US is whispering in South Korea’s ear over Huawei – report

US diplomats are in Seoul and up to their old tricks attempting to convince the South Korean foreign ministry over the dangers of China.

After enduring months of frustration in Europe, the anti-Huawei road trip is back in Asia. The doomsday propaganda might have failed to hit the target in Europe, though the US is now seemingly targeting South Korea according to local sources.

One of the complaints has been directed at LG Uplus, one of the country’s major telcos which has been using Huawei components and products. The US is suggesting LG Uplus should be banned from operating in areas which would be deemed sensitive or critical, while the Huawei threat should be driven back across the borders as soon as possible.

While Huawei has been the centre piece of the US’ anti-China propaganda mission over the last few months, the over-arching conflict is showing the threat of widening. Sources suggest the White House is considering adding an additional five Chinese companies to the ‘Entity List’, the blacklist of companies which cannot do business with US firms. These companies, which include Megvii, are primarily surveillance technology firms.

Although the US has been leaning heavily on its rivals to take action against Huawei and other Chinese vendors in the telco world, South Korea is in a similar tricky position as Europe. South Korea, like Europe, relies heavily on China as an export market, with a quarter of all exports in 2019 heading towards China.

Europe is currently standing firm against White House demands, and it would not surprise us if South Korea took a similar position of defiance. It does appear the country is heavily reliant on the Chinese relationship and siding on with the US could put a severe dent in the economic prosperity of the nation.

Huawei CEO pressures US President Trump via Chinese media

Ren Zhengfei, Founder and CEO of besieged telecoms vendor Huawei, chose sympathetic Chinese media for his latest publicity initiative.

He invited the People’s Daily, CCTV and Xinhua News Agency, which are directly controlled by the Chinese Communist Party, as well as a bunch of other media not known for challenging the party line, for a bit of a chat at Huawei towers in Shenzhen. Conspicuously absent was the relatively neutral and objective South China Morning Post.

While the choice of media ensured a sympathetic line of questioning, Ren (pictured, photo taken from report) still served up some interesting answers. The current line from Huawei, in response to all the aggro it’s having to deal with from the US, seems to be to be as friendly as possible towards US companies, while at the same time demonising US politicians.

“What the US will do is out of our control,” said Ren. “I would like to take this opportunity to express my gratitude to the US companies that we work with. Over these 30 years, they have helped us to grow into what we are today. They have made many contributions to us. As you know, most of the companies that provide consulting services to Huawei are based in the US, including dozens of companies like IBM and Accenture.

“Second, we also have been receiving support from a large number of US component and part manufacturers over all these years. In the face of the recent crisis, I can feel these companies’ sense of justice and sympathy towards us.

“The US is a country ruled by law. US companies must abide by the laws, and so must the real economy. So you guys from the media should not always blame US companies. Instead, you should speak for them. The blame should rest with some US politicians.

“US politicians might have underestimated our strengths. I don’t want to say too much about this, because Ms. He Tingbo, President of HiSilicon, made all these issues very clear in her letter to employees. And all mainstream newspapers inside and outside of China have reported on this letter.”

Everything Ren said was accurate, but it’s intriguing that he made such a point of exonerating US companies from complicity in this whole affair. Huawei is, of course, a fully globalised company and relies heavily on good relationships with companies everywhere, so it makes sense to protect those relationships.

But looking under the surface of those comments two things spring to mind. Firstly it’s tactically sound to try to drive as much of a wedge as possible between the US private and public sectors. Presumably US companies like Google aren’t happy at being forced to stop doing business with one of the world’s largest technology companies and will be pressuring the US government to wind its neck in behind the scenes. They could yet be vital allies in Huawei’s bid to resolve this situation.

Secondly Ren seems to have scored a bit of an own-goal by conceding how powerless companies are to resist the will of politicians in their home countries. Since the central accusation levelled at Huawei by the US is that it is compelled to assist the Chinese state in espionage activities when asked, a call for private sector defiance may have been more cunning.

