UK government permits high-risk vendors for 5G rollout

The UK government has come to a decision on the lingering issue of Huawei and the roll out of 5G. Originally recommended, back when Theresa May was Prime Minister, the United Kingdom has opted for a ‘middle of the road’ position with Huawei. Despite strong rhetoric from the US against allowing the Chinese firm to supply equipment to the UK telecoms sector for the roll out of 5G.

The UK government announced an infrastructure and security regime which is to be backed by legislation that will apply to the systems being introduced to UK public networks. Today, it released what it claims are the final decisions of the ‘Telecoms Supply Chain Review’.

There will be new restrictions on what the government refers to as ‘high-risk vendors’ in the UK’s 5G and gigabit-capable networks. These so called ‘high-risk’ vendors,’ will also be disqualified from the sensitive core. It was not announced who else was in the group of high-risk vendors, although Huawei is certain. The government confirms on several occasions that “High-risk vendors are those who pose greater security and resilience risks to UK telecoms networks.”

There will be a 35% cap on high-risk vendor access to the non–sensitive aspects of the network. The details, are to be further elaborated, in guidance that will be issued to operators in advance of the legislation.

What is known is that ‘high-risk’ vendors will be have a limited minority presence in terms of the wider network which connects devices and equipment to mobile phone masts throughout the United Kingdom.

The prospect that UK operators may well be able to ‘get around’ the regulations in some respect is already in discussion, however, if these restrictions are strongly enforced it seems very unlikely that they will be keen to dodge the requirements. Particularly in regards to second sourcing and supplier diversity.

The exclusions will prevent access to all safety related and safety critical networks in Critical National Infrastructure and also from sensitive geographic locations such as nuclear sites and military bases.

The government states that “as part of the Review, the UK’s National Cyber Security Centre (NCSC) carried out a technical and security analysis that offers the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.”

To support the vendor diversity aspect, the government is currently developing a strategy to help diversify the supply chain. It also says it will attempt to rack established vendors who are not present within the United Kingdom and will support the emergence of new disruptive entrants and will promote the adoption of open standards that will decrease barriers to entry. There is perhaps the anticipation of damaging relations with the US however, the UK minister responsible, Nicky Morgan, the secretary for digital, culture, media and sport, has described the decision as a “UK-specific solution for UK-specific reasons and the decision deals with the challenges we face right now.”