UK to approve Huawei for non-core parts of 5G networks as spy chief details how it gain a cyber security ‘license’

The UK has reportedly taken a position on the use of Huawei equipment for the nation’s 5G networks, limiting the Chinese vendor to "non-core" parts of the nation's commercial mobile networks. 

The decision, which appears to have been leaked to the UK’s Daily Telegraph, came as representatives from the Five Eyes intelligence agencies for the first time shared a stage in the UK as part of public trust-building campaign. 

Representatives from each of the nations’ spy agencies spoke at the UK NCSC’s conference this week. Australia’s representative was Scott MacLeod, first assistant director-general of Protect, Assure & Enable from the cyber security division of the Australian Signals Directorate. 

The UK reportedly plans to allow Huawei to supply components for non-core parts of the network such as antennas. 

However, Jeremy Fleming, director of UK spy agency GCHQ today said the UK’s official position would be announced once the review of the UK's options has concluded. 

Australia’s and New Zealand’s governments have banned Huawei equipment from commercial 5G networks, while the US has banned federal agencies from purchasing its equipment. 

There is concern over China's national security law that requires companies that are headquartered there to help intelligence agencies when asked.  

The UK created the Huawei Cyber Security Evaluation Centre to vet the company’s source code. The country's plans to allow Huawei equipment in “non-core” parts of a commercial 5G network comes to despite a government report in March detailing major flaws in its software development processes.

The "core" of a mobile network would include functions such as billing, deploying services to the right customers, and routing packets of data.

Mike Burgess, the director-general of the Australian Signals Directorate, last October said the “distinction between core and edge collapses in 5G networks”, ending Australia’s ability to protect sensitive information by restricting “high risk” vendors to the edge.  

Ian Levy Technical Director of the UK’s National Cyber Security Centre (NCSC) in February described the shift to 5G as the equivalent to “moving from old mainframes to running stuff in the cloud”, thanks to virtualized network technologies, which blur the distinction between the core and edge of a network in a market that doesn't reward investments in picking secure hardware.  

But he also noted that many things hadn’t changed with respect to "risky vendors". For example, a vendor like Huawei wouldn’t be running a carrier’s virtual core from its own data centre. On the other hand, the UK doesn’t want a risky vendor to provide a carrier’s virtualization technology. 

GCHQ's Fleming said the UK needed to gain the public's trust in order for it to become a powerful cyber actor, noting the country "must have the legal, ethical and regulatory regimes to foster public trust - without which we just don't have a licence to operate in cyber space."

The joint appearance in the UK from Five Eye representatives follows disclosures by Australia and the UK about how and when decides to keep security vulnerabilities a secret.Those efforts are seen as part of a push by Five Eyes intelligence agencies towards greater transparency following the 2013 leaks by Edward Snowden.