The former head of Homeland Security has issued a stark warning that US intelligence-sharing with the UK will be harmed if Huawei is used in 5G networks.
Governor Tom Ridge is the former US Secretary of Homeland Security and set up the department following the 9/11 terror attacks.
Speaking in London, Ridge said: “Much of the intelligence sharing is electronic and if you are relying on secure telecoms and they’ve got a front door, well I don’t know how many pigeons can fly across the Atlantic.
“It will affect intelligence-sharing.”
While many believe the “special relationship” between the UK and US has been damaged in recent years, not helped by this week’s leak of private emails from the now-former UK ambassador to the US calling the Trump administration “inept”, the UK remains America’s leading intelligence and military ally in Europe.
The UK is a member of the ‘Five-Eyes’ security relationship which also includes the US, Australia, Canada, and New Zealand. While the US has pressured all of its Western allies to ban Chinese 5G equipment over national security concerns, it’s been particularly keen to see its Five-Eyes partners implement bans.
Governor Ridge said he was surprised that Britain was the only Five-Eyes partner to assess the risks from Chinese 5G equipment as manageable.
Officially, the UK is yet to make a final decision on Huawei. Amid the ongoing leadership race, it will most likely be up to the new prime minister to do so. The remaining candidates, Boris Johnson and Jeremy Hunt, have both expressed their reservations over the use of Chinese equipment in 5G networks and stressed how important they see the US security relationship as being.
Banning Huawei from UK 5G networks at this stage, however, would be costly and damage the nation’s current leadership in the European rollout of the latest generation.
Earlier this week, Telecoms reported that every major carrier in the UK is using at least some Huawei 5G equipment.
“We’ve already started to deploy equipment for when we launch 5G in the second half of the year,” said Three CEO David Dyson. “So if we had to change vendor now, we would take a big step backwards and probably cause a delay of 12-18 months.”
Governor Ridge highlighted the case of Huawei’s 2003 installation of a cyber network in the African Union (AU) headquarters in Addis Ababa, Ethiopia. A few months after, it was noted the network was most active long after staff had left – between midnight and 3am – and that Chinese trade envoys appeared to be suspiciously informed of the AU negotiators’ positions.
A French security company drafted in to examine Huawei’s equipment in the AU HQ found a number of software vulnerabilities had been sending data back to Beijing.
“The employees of Huawei are pretty much public employees even though they’ve got Huawei t-shirts on,” commented Ridge.
Finite State, a separate cybersecurity company, released a recent study that found Huawei devices had an average of 102 vulnerabilities – more than any other comparable vendor – primarily from using “vulnerable open-source and third-party components”.
Huawei has been involved with UK mobile networks for many years and several generations. Concerns of potential influence from the Chinese state have been kept in check through checking equipment at the Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury.
Until last year, HCSEC reported it felt confident that security risks could be sufficiently mitigated. A follow-up report this year slammed Huawei as being slow to address concerns.
HCSEC appeared to share Finite State’s concerns about vulnerabilities in Huawei’s software: “HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation,” the report stated.
The UK maintains any final decision on the use of Huawei equipment will be based on its own national security reviews, but that it values the input of its partners.
“We’ve been through so much together historically that it would be foolish for us not to sit down as friends and allies and challenge each other,” said Ridge.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.