The Government have found themselves between a rock and a hard place, facing a decision between spiralling costs and high security. We have serious concerns about establishing such a fundamental part of our digital infrastructure with Chinese-owned technology. Any and all our concerns and doubts about the impact it could have on the security and autonomy of our data must be answered beyond reproach before such a risk is taken with our vital national infrastructure. To ensure that, the Government should conduct a full independent review and assessment in collaboration with allies in the Five Eyes.
Ensuring our grasp on the information and capabilities reliant on 5G technology is pivotal in exploiting the benefits and power that it undoubtedly offers, as well as in protecting ourselves from it. We have heard a lot about the threat of back doors in Huawei hardware and software that would allow it to be controlled remotely from outside the UK. Of course that is a legitimate concern, but the bigger issue is the more systematic security failings in the software that could be remotely exploited.
The 2019 report of the board that supervises the Huawei Cyber Security Evaluation Centre said that Huawei lacks “basic engineering competence” and brings a
“significantly increased risk to UK operators”.
The board could give “only limited assurance” about the ability for risks to be managed.
Another risk is that equipment providers usually have automated authorised remote access to their hardware to provide support to carry out a managed services contract, with the equipment requiring regular software security updates and bug fixes. There is a lot of outsourcing in the sector, including to Huawei, with further potential for security breaches.