There was more talk of component autonomy but the Arm situation, which could scupper many of those plans, wasn’t directly addressed. Apparently Huawei was nearly sold to a US company in 2000 but it fell through at the last minute and they decided against trying to sell it to anyone else. Ren said Huawei has been preparing to ‘square off against the US’ ever since. The core message is that Huawei is fully prepared for this situation and will handle it just fine, but the Android situation was also conveniently avoided.

In response to a question about how long this current situation will last Ren replied “You are asking the wrong person; you should ask President Trump this question. I think there are two sides to this. Of course, we will be affected, but it will also inspire China to develop its electronics industry in a systematic and pragmatic manner.”

Hilariously the piece concludes with the statement “Huawei contributed to this story,” implying some degree of editorial veto. Nonetheless it’s worth reading the whole thing for the considerable insight it offers into the thinking behind the company. Huawei seems to have used this benign media gathering as an opportunity to put pressure on US politicians, or at least encourage US companies to do so. While this is a sound tactic there is currently little evidence of any progress being made in the geopolitical spat that Huawei has found itself in the middle of.

Microsoft starts ruffling privacy feathers in the US

This weekend will mark the one-year anniversary of Europe’s GDPR and Microsoft has made the bold suggestion of bringing the rules over the pond to the US.

Many US businesses would have been protected from the chaos that was the European Union’s General Data Protection Regulation (GDPR), with the rules only impacting those which operated in Europe. And while there are benefits to privacy and data protection rights for consumers, that will come as little compensation for those who had to protect themselves from the weighty fines attached to non-compliance.

Voicing what could turn out to be a very unpopular opinion, Microsoft has suggested the US should introduce its own version.

“A lot has happened on the global privacy front since GDPR went into force,” said Julie Brill, Deputy General Counsel at Microsoft. “Overall, companies that collect and process personal information for people living in the EU have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose.

“This has improved how companies handle their customers’ personal data. And it has inspired a global movement that has seen countries around the world adopt new privacy laws that are modelled on GDPR.

“Now it is time for Congress to take inspiration from the rest of the world and enact federal legislation that extends the privacy protections in GDPR to citizens in the United States.”

The rules themselves were first introduced in an attempt to force companies to be more responsible and transparent in how customer data is handled. The update reflected the new sharing economies the world had sleepwalked into; the new status quo had come under criticism and new protections had to be put in place while also offering more control to the consumer of their personal data.

GDPR arrived with little fanfare after many businesses scurried around for the weeks prior despite having almost 18 months’ notice. And while these regulations were designed for the European market, such is the open nature of the internet, the impact was felt worldwide.

While this might sound negative, GDPR has proved to be an inspiration for numerous other countries and regions. Brazil, Japan, South Korea and India were just a few of the nations which saw the benefit of the rules, and now it appears there are calls for the same position to be adopted in the US.

As Brill points out in the blog post stating the Microsoft position, California has already made steps forward to create a more privacy-focused society. The California Consumer Privacy Act (CCPA) will go into effect on January 1 2020. Inspired by GDPR, the new law will provide California residents with the right to know what personal information is being collected on them, know whether it is being sold or monetized, say no to monetization and access all the data.

This is only one example, though there are numerous states around the US, primarily Democrat, which have similar pro-privacy attitudes to California. However, this is a law which stops short of the strictness of GDPR. Companies are not on the stopwatch to notify customers of a breach, as they are under GDPR, while the language around punishment for non-compliance is very vague.

This is perhaps the issue Microsoft will face in attempting to escalate such rules up to federal law; the only attempt which we have seen so far in the US is a diluted version of GDPR. Whereas GDPR is a sharp stick for the regulators to swing, a fine of 3% of annual turnover certainly encourages compliance, the Californian approach is more like a tickling feather; it might irritate a little bit.

