It will become illegal for UK telecos to buy new Huawei equipment from the end of this year once a new bill takes effect. Culture secretary Oliver Dowden told the house of commons yesterday that the legislation would also require the complete removal of all Huawei kit from 5G networks by 2027.
The decision followed advice from the NCSC which recommend that Huawei’s post-FDPRA (US sanctions) equipment is not used in the UK at all, as continuing to supply the UK with fixed access equipment will leave the UK exposed to risk. However, it added, “We believe that the substantial negative impact to national resilience should we exclude Huawei from fixed access, due to the shift to a single vendor (Nokia), outweighs the security and resilience risks of their inclusion at this time.”
The NCSC’s mitigation strategy, using the Huawei Cyber Security Evaluation Centre (HCSEC) belonging to Huawei UK, directed by NCSC and overseen by an Oversight Board, may also fall foul of the new US regulations which would make it no longer be viable. The NCSC says it is actively working with Huawei to move HCSEC into a separate legal entity which will not be on the Entity List.
Designing and building its own processors and semiconductors largely independent of US technology or tools within a couple of years “presents a truly herculean task,” and would normally take decades, not months.
A future US sanction could inhibit essential support at short notice, so the NCSC advises operators to have a plan in place to change managed service providers at short notice, and reiterated that the formal exclusion of Huawei from managed services is required.
It also recommended to government that a capability is created within the UK to maintain existing Huawei equipment as part of a broader resilience strategy.
