The UK government ruled on Tuesday that the Chinese telecommunications giant will not be banned from selling equipment for 5G mobile networks there, although it will face severe limits. The question is: will the restrictions provide the security protections that policy makers want?
The decision is the latest in a series of partial successes for Huawei in the face of increasing pressure from the US government. UU. To block the company from mobile networks worldwide. Washington effectively prohibits operators from using the company's equipment on US networks and has long warned that Huawei could incorporate backdoors into its products that the Chinese government could access, something the company denies it has done or would do. .
The UK measure could put Downing Street at odds with the United States. Earlier this month, Senator Tom Cotton (R-Arkansas) introduced a bill that would ban the US. UU. Share intelligence with countries that allow the Huawei team in their 5G networks. But like Germany and many other countries, the United Kingdom is reluctant to get rid of Huawei, which has a reputation for manufacturing reliable equipment that costs much less than its competitors' products. Basically, the United Kingdom is trying to achieve it both ways, allowing operators to use some Huawei equipment without giving the company full access to its networks.
The United Kingdom said it will ban "high-risk vendors" of the 5G and gigabit "core" fiber network infrastructure, including security systems and authentication features. The equipment will only be allowed on the "periphery" of the network, that is, components such as antennas. Carriers may not use any equipment from high-risk vendors in locations such as nuclear sites and military bases or in security-related infrastructure. And at most, only 35 percent of 5G or gigabit network traffic can pass through equipment manufactured by high-risk providers, and only 35 percent of cellular base stations can include equipment from those providers.
"The government is sure that these measures, taken together, will allow us to mitigate the potential risk posed by the supply chain and combat the range of threats, whether cybercriminals or state-sponsored attacks," the UK Department announced. . The culture says.
Tuesday's announcement did not identify Huawei by name. However, the complementary guidance published by the National Cyber Security Center in the United Kingdom highlights the company as a high-risk provider.
Security experts say that although the measures could help reduce some of the risks Huawei supposedly poses, in practice it will be difficult to separate the "core" team from the team considered "periphery" in a 5G network.
Jimmy Jones, a telecommunications security expert at Positive Technologies, says that the line between the core functions of the network and the periphery becomes blurred as all components become more software driven. As a result, even the simplest equipment can be vulnerable to piracy. Or as UC Berkeley security researcher Nicholas Weaver says: "The & # 39; antennas & # 39; 5G are not just cables, but complex computers that, in their own right, perform great signal processing."
Experts also questioned whether the 35 percent limit on high-risk provider equipment would be sufficient to protect a malicious actor's network. "This decision limits some collection risk at the national level, but would not mitigate the risk of more specific forms of surveillance," says Ryan Kalember of the Proofpoint security company.
Even if a provider can only access 35 percent of the data that passes through a network, it could still carry out sophisticated surveillance on users of a network, warns Sam Curry, chief security officer of the security company of Cybereason information. Because people will move and use In multiple different cellular stations, it is possible to obtain enough information about their relationships and activities with only a part of their data. Even so, operators may want to buy all the components for their 5G networks from a single supplier instead of dividing purchases of central and peripheral equipment. That would make it difficult for any provider considered high risk to achieve a 35 percent presence in the peripheral networks of the United Kingdom.
. (tagsToTranslate) Huawei (t) 5g (t) United Kingdom (t) cybersecurity