At the moment, US privacy laws are nothing more than ripples in the technology pond. If GDPR-style rules were to be introduced in the US, the impact would be significant. GDPR has already shifting the privacy conversation and had notable impacts on the way businesses operate. Google, for example, has introduced an auto-delete function for users while Facebook’s entire business rhetoric has become much more privacy focused. It is having a fundamental impact on the business.

We are not too sure whether Microsoft’s call is going to have any material impact on government thinking right now, but privacy laws in the US (and everywhere for that matter) are going to need to be brought up-to-date. With artificial intelligence, personalisation, big data, facial recognition and predictive analytics technologies all gaining traction, the role of personal data and privacy is going to become much more significant.

ZTE moves to prove its own security credentials

Taking a page from the Huawei playbook, ZTE is opening its own European cybersecurity lab to demonstrate its own security credentials and appeal to customers.

Although Huawei is taking a battering on the US side of the Atlantic, European nations have stubbornly stood by the side of reason and reasonable behaviour, asking for evidence before signing an execution order. One of the reasons for this will be the apparent transparency to security through its cybersecurity centres in the UK and Belgium, and it seems ZTE is following suit.

“The security lab is an open and cooperative platform for the industry,” said Zhong Hong, ZTE Chief Security Officer.

“ZTE plans to gradually achieve the cybersecurity goals through three steps: first, meeting the requirements of cybersecurity laws, regulations and industry standards as well as certification schemes; second, conducting an open dialogue to enhance transparency and establishing cooperation with customers as well as regulatory agencies; and third, sustaining the open cooperation mechanism to contribute to cybersecurity standardization.”

Opening in Rome, the cybersecurity lab will enable telcos to contribute ideas to improve the security credentials of ZTE products, while customers will also be able to conduct audits of all products and services in the labs. This approach is seemingly working for Huawei, and ZTE is recognising the opportunity to get in on the action as 5G ramps up across the continent.

For ZTE this is a perfectly sensible move to mitigate against future risks. As Huawei is largely a proxy for Chinese aggression, it would be reasonable to assume any action taken against Huawei would be replicated against ZTE. Anything which can be done to get into the good graces of potential European customers should be seen as a priority.

Although it is for selfish reasons, the cybersecurity centre also adds more credibility to the standardisation approach which seems to be forming across the European continent. The more vendors who agree to the higher barriers to entry, the closer the continent comes to standardising security credentials. This approach to risk mitigation, an acceptance that 100% secure is an impossible objective, manages threats while also preserving competition.

Until there is concrete proof of collusion with the Chinese government for nefarious aims, this is the most sensible approach, taking the argument out of the political arena.

US influence on Europe failing as France resists Huawei ban

The White House might have felt banning Huawei was an appropriate measure for national security, but France does not agree with the drastic action.

Speaking at a conference in Paris, French President Emmanuel Macron has confirmed the country will not ban Huawei. This is not to say it won’t in the future, but it appears Europe is remaining resolute against the demands of the US. The burden of proof might be a concept easily ignored in the US, but Europe stands for more.

“Our perspective is not to block Huawei or any company,” Macron said. “France and Europe are pragmatic and realistic. We do believe in cooperation and multilateralism. At the same time, we are extremely careful about access to good technology and to preserve our national security and all the safety rules.”

President Donald Trump is most likely a man who is used to getting his own way, and upon assuming office as head of the most powerful government worldwide, he might have thought this position of privilege would continue. However, Europe is being anything but compliant.

In direct contradiction to the Executive Order banning Huawei from supplying any components, products and services to US communications networks, Macron has declared France open is for business. France won’t use the excuse of national security to beat back the progress of China but will presumably introduce mechanisms to mitigate risk.

Germany has taken this approach, increasing the barrier to entry for all companies, not just Huawei. Vendors will have to pass more stringent security tests before any components or products can be introduced to networks, though Chancellor Angela Merkel has also made it clear she intents to steer clear of political ties to the decision.

“There are two things I don’t believe in,” Merkel said in March. “First, to discuss these very sensitive security questions publicly, and second, to exclude a company simply because it’s from a certain country.”

