Security – BT and EE to Remove Huawei Kit from UK Mobile Network

Telecoms giant BT (EE) has confirmed that they will remove Huawei’s kit from their core 3G and 4G network within the next 2 years. On top of that they will also exclude the Chinese company from bidding on future 5G contracts (core network only), but it’s unclear if Openreach will adopt a similar policy for fixed line broadband. At present Huawei‘s equipment is widely used in the United Kingdom by various fixed line network suppliers, ISPs and mobile operators.

For example, Huawei supplies lot of the kit for Openreach‘s FTTC (VDSL2) broadband street cabinets and modems. Meanwhile EE has related kit in their existing 4G network and until recently it seemed almost inevitable that they’d also be helping to supply the operator’s future 5G services. Broadly speaking the Chinese company has a strong reputation for building good quality equipment and selling it an affordable price, but over the past few years’ the company has also become the target for some increasingly vocal security warnings from various different countries.

Back in 2013 a report from the government’s Intelligence and Security Committee (ISC) warned UK operators that deployment of broadband and telecoms equipment supplied by Huawei could have “implications for national security” (here), which was despite GCHQ establishing the joint Cyber Security Evaluation Centre (The Cell) with Huawei to examine their kit.

Earlier this year the National Cyber Security Centre (NCSC) took an even tougher line by calling on telecoms firms not to use hardware and services provided by ZTE – a Chinese state-owned enterprise – because of the “potential risks to the UK’s national security” (here). So far Huawei has avoided that same level of concern, but it’s often suggested that recent changes in policy by the Chinese government (i.e. requiring such firms to work with their state intelligence agencies) may have raised the perceived threat level. Previously Huawei has tried to demonstrate some distance between themselves and their government but that is now harder to argue.

The first warning shots came in July 2018 when the Oversight Board for the Huawei Cyber Security Evaluation Centre (HCSEC) said it had identified “shortcomings” in Huawei’s engineering processes, which they claimed “exposed new risks in the UK telecommunication networks” (here). On Monday the aforementioned concerns were followed by a stark warning from the chief of MI6, Alex Younger, who said: “We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken a quite definite position” (e.g. Australia, New Zealand and the USA have taken a very tough line).

A Spokesperson for BT told

“In 2016, following the acquisition of EE, we began a process to remove Huawei equipment from the core of our 3G and 4G networks, as part of network architecture principles in place since 2006. We’re applying these same principles to our current RFP for 5G core infrastructure. As a result, Huawei have not been included in vendor selection for our 5G core.

Huawei remains an important equipment provider outside the core network, and a valued innovation partner.”

BT’s reference to “outside the core network” reflects the seemingly more benign parts of their infrastructure, which for example means that Huawei’s kit will still be used on masts. Some may suggest that this does not go far enough, while others may take the opposite view and warn of protectionism or potential repercussions in relations with China. At this stage BT’s position has only been referenced for their mobile network and it’s unclear whether Openreach plan to adopt a similar stance on their national fixed line network.

However it seems inconceivable that Openreach will go around removing existing Huawei equipment and street cabinets (not core), although it remains to be seen whether future contracts are affected. At the same time it’s worth remembering that no operator can ever completely eliminate the risk of unauthorised access, which goes just as much for Huawei’s kit as it does for the equipment from any other country in the world. As GCHQ said a few years ago, “It is just impossible to go through that much code and be absolutely confident you have found everything.”

UPDATE 1:53pm Huawei has now responded.

A Spokesperson for Huawei said: “Huawei began working with EE in 2012.

As part of this collaboration, we provided EE with a series of innovative and competitive 3G and 4G network solutions, including core network equipment. We have never had a cyber security related incident. Huawei has a robust cyber security assurance system and a proven track record.

Our products and solutions serve customers in more than 170 countries and regions, including major carriers, Fortune 500 companies, and hundreds of millions of individual consumers. We have earned the trust of our partners across the global value chain.”

Leave a Comment6 ResponsesJavascript must be enabled to post (most browsers do this automatically)
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake).

This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session. NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.

You may also like...