07 August 2020

The UK government has announced a series of measures to remove China’s Huawei tech from the UK’s 5G mobile networks. 

It will ban domestic mobile providers from buying new Huawei 5G equipment after the end of this year and they will have to remove all of its 5G kit from their networks by 2027.

The government had previously said Huawei could be involved in the project but it changed its mind following growing security concerns about China.

However, many in the UK IT arena told Networking+ that the decision was myopic and could have negative consequences.

Gregg Knowles, technology director at plan.com said the decision removes much of the choice previously enjoyed by businesses when it comes to choosing their network provider, and introduces real risk that SMEs must evaluate. “Any CTOs or IT managers who selected Huawei to supply their telecom needs prior to this decision may justifiably feel they have been stung badly,” he added. “It may be the case that with this move, firms’ evaluation of providers will no longer be based on who is technologically or even commercially the best supplier, but will be dictated by which supplier they may be able to do business with long term, and which will definitely be able to fulfil their obligations.”

Paul German, CEO at data security technology provider Certes Networks, described the move as a waste of time, money and resource – at a time when businesses can ill afford the distraction from core business operations.

“Quite simply, the real issue to be addressed is that network security does not equate to data security; the data always needs to be secure, even when the network isn’t and a data assurance solution is all that’s needed to combat the problem,” he said. “Data assurance requires a strict separation of duties between the security and infrastructure teams, to ensure infrastructure choices, such as what we see here with Huawei, do not have the potential to adversely affect the required data security posture. On top of this, regulatory compliance is becoming more complex; each iteration widens the scope for required data security controls and often results in point solutions, added complexity and the loss of network visibility further impacting the agility of the organisation to meet the required data assurance posture.” 

At the heart of the debate is whether the West can trust Huawei or if it will leave its equipment and communication networks and people’s mobile phones vulnerable. 

However, removing Huawei equipment from the networks will have a significant impact on the roll-out of the UK’s 5G technology. The culture secretary Oliver Dowden said it would be delayed by up to three years and with added costs of circa £2bn.

German added that whether one data classification or multiple, organisations can use crypto-segmentation to micro-segment data flows, protecting against the lateral movement of threats whilst also ensuring all data in motion is secure using policy defined and owned by the security team with keys only they have access to. “With a software-defined approach, security teams can retain control of the data security posture at all times, without compromising network performance or the agility needed to meet ongoing goals of the organisation,” he said.