The UK is seemingly heading down a similar route. Alongside the Huawei Cyber Security Evaluation Centre (HCSEC), run by GCHQ with the objective of ensuring security and privacy credentials are maintained, the long-awaited supply chain review is reportedly going to place higher scrutiny but stop short of any sort of ban. The official position will be revealed in a few weeks, but this position would be consistent with the UK political rhetoric.

Over in Eastern Europe, governments also appear to be resisting calls to ban the company, while Italy seems to be taking the risk mitigation approach. Even at the highest bureaucratic level, the European Commission has asked member states to conduct an assessment for security assessments. Unless some drastic opinions come back in October, we suspect the official position of the European Union will be to create higher security mechanisms which offer competitive opportunity for all vendors in the market.

For the moment at least, it appears the Europeans are immune to the huffing and puffing making its way across the Atlantic. That said, the trade war with China is set to escalate once again and it would be fair to assume more US delegations will be attempting to whisper in the ears of influential Europeans. At some point, the US will get tougher on Europe, but it does appear those pesky Europeans are stubborn enough to resist White House propaganda and pressure.

Don’t ignore Huawei’s ban on buying US components

While everyone is focusing on the ban on selling in the US, the ban on buying US components is a much more interesting chapter of the Huawei saga.

President Donald Trump has dropped the economic dirty bomb on China and it’s dominating the headlines. Although Huawei, or China, are not mentioned in the text, the Executive Order is clearly a move to stall progress made in the telco arena. China is mounting a challenge to the US dominance in the TMT arena, and this should be viewed as a move to combat that.

There are clearly other reasons for the order, but this should not be ignored. The security argument, albeit an accusation thrown without the burden of concrete evidence, is a factor, but never forget about the capitalist dream which underpins US society.

However, although most are focusing on Huawei’s inability to sell components, products and services in the US market, there might be an argument the ban on purchasing US components, products and services is more important, impactful and influential.

“This action by the Commerce Department’s Bureau of Industry and Security, with the support of the President of the United States, places Huawei, a Chinese owned company that is the largest telecommunications equipment producer in the world, on the Entity List,” said Secretary of Commerce Wilbur Ross. “This will prevent American technology from being used by foreign owned entities in ways that potentially undermine US national security or foreign policy interests.”

While we will focus on the ban on purchasing US components, products and services for this article, it is worth noting the ban on Huawei selling in the US will have an impact.

Rural telcos in the US have mostly been against any ban on Chinese companies. In October 2018, Huawei made a filing with the FCC arguing its support for rural telcos is underpinning the fight against the digital divide and a ban would be disastrous for those subscribers. Michael Beehn, CEO of MobileNation, was one of those who argued against the ban, suggesting the cost-effectiveness of Huawei allowed his firm to operate. Without the advantage of nationwide scale, these organizations will always struggle when the price of networks is forced north.

While the US is a massive market, with huge opportunities to maximise profits, not being able to sell in the US is not going to have a significant impact on Huawei. Its customers are the rural telcos not the national ones. Huawei has not managed to secure any major contracts with the big four, therefore it is missing out on something which it never had. Huawei has still managed to grow sales to $105 billion without the US, therefore we believe this ban is not going to be a gamechanger.

However, it is the ban on purchasing US components, products and services which we want to focus on here.

Huawei is not outrightly banned from using US technologies and services, however, those companies who wish to work with the dominant telco vendor will have to seek permission to do so beforehand. The US can now effectively how strategically it wants to twist the knife already dug deep into Huawei’s metaphorical chest.

Although we’re not too sure how this will play out, Huawei’s business could be severely dented by this move.

Huawei recognises 92 companies around the world as core suppliers to the business. It will have thousands of suppliers for various parts of the business, but these 92 are considered the most important to the success of operations. And 33 of them are US companies.

