Security discussion needs to be bigger than Huawei – Vodafone UK CTO

Huawei is an obvious risk when you are assessing the vendor landscape, but to ensure supply chain resilience and integrity, focusing too narrowly on one company poses a bigger risk, according to Vodafone.

It might be easy to point the finger at China, but according to Vodafone UK CTO Scott Petty, this is a dangerous position to take. Despite a lack of evidence to suggest backdoors are being built into Huawei products, the world is determined to find one, but in reality, there isn’t a single company in the vendor ecosystem which can justifiably state they are 100% secure. This is the world we are living in; risk is everywhere.

“The discussion about Huawei is all managing the risk appropriately,” Petty said at a briefing in Central London.

Risk is a big topic at Vodafone UK right now, and this is clear when you look at how the vendor ecosystem is being managed.

On the radio side of the network, of the 18,000 base stations Vodafone has around the country, Huawei equipment accounts for 32% of them, Nokia 12% and Ericsson taking the remainder. Interestingly enough, Nokia equipment is being phased out in favour of Ericsson. For transmission, this is split between Juniper, Cisco and Ciena, while Cisco is responsible for the core. With this blend of vendors, and appropriate security gateways between each layer of the network, Petty feels Vodafone is managing the risk very appropriately.

And while some might suggest having this much exposure to Huawei might be a negative, Petty argues radio is such low risk it shouldn’t dictate play. You have to take into consideration the risk/benefit equation.

When assessing risk, Vodafone (working with the National Cyber Security Centre) considers two possible scenarios. Firstly, what is the risk of a nefarious actor leaching data from the network, and secondly, taking down the network. On the radio side of things, the exposure is very low.

Firstly, Vodafone has 18,000 base stations throughout the UK. Should one of these base stations be compromised, only the traffic going through that base station would be at risk. This will be a fraction of the total, devices will be handed off to other base stations as people move around, while the clear majority of internet traffic is encrypted nowadays. The likelihood of a nefarious actor trying to bleed valuable insight in this manner is low.

Secondly, even if one of these base stations is taken down by the external wrong-doer, this is only one of 18,000 base stations. To have a material impact on Vodafone’s network, hundreds or even thousands would have to be impacted simultaneously. This is not inconceivable, but highly unlikely. As Petty mentioned, its all about evaluating and minimizing risk.

This is where the discussion becomes incredibly complicated. Huawei is one of the leading names (if not the leader) in the radio segment, ignoring such a vendor is a difficult decision to make as a technologist; you always want to use best in class.

For transmission, another area Huawei would be considered a leading name, the risk has been identified as medium. You would still need a lot of compute power to crack the encryption software, but Vodafone have decided to steer clear of Chinese vendors here.

Finally, onto the core, the most important part of the network. Petty pointed to O2’s issues last year, where a suspect Ericsson node effectively killed the entire network for a day, to demonstrate the importance of this component. Cisco is the vendor here, but this leads us onto the dangers of a such a narrow focus on security.

When looking for signs of a telco vendor assisting a government for intelligence activities, there is arguably only one piece of concrete evidence to support such claims. Edward Snowden produced this evidence, proving Cisco was aiding the NSA for its own spying agenda. This is the reason we suspect the US is so convinced China is spying on the rest of the world; the US government is doing the same thing and therefore knows it is technologically possible.

We are of course not accusing Cisco of aiding the US government in this manner at this moment, but such is the sophistication and technological capabilities of those on the dark web, no company should consider themselves 100% secure. They have their own supply chains which could be vulnerable at some point. The complexities of this ecosystem mean nothing is 100% secure, therefore it comes down to risk assessment, and also the mitigation of risk through layers of security, gateways and encryption.

For Petty, the establishment of Huawei’s European cyber-security centre is a step in the right direction, though he would want the European Union to play an active role in its operations and for the net to be cast wider, considering all vendors. As mentioned before, too much of a narrow focus on one area heightens the risk in others.

However, the talk of a Huawei ban would be a disaster for everyone involved.

“We don’t think a complete Huawei ban would be a proportionate response,” said Helen Lamprell, Vodafone UK’s General Counsel & External Affairs Director.

