Not content with its planned ban on Huawei equipment in the UK's 5G phone networks, the British government now wants to threaten Huawei-using telcos with fines of £100,000 a day unless they follow binding new rules on how existing kit can be used.
A new law being laid in Parliament today will allow the government to write binding security rules that shut so-called "high risk" vendors' equipment out of parts of networks – and could even dictate how their existing equipment can be used within telcos' networks.
Oliver Dowden, Culture Secretary, aka Secretary of State for Digital, Culture, Media and Sport, boasted in a canned statement: "This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks."
As well as targeting gear with backdoors, the new laws will also let regulators including Ofcom target telco equipment running poorly written firmware. Such firmware is said to be widespread in Huawei's network equipment, as revealed in 2019's Huawei Cyber Security Evaluation Centre report and reinforced in this year's follow-up.
National Cyber Security Centre technical director Dr Ian Levy said in a canned statement: "The roll-out of 5G and gigabit broadband presents great opportunities for the UK, but as we benefit from these we need to improve security in our national networks and operators need to know what is expected of them. We are committed to driving up standards and this bill imposes new telecoms security requirements, which will help operators make better risk management decisions."
The new Bill will, the Ministry of Fun** told the press, be written as a framework allowing civil servants to create legally binding codes of practice without Parliamentary oversight. It said these requirements will be set out in secondary legislation, but are likely to involve companies acting to:
- securely design, build and maintain sensitive equipment in the core of providers' networks which controls how they are managed;
- reduce the risks that equipment supplied by third parties in the telecoms supply chain is unreliable or could be used to facilitate cyber attacks;
- carefully control who has permission to access sensitive core network equipment on site as well as the software that manages networks;
- make sure they are able to carry out security audits and put governance in place to understand the risks facing their public networks and services; and
- keep networks running for customers and free from interference, while ensuring confidential customer data is protected when it is sent between different parts of the network.
In a statement, BT told us: “The security of our networks is paramount. We therefore welcome the UK government’s establishment of clear security standards for the UK telecoms industry. We’ll continue to work closely with the NCSC and other Government bodies to develop these standards further.
"As we outlined in July, we’re working to the latest Government guidelines around the exclusion of Huawei from 5G networks, and we’ve recently signed agreements with Nokia & Ericsson that will allow us to deliver on these commitments.”
All new purchases of Huawei mobile network equipment for UK networks will be banned from the end of this year under existing laws. By the year 2027 all "high-risk vendor" kit will be stripped out of Britain's networks altogether.
Frantic at the notion of being shut out of a lucrative, Western market, Huawei has been busy commissioning study after study "proving" that kicking it out of Britain's telco networks would be bad for the economy.
If the UK government is genuinely concerned about the perceived secuirty risks of integrating Huawei kit, and not acting on ongoing pressure from the US administration, it is no small wonder that telcos in Britain have until 2027 to eradicate Huawei from their networks.
Huawei sent us a statement from UK veep, Victor Zhang: "It’s disappointing that the government is looking to exclude Huawei from the 5G roll out. This decision is politically-motivated and not based on a fair evaluation of the risks. It does not serve anyone’s best interests as it would move Britain into the digital slow lane and put at risk the Government’s levelling up agenda."
Speaking on behalf of members of Mobile UK - a trade assoication which includes Vodafone, Three, EE and O2 - director Hamish MacLeod, said: "Network security and resilience have always been a top priority for the UK’s mobile network operators. We support the framework for the Telecoms Security Bill and will continue to work closely with the Government to ensure the objectives of the Bill are fulfilled and to build on the already robust security measures mobile operators have in place." ®