Some are small, some are niche, some are more generic, and some are technology giants. The likes of Qualcomm, Intel and Broadcom all have interests in keeping the US/Chinese relationship sweet, though more niche companies like Skyworks Solutions, Lumentum and Qorvo have much more skin in the game. Firms like NeoPhotonics, who are reliant on Huawei for 46% of its revenues, might well struggle to survive.

Huawei will be able to survive this move, it has been preparing for such an outcome, but you have to wonder what impact it will have on its products and credibility.

HiSilicon, the Huawei-owned semiconductor business, has been ramping up its capabilities to move more of its chip supply chain in-house, while the firm has reportedly been improving the geographical diversity of its international supply chain. According to the South China Morning Post, not only has Huawei been moving more operations in-house, it has also been stockpiling US components in the event of the procurement doomsday event.

A similar ban on procuring US components, products and services was placed on ZTE last year and it almost crippled the firm. Operations were forced to a standstill due to the reliance on US technology. Huawei has never been as dependent on the US, though it seems the lessons were learned from this incident.

The big question is what impact a ban would have on the quality of its products.

Huawei might preach the promise of its own technology and the new suppliers it will seek/has sought, but there is a reason these 33 US companies were chosen in the first place. Either there is/was a financial benefit to Huawei in these relationships, or they were chosen because they were best in class.

Huawei is a commercial organization after all, it wants to make the best products for the best price. There will certainly have been compromises make during these selections, either paying more for better or sacrificing some quality for commercial benefits, and having to make changes will have an impact. Huawei, and its customers, will have fingers and toes crossed there is no material impact on the business.

The other aspect to consider is disruption to operations. ZTE found out how detrimental dependence on a single country can be, and while Huawei has mitigated some of this impact, it remains to be seen how much pain could be felt should the ban be fully enforced. Might it mean Huawei is unable to scale operations in-line with customer deployment ambitions? Could competitors benefit through these limitations? We don’t know for the moment.

The ban on selling in the US might sound better when reeling off headlines, but don’t forget about Huawei’s supply chain. We think there is much more of a risk here.

Huawei hints at legal retaliation to Trump executive order

US President Trump has issued an executive order calling for major restrictions on technology suspected of assisting ‘foreign adversaries’.

In the Executive Order on Securing the Information and Communications Technology and Services Supply Chain Trump states that he reckons “foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services.” In response to that perceived threat he is empowering state officials and agencies to take pretty much whatever prohibitive action they deem necessary against any companies they consider to be under the influence of said adversaries.

On one level this is merely an official confirmation of the position the Trump administration has had on this sort of thing for a while. But it’s also a distinct call for escalation and actively encourages state agencies to be more aggressive in their response to these threats and seems to absolve them of any responsibility to present evidence of wrongdoing before acting.

The words ‘China’ or ‘Huawei’ don’t appear anywhere in the executive order, but it’s pretty clear it’s a response to the ongoing issue of Huawei’s suspected ties to the Chinese state. Of course Huawei has spent the past few months repeatedly denying the allegations, but the US position has if anything hardened and there doesn’t seem to be any more the company can do to prove its innocence.

We received the following statement from Huawei in response to the executive order: “‘We are the unparalleled leader in 5G development. We are ready and willing to engage with the US government and come up with effective measures to ensure product security.

“Restricting Huawei from doing business in the US will not make the US more secure or stronger; instead, this will only serve to limit the US to inferior yet more expensive alternatives, leaving the US lagging behind in 5G deployment, and eventually harming the interests of US companies and consumers. In addition, unreasonable restrictions will infringe upon Huawei’s rights and raise other serious legal issues.”

Most of that has been publicly said by Huawei before, but the final sentence definitely hints at a formal legal response. Huawei has already opened one legal front challenging the legality of the sales restrictions already in place. Assuming US state agencies accept Trump’s invitation to act against it, Huawei may move to question the legality of the executive order itself.

Trump’s hand is hovering over China executive order

President Trump is reportedly on the verge of signing an executive order effectively banning Huawei, and other Chinese companies, from providing any products or services in the US market.