If risk is appropriately managed and mitigated, business can continue as usual. Policy decision makers have to realise there is no such thing as 100% secure. A broad-sweeping ban on Huawei would be disastrous not only for Vodafone UK, but everyone in the connected economy.

Firstly, you have to think of the cost of removing all Huawei equipment. This would cost hundreds of millions and take a considerable amount of time. This would delay the introduction of 5G and fundamentally undermine the business case for ROI. It could set 5G back years in the UK, not only for Vodafone but the whole industry.

The supply chain review is currently working its way through the red maze of UK government, and while the certainty needs to arrive sooner rather than later, getting the review right is better than speed.

The message from Vodafone this morning was relatively clear and simple; the Huawei risk can be managed, but an outright ban would be disastrous.

Competition is a problem, removing Huawei could be disastrous – Vodafone CEO

With all eyes in directed towards Mobile World Congress this week, Vodafone CEO Nick Read took the opportunity to vent his frustrations.

Competition is unhealthy, accusations are factually suspect, protectionism is too aggressive, the trust with customers has been broken, collaboration is almost non-existent. From Read’s perspective, there are plenty of reasons the 5G era will be just of much of a struggle for the telcos as the 4G one.

And of course, it wouldn’t be a telco press conference if there wasn’t a reference to Huawei.

“I would like a new contract for the industry, I want to go out and build trust with consumers and businesses,” said Read. “This will require us to engage government and build the vision of a digital society together.”

Read has reiterated his point from the last quarterly earnings call, there needs to be more of a fact-based conversation around the Huawei saga. There is too much rhetoric, too much emotion, and perhaps, too much political influence.

Huawei is the punching bag right now, but any ban or heavy-handed response to US calls for aggressive action would be a consequence for everyone.

As Read points out, Huawei is a significant player in almost everyone’s supply chain, controlling roughly 28% of mobile infrastructure, while Nokia and Ericsson also have market share in the 20s. Removing one of these players from the market will further compound a problem which plagues the industry today; the supply chain is too concentrated around a small number of vendors.

There simply isn’t enough diversity to consider removing a key cog to European operations.

Of course, you have to consider the status quo. The US is happy to ban Huawei as it has never been a significant contributor to its infrastructure. Should the same ban be enforced in Europe, negotiations would be de-railed, and operations disrupted. Read suggests this would set 5G plans back by two years across the bloc.

The issue here is of confidence to invest. Why would telcos enter into deep negotiations when future conditions have not been set in stone. This is already evident in Vodafone’s decision to pause work on the core with Huawei; delaying these important initiatives could push Europe further behind global 5G leaders. Telcos need confidence, certainty and answers. The longer reviews go on, the more precarious the situation becomes.

This is one of the many challenges the industry is facing. There is an ‘us versus them’ mentality when it comes to telcos. Read is referencing the relationship with regulators and government, suggesting a lack of collaboration which is negatively impacting the ability to operate, but it is also evident in the relationship with the consumer and competitors. Collaboration is a key word here.

One example of collaboration is in the UK where the National Cybersecurity Centre effectively monitors Huawei equipment. This model could be rolled out across Europe, though Read’s stressed the point that there would have to be a harmonised approach. Fragmentation is the enemy here, and it would stifle progress. If there is a European level of monitoring, or even if it is taken down to nation states, it doesn’t actually matter as long as it is consistent.

The Huawei ban is set to become one of the talking points of this years’ MWC, that is not necessarily an idea anyone will be surprised about, but what we are not sure about is the disruption. Will it slow 5G development? Has the uncertainty already slowed 5G development? Will the anti-China rhetoric, dilly-dallying and confusion kill Europe’s ambitions in the global digital economy?

Our supply chain won’t tread the ZTE path – Huawei CEO

One of the biggest stories of the year, and one of the major catalysts of the US/China trade war, was ZTE’s brush with extinction, but Huawei thinks it’s robust enough to withstand the US economic dirty-bomb.

