the green light for use of Chinese supplier Huawei in its non-core 5G network.

The mobile operator will launch its first 5G services next month, initially focusing on seven cities and spreading to 19 by the end of the year. Currently one-third of its radio access network is built using Huawei kit. All four operators will be launching 5G this year.

Speaking to The Register, Voda CTO Scott Petty said the 5G technology is deployed on top of existing 4G infrastructure.

"So if you want to deploy a 5G base station, you have to deploy it on top of an existing 4G base station and you can’t mix vendors. If your base station is a Huawei 4G base station, and you want to deploy 5G - it has to be Huawei, you can’t deploy Ericsson. That interoperability doesn’t work."

He said if Huawei were to be banned, Vodafone would have to stop deploying 5G in those areas and swap the 4G base stations. "That would obviously cost a lot of money and take a lot of time."

EE also continues to use Huawei's kit in its RAN, including in the 5G deployment.

Voda's chief techie told The Reg: "If the Telecoms Supply Chain Review says Huawei is OK, then great, but if it said we don't believe you should be using Huawei, we'd have to stop what we are doing and change our plans. As each month goes by, we are deploying more and more 5G. So ideally, it would be better to have it out sooner rather than later."

He added the outcome of the review "probably caught up with the machinations in Westminster" - with everything appearing to be on hold while the remaining Tory candidates fight it out to be next prime minister.

"I think we had all hoped it would be published before now. Although we would prefer them to get it right rather than hurry it up."

The government said the review - which was supposed to arrive by spring 2019 - "will be announced in due course." It said: "We have been clear throughout the process that all network operators will need to comply with the government's decision."

The UK government's Department of Digital, Media, Culture and Sport told El Reg last week that the review would be redacted.

Petty noted that Huawei's technology is featured in the core of Vodafone's network in some countries.

"The reason for the difference is that in the UK we have a very large enterprise and public sector business," he said. "And we run much greater critical national infrastructure than in some countries where we are predominantly running a consumer business and when you assess the risk for a consumer business, the core is less risky…

"If, for example, the prime minister's phone or the queen's phone were on our network, we would probably take a slightly different view of the risk to the core."

In April, UK culture secretary Jeremy Wright noted that "despite the inevitable focus on Huawei" this review "is not about one company, or even one country."

He said: "We have to strike a difficult balance between security and prosperity, and recognise the reality of globalised networks and supply chains although our security interests are pre-eminent, and that has been the focus of the review. The way to ensure that the UK fully realises the potential of 5G is through its safe and secure deployment." ®

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Cisco execs pledge simpler, more integrated networks
    Is this the end of Switchzilla's dashboard creep?

    Cisco Live In his first in-person Cisco Live keynote in two years, CEO Chuck Robbins didn't make any lofty claims about how AI is taking over the network or how the company's latest products would turn networking on its head. Instead, the presentation was all about working with customers to make their lives easier.

    "We need to simplify the things that we do with you. If I think back to eight or ten years ago, I think we've made progress, but we still have more to do," he said, promising to address customers' biggest complaints with the networking giant's various platforms.

    "Everything we find that is inhibiting your experience from being the best that it can be, we're going to tackle," he declared, appealing to customers to share their pain points at the show.

    Continue reading
  • Intel offers 'server on a card' reference design for network security
    OEMs thrown a NetSec Accelerator that plugs into server PCIe slots

    RSA Conference Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.

    The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.

    According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading

Biting the hand that feeds IT © 1998–2022