According to Reuters, the signing of the order could happen as soon as this afternoon (Wednesday 15 May) although no companies will be named specifically. It is believed US companies will be banned from purchasing any telco equipment from vendors who are deemed a threat to national security.

The vagueness of the report is perhaps down to the fact the news is not official just yet, although it might well be designed that way in the document. Intelligence agencies will presumably be requesting as much freedom from bureaucratic shackles as possible; vague language in the executive order might be by design.

The White House will allegedly use the power of the International Emergency Economic Powers Act, which offers the President the luxury of regulating commerce in response to national security concerns.

The executive order certainly comes at a sensitive time, with both the US and China on edge as trade talks have stagnated. The toing and froing over trade tariffs look set to escalate once again, with the reprieve from the threat of global trade war looking to be over.

President Trump has been suggesting talks are still on a steady path through Twitter, but many commentators believe the two superpowers are at odds with each other. Following the Chinese decision to impose tariffs on $60 billion worth of US goods starting in June, the White House is supposedly preparing a new list of $300 billion worth of Chinese imports that would be hit with tariffs of up to 25%.

The executive order, should the rumours prove to be true, could be fatal blow to the trade talks. Huawei is the telco champion of China, the poster boy of Chinese dominance in the technology world. Although Huawei will not necessarily be losing any significant business as a result of the order, it is a symbolic gesture.

While this executive order should come as little surprise, the world should ready itself for further escalation of a trade war between the two economic superpowers. Collateral damage could certainly be notable, especially in Europe where governments have been resisting US pressure to act against Huawei specifically.

Chinese spying law, no idea what you mean – Huawei Chairman

Huawei Chairman Liang Hua is the latest to enter the fray to defend the principles and reputation of the telco vendor, this time questioning the legitimacy of accusations.

Speaking during a roundtable session in the wings of Huawei’s latest London event, Hua gave a measured representation of the firm. Once again, Hua put forward the idea of assessing technology and security on merit and evidence instead of political rhetoric, but the Huawei boss also questioned the legitimacy of accusations levelled at the vendor.

“When we are operating globally we are committed to be compliant with regulations in that country,” said Hua.

This is one of the statements which Huawei executives have used consistently through the saga. Huawei is a global organization with customers in more than 130 countries. It operates in utter compliance with local laws and regulations, otherwise it would undermine customer confidence and validity of the firm in that market. Anything aside from compliance would destroy its own business and doom the firm to failure.

This statement is all well and good, though many will still wonder with caution. There is after all a Chinese law which forces companies to adhere to the demands of the government.

Or is there? Hua is adamant there isn’t.

“Chinese officials on many occasions have stated there are no laws which require enterprises to collect information for the government,” said Hua. “So far, we haven’t received any requests of this kind from any department.”

The denial goes all the way to the top as well. Back in March, Premier Li Keqiang firmly denied the government would, or has, forced Chinese companies to assist it in intelligence gathering activities.

“This is not how China behaves,” said Keqiang. “We did not do that and will not do that in the future.”

Technically, Hua is correct in denying the law exists explicitly. There are no such laws written to suggest Huawei, or any other Chinese firm for that matter, would have to relay information to the Chinese government or insert backdoors into software. It isn’t in concrete language.

However, there is a law which requires Chinese firms to ‘co-operate’ with state departments for ‘intelligence activities’. The way in which it is written is suitably vague enough to ensure wiggle room on both sides. In theory, the government could compel Huawei to assist, however, there are also safeguards built in to prevent ‘abuse’.

Under Chinese law, government departments are banned from forcing a company from acting against ‘legitimate’ or ‘legal’ interests. Technically, if it is bad for business or illegal in the country of operations, Huawei can refuse the request from the government.

There might be some who still don’t believe this position, questioning the nuance of language. However, Hua has endorsed recent statement from founder Ren Zhengfei, where the media-shy former executive promised to shut down the company if he or any employee was forced to act as a puppet of the Chinese state.

