Britain can handle the security risks involved with using mobile networks made by China’s Huawei, the cybersecurity chief said Wednesday, adding to a growing debate among countries on whether the company should be banned, as the U.S. wants.
Ciaran Martin, the CEO of the U.K. National Cyber Security Center, said it was important to have “sustainable diversity” in the supply of telecommunications equipment. He added that his agency could handle the challenges involved in monitoring suppliers who many not be considered trustworthy — a hint at Huawei.
Huawei, the world’s biggest maker of switching gear for phone and internet companies, has faced rising scrutiny over U.S. allegations that it could be forced by the Chinese government to provide access to consumer data on its networks.
As countries roll out new high speed fifth generation, or 5G, mobile networks, they are seeking suppliers and the issue of whether to ban Huawei has become a heated debate.
Some frame it as a cold evaluation of the technical risks. Others see it as part of a broader tussle between the U.S. and China for technological dominance. The U.S. has effectively blocked Huawei for years and is accusing China of stealing technology from foreign companies.
U.S. government officials including Vice President Mike Pence publicly warned European allies against using Huawei during a visit last week.
Authorities and telecom operators in countries such as Germany, Norway and the Czech Republic have been reassessing Huawei’s role in 5G networks while Australia, New Zealand and Japan have already moved to curb the use of its gear to varying degrees.
Experts say Huawei networks are generally cheaper than those of competitors and are of a high quality, making it a difficult decision for governments and telecom operators to shun the supplier altogether. Banning Huawei could also delay the rollout of 5G networks, which are considered necessary for the next generation of internet-connected things, from self-driving cars to smart factories.
The British government is due to complete a review of its policies on the safety of 5G in March or April.
Martin said no decisions have yet been made and “everything is on the table.”
Since 2010, the British government has operated a cybersecurity evaluation center for Huawei equipment, which Martin said was part of “the toughest and most rigorous oversight regime in the world” for the company.
“And it is proving its worth,” he said, according to a transcript of a speech he gave at a conference in Brussels.
The cybersecurity center in July identified technical issues in Huawei’s engineering processes that could make it less safe. Huawei said last month that it would take three to five years to fix the problems.
Martin said the issues his agency identified relate to cybersecurity standards and are “not indicators of hostile activity by China.” He told reporters that mistakes in software are the biggest issue for cybersecurity, more so than the risk of a foreign government getting backdoor access.
Huawei competes with a few big rivals, notably Finland’s Nokia and Sweden’s Ericsson, to supply equipment for 5G networks.
Martin said it’s important not to let the telecom equipment supplier market shrink too much.
“Any company in an excessively dominant market position will not be incentivized to take cybersecurity seriously,” Martin said, adding that such a company could be a “prime target for attack for the globe’s most potent cyber attackers.”
In a sign of Britain’s division over 5G, a security think tank warned the same day against using Huawei gear.
“Allowing Huawei’s participation is at best naive, at worst irresponsible,” the Royal United Services Institute said in a report, which cited factors including the difficulty of finding hidden “back doors” in software.
Germany is still undecided on what to do. It has made clear it doesn’t plan to explicitly bar any single manufacturer, though that leaves open the possibility it could frame system requirements in a way that effectively excludes Huawei.
Officials are wary of the security issues that could arise with Chinese involvement, and the German Interior Ministry said Wednesday that internal discussions were still ongoing on how to proceed.
“A direct exclusion of a particular manufacturer from the 5G expansion is at the time not legally possible and also not planned,” the Interior Ministry told The Associated Press. “For the Interior Ministry the focus is on adapting the security requirements of the telecommunications network in such a way that the security of the network remains guaranteed, including from possibly non-trustworthy manufacturers.”
The ministry said for that to be ensured, the requirements must be anchored in Germany’s telecommunications law, and discussions on how to do that are currently ongoing.