During the Summer, ZTE was caught violating US trade sanctions with Iran and subsequently was banned from using any US products or IP within its supply chain. The move from the US almost destroyed ZTE, with the company ceasing operations for a couple of weeks, but Huawei’s Rotating CEO doesn’t think his firm would be under the same risk.

“We all know the ICT industry highly depends on a global supply chain,” said Hu. “And Huawei is no exception. Today we have 13,000 suppliers in our supply chain. Companies coming from Japan, US, Europe, China and many other countries in the regions. Take this year for example, our annual procurement spend would be 70 billion dollars.”

With CFO Meng Wanzhou currently on bail in Canada, Huawei is facing questions it probably doesn’t want to answer. The connection with Skycom looks to be much closer than some US financial institutions were led to believe, suggesting Huawei has been violating US trade sanctions with Iran. Should the US take the same action as it did with ZTE earlier in the year, Huawei could face the same ban on US exports.

The issue with ZTE was its dependence on the US for its supply chain. Huawei will also have the US feature prominently through its own supply chain, but Hu is confident it would stand up to any potential punishment dished out by the US.

“We take a diversified supply strategy,” said Hu. “That means we have a multi-sourcing strategy.

“We look at multiple choices in terms of technology solutions, and we also have multi-location supply networks. At the same time, since we’re working together with hundreds of telecom operators in the world, and also, we are serving a significant number of enterprise customers, so we look at the full lifecycle support that is needed and build up our stock of spare parts and components to ensure support across the product lifecycle.”

The company is also working to produce its own alternatives to some technologies which might not be able to be replicated elsewhere. A prime example of this is the Android mobile operating system.

As it stands, should the US impose a ban on Huawei its smartphones and wearable devices would be relegated to the role of doorstop. With this in mind, Huawei is attempting to create its own mobile operating system. It will probably be no-where as good as what the Android OS can offer, others such as Samsung have tried and failed, but it is certainly better than nothing.

Being banned from using US components and IP would certainly be a negative for Huawei, and it certainly isn’t a scenario which is out of the question, but Huawei seems to be in a better position than the suspect ZTE.

Telcos fighting back against vendor strangle hold

The balance of power has been firmly in the hands of the vendors for years, but now we are witnessing the telcos aggressively pushing back and wrestling for control of their own fate.

This is not a battle which can be won over night, it is a war of attrition which will be fought quietly. There will of course be passive aggressive comments, you can expect bold statements and it wouldn’t be the telco space without hollow promises of evolution, but what we are now witnessing is the slumbering telcos emerge from the shadows.

Throughout the keynote sessions and pre-conference workshops at this year’s Big Communications Event in Austin the battle lines are being drawn. The Open Networking Foundation spoke about a reconstruction of the supply chain, AT&T’s Melissa Arnoldi talked up the telcos white box dream, Reliance Jio’s President Mathew Oommen boasted about in-house developments, while Telstra’s Jim Fagan cooed over the benefits of open source. All of these comments indicate the telcos are trying to wrestle back control of the industry.

This is the complicated situation the telco industry has evolved to. For years the operators have found themselves searching for innovation externally. The likes of Huawei, Intel or even Ericsson on occasion held the trump cards, dictating the terms of the relationship. This is still the case as it stands, but the telcos are seemingly not going to sit quietly and do what they are told anymore.

Open source projects are key here, as is the disaggregation of software and hardware, alongside a operational model which allows for innovation and experimentation in-house. This is not to say proprietary solutions will disappear, but they will have to settle into their own place. Another critical factor is the attitude of the operators. Slowly we are starting to see a backbone emerge, challenging the status quo, and wrestling the balance of power back into the buyside camp.

Of course it will not be the smoothest of roads. The separation of software and hardware is an excellent example of where we are likely to see some resistance. The status quo leans towards vendor lock-in, and subsequently guaranteed business for the vendor. The new world of disaggregation offers flexibility and empowerment for the operators, and an entirely new business model for the vendors. The question is who will embrace the change and who will resist. Samsung has been making encouraging comments, but how much substance there is remains to be seen.