Whether anyone actually believes this statement is down to personal opinion, but always remember, shutting down Huawei would cause as many problems as it solves. Huawei is renowned for its post-sale customer service, and any vendor would have to prove its customer support credentials for the lifecycle of products it sells. If the company just shut down, all of Huawei’s customers would be on their own, attempting to maintain products in the wild when they do not have the personnel to do so.

Opinions on how deeply embedded Huawei is in the Chinese government’s pocket vary quite wildly, though it is always worth remembering the facts instead of being swept away in the political rhetoric. There is a law which compels Chinese companies into acting on behalf of the government, but there are also clauses which mean the company can refuse to do so if said actions would mean breaking the law in that market.

Huawei is a company which is in a sticky position right now. Of course, there are still markets where the firm will make billions, but there are others where the risk of limited operations or being completely shut out is present. The question is what approach will these precarious markets take?

“Cybersecurity is indeed an important element,” said Hua. “We are happy to see the cyber security issue raised and we believe it is a technical issue at the core.

“The UK government has established a good mechanism to identify and mitigate risks.”

This is the approach Huawei has been pleading with governments around the world to take. Speaking in Shenzhen last month, cybersecurity boss John Suffolk told an audience of journalists Huawei had passed every security and resilience test which had been presented to the firm.

“Being a Chinese company means the spotlight will always be on you in some places, that is not our fault but something we will deal with,” said Suffolk.

Huawei is attempting to move the conversation back to technology. If it remains in the realms of politics, it will lose. Such is the political power of the US, eventually trade partners will crack. But this also leaves the UK in a very sticky position. It is reliant on the ‘special relationship’ which is so frequently brought up, but the silk road is lucrative.

Unveiled at the same London event, an Oxford Economics report suggested Huawei has a £1.7 billion impact on the UK economy. This is through direct employment and tax, indirect employment through its supply chain and also induced impact from the money spent by those employed directly and indirectly. Critically, Huawei also inspires a notable amount of R&D in the UK.

While the £1.7 billion contribution to the national economy is only 0.01% of total GDP, the £112 million R&D expenditure in the UK during 2018 accounted for 0.3% of the total in the UK. Huawei is punching above its weight from a monetary contribution, and the 35 partnerships with UK universities is also a factor to consider. Increasing R&D investments across the country is a key ambition of the UK government, therefore it will want to tread carefully around Huawei.

Another factor to consider is the direct investment made by Huawei in the UK. It currently employs 1600 employees in the UK, each contributing 3X more to the economy (tax, output, expenditure etc.) than the average UK employee. Most importantly however, this is an industry with further room for growth, which doesn’t displace any UK business.

The more successful Huawei is, the more success is brought into the UK economy and society, should current investment trends continue. However, Huawei’s direct competitors are Swedish and Finnish. These companies do have operations in the UK, though the displacement effect will be felt more in the Nordics than here.

Although the final decision from the UK’s supply chain review is due to be released in the next couple of weeks, you can see why the investigation has taken so long. There are plenty of moving parts to consider and, while it should not be considered a silver bullet, Huawei’s presence and investment in the UK means a lot to the economy and society.

Why unlocking 5G’s value depends on its security periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Michael Downs, Director Telecoms Cyber Security, EMEA at Positive Technologies, looks at the security concerns that need to be addressed as we roll out 5G.

With the recent launch of commercial services in the US and South Korea, it looks as though 5G has finally arrived. Its promises of superfast connection speeds, ultra-low latency, and greater capacity represent huge opportunities for operators to transform their businesses, allowing them to offer new services and generate revenue through previously unavailable means of monetisation.

But, as with the introduction of any new technology, these opportunities will inevitably be accompanied by risks. Some of these will be known already, inherited from legacy network infrastructure, while others will be entirely new. For 5G deployments to deliver on their transformational potential, operators must take steps to identify and mitigate these risks.

Known vulnerabilities

To help expedite the implementation of the first 5G networks, 5G-NR radio layers will typically be coupled with the existing 4G/LTE network in the short term. However, while this will have the advantage of speeding up testing and deployment, it does mean the first 5G networks will inherit the same vulnerabilities as their predecessors.

Take, for example, Diameter, the IP-based signalling protocol used in telecommunication networks to transmit service data. Every Diameter-based 4G network examined in a recent security audit was found to contain vulnerabilities which hackers could exploit to perform a range of illegal actions, such as locating users, intercepting SMS messages, and instigating denial of service (DoS) attacks. It stands to reason, therefore, that as long as they’re tied to these LTE networks, every 5G network will also be similarly vulnerable to Diameter exploitation.

Fortunately, the familiarity of these vulnerabilities works in operators’ favour. It’s known, for example, that most of these flaws are related to a combination of misconfigured or vulnerable network equipment and fundamental issues in the Diameter protocol itself. The GSMA, for example, references Diameter interconnect security in its 5G Implementation Guidelines. It recommends an integrated approach to tackling it, made up of regular analysis of mobile network security, continuous monitoring and analysis of signalling messages crossing network boundaries, and real time attack detection systems.

It’s hoped that these precautions will become academic in time, once 5G is eventually uncoupled from 4G/LTE. Standalone 5G networks, on the other hand, will present their own unique security challenges.

New opportunities, new risks

One of the many new revenue streams offered by 5G lies in the practice of network slicing, in which portions of a 5G network are partitioned and delivered “as-a-service” to suit specific customer segments and use cases. However, while it will increase speed and enable operators to offer a wider range of monetizable services to their customers, network slicing will make network management significantly more complex. In doing so, it will add to the existing issue of incorrectly configured core networks; an issue which continues to plague the telecoms industry.

Its potential unlocked by 5G’s speed and low latency, the Internet of Things (IoT) represents another significant new revenue stream for operators. Indeed, with 20 billion “things” expected to be connected to the internet by next year, the majority of subscribers to 5G networks are likely to be IoT devices rather than people. But, with the number of attacks on IoT devices continuing to rise, this huge opportunity brings with it its own risks.

The fundamental issue is that IoT device protection tends to be poor. It’s impossible to change default passwords in many devices, for example, and patches or updates are rarely available for built-in security software. Vulnerable to exploitation, the distribution of malware among these devices is therefore easily scalable.

Security from the start

Faced with security challenges such as these, operators and equipment manufacturers alike have a unique chance to avoid repeating the mistakes of previous generations, where network security issues had to resolved on the fly in active infrastructure. Acutely aware of the vulnerabilities that may lay ahead, they can – and should – be building security provisions in from the start, during the development of any new network technology.

After all, the huge amount of investment into the development of 5G networks requires some form of insurance. It stands to reason, therefore, that operators must think of how to ensure the security of these next-generation networks from as early a stage as possible. They should consult experts in information security throughout the development of any new technology or services, for example. And following deployment, as well as ensuring that solutions such as firewalls and intrusion detection systems are in place, it’s important that operators continue to perform regular ongoing security testing.

The advent of 5G offers a wealth of new opportunities for telecoms operators. But any excitement must be tempered with caution. Vulnerabilities exist in legacy infrastructure, and new developments will reveal more over time. Mitigating these risks requires security at every stage of a 5G network’s deployment, from architecture development to the implementation of specific services. Putting robust infrastructure security in place from an early stage will help operators ensure the reliability of their service, protect their users, reduce reputational risks and financial losses, and avoid regulatory claims.

As we enter the 5G era, using security as a criteria for quality will give operators a competitive edge.


Michael Downs PositiveMichael Downs has been assisting telecoms and mobile providers address the business impact from cybersecurity risks for nearly 20 years. At Positive Technologies, he works side by side with the penetration testing team and research specialists to help mobile network operators globally audit cyber-risk, identify threats, and deploy the correct countermeasures. He also helps network operators address core infrastructure through to RAN and signaling vulnerabilities, which enables them to protect their valuable brand, drive operational efficiencies, and provide additional revenue streams.