A healthy industry is one where the balance of power is evenly distributed through the ecosystem. This is not the case in telecoms, but the right noises are certainly being made. Hopefully there will be action to back-up the claims and power-plays being made by the operators.

Could Trump be the ZTE saviour?

The threat of extinction for ZTE was realistic as it seemed the US was gaining the upper hand in the apparent US/China trade war, but President Trump might prove to be an unlikely hero for ZTE.

Only a couple of days after ZTE announced it was ceasing all major operations as a result of the US ban shattering the firms supply chain, Trump revealed in a couple of tweets he and President Xi were working alongside each other to turnaround fortunes. Few would have predicted this turn of events, but the Trump presidency has been anything but predictable to date.

What this actually means remains to be seen. Details are expectedly light, but Trump has called the US Department of Commerce into action to save the troubled telco vendor. The Department of Commerce has not made an official comment as yet, but what might be expected are tighter restrictions on ZTE.

This is part of what makes the situation complicated. The threat of expulsion and restrictions was not enough to keep ZTE honest the first time around, so what the Department of Commerce can do this time is not known for the moment. Both parties are heading into waters unknown for the moment, but perhaps this will be a bit of a wake-up call for ZTE.

Certain aspects of the ZTE business need to remain reliant on the US, but it has been reported that 80% of the business is. ZTE’s relationship with Google is pretty much unavoidable, such is the dominance of Android on the OS world, but allowing such a dependence everywhere else to develop over time now looks like a ridiculous development.

While Trump coming to the saviour of ZTE might have surprised some, it could prove to be an inspired move. The President now seemingly has the upper hand at the negotiating table with the Chinese government; the US can now effectively decide the future of the business. That is a powerful card to hold.

ZTE fears for its very survival following US export ban

Following the decision from the US government to activate the Suspended Denial Order, ZTE has hit back with the threat of a lawsuit, claiming the order not only threatens its own survival but that of its suppliers.

While the order might have had the objective of knee-capping a specific Chinese company, the fallout has also sent shockwaves through the US technology scene. Companies like Acacia Communications, Oclaro and Lumentum Holdings, all of whom are US companies reliant on ZTE as a major customer, have seen share prices plunge. The US government might have hit bullseye when it comes to tackling ZTE, but the friendly-fire has been spraying all over the country.

“The Denial Order will not only severely impact the survival and development of ZTE, but will also cause damages to all partners of ZTE including a large number of US companies,” ZTE said in a statement. “In any case, ZTE will not give up its efforts to resolve the issue through communication, and we are also determined, if necessary, to take judicial measures to protect the legal rights and interests of our Company, our employees and our shareholders, and to fulfil obligations and take responsibilities to our global customers, end-users, partners and suppliers.”

It is difficult to get a handle of the damage which has been done at ZTE primarily because there are so many moving parts and a huge number of possible scenarios. The loss of customers in the US is only the tip of the iceberg, ZTE is huge reliant on US technology and intellectual property. Some estimates say 80-90% of ZTE technology is reliant on some form of US input, while Qualcomm supplies around 70% of the chips used in its smartphones.

This is devastating for ZTE. Who knows how long recrafting the supply chain to make sure there are no US components involved would take. It is a task which has probably never been undertaken before.

That said, the lobbyists in Washington must be hammering the front door of the White House. Anti-China sentiment has been a long-standing tradition of US governments, but this order takes the stakes up who-knows how many levels. In trying to cripple a Chinese beast, the White House has possible resigned hundreds, if not thousands, of employees to the dole queue within its own borders. Acacia Communications, Oclaro and Lumentum Holdings are the three companies who have been hit hardest, but there will of course be dozens of firms who are less reliant on the firm, though the order will still have a material impact on the business. ZTE is after all one of the world’s largest telecommunications vendors.

Legal action will potentially follow, though ZTE might be able to negotiate its way out. Judicial action does not necessarily mean lawsuit, there will be steps to take before this point is reached, including an appeal. Before too long, assume the Chinese government will wade into the mediation mess, while ZTE will be calling on its US suppliers for backup as well. That said, don’t expect the US to have a sympathetic ear. The US government is going to try and make an example of ZTE as it flexes its muscles over China