• Government warns telcos to choose their 5G suppliers carefully
• Letter doesn't mention Huawei by name, but nobody's fooled
• Stable door closed after horse gallops over horizon

The UK government has followed the example set by the US and more recently Australia by urging telcos to think carefully about national security when selecting network equipment suppliers.

No names were mentioned, but this quite obviously relates to Chinese equipment makers Huawei and, to some extent, ZTE.

According to the Financial Times (subscription required), Matthew Gould, head of digital policy at the Department for Digital, Culture, Media and Sport (DCMS), and Ciaran Martin, head of the National Cyber Security Centre (NCSC) warned telcos in a letter that an ongoing review of the UK's telecoms infrastructure could have consequences for their 5G supply chains.

"[Telcos] will need to take the review into consideration in any procurement decisions," they said.

At this moment in time, advising UK telcos to choose their vendors carefully for national security reasons has to be one of the most moot points in the great pantheon of moot points.

It is not so much closing the stable door after the horse has already bolted; it is closing the stable door after the horse has bolted, escaped from the farm and enjoyed a long and distinguished career as a UK-based sales executive for a Chinese telecoms equipment vendor.

There will now be a moment's pause to allow seasoned industry watchers to cast their minds over all the times that UK government officials have courted Chinese vendors.

One that springs to mind would be that jolly trip taken in 2013 by then-Chancellor of the Exchequer George Osborne to Huawei's Shenzhen headquarters. While there, the holder of the second-most-important position in British politics secured an agreement for Huawei to spend £125 million on a UK R&D facility.

That came just months after BT got a slap on the wrist from a UK Intelligence and Security Committee report for failing to tell the government that it had deployed Huawei routers and transmission equipment on its network in 2005. This network is designated 'Critical National Infrastructure' (CNI), and therefore it was a mistake to use Huawei equipment, the report said.

As Huawei pointed out in the wake of the wrist-slapping, in 2010 it established a cybersecurity evaluation centre – cheerfully referred to as the 'Cell' – that allowed any telco to examine the security credentials of its equipment before deploying it on their networks. However, use of the facility is voluntary, and as the Intelligence and Security Committee's 2013 report noted, only three telcos opted to do so.

At the time, the Committee also warned that "there is no general requirement on companies that own CNI assets to inform or consult government prior to awarding a contract, whether that be to a UK company or a foreign company. Instead, the government relies on informal processes or the private company taking the initiative themselves. This is far too haphazard an approach given what is at stake."

That was in 2013. Here we are in the closing stages of 2018, and judging by this week's FT report, little seems to have changed.

The government launched a new review in July this year. For whatever reason, the review that was published five years ago, that warned about the potential risk to CNI posed by Chinese network gear, didn't seem to sink in, so now we're having another one.

Had the 2013 Committee's concerns been taken on board, there might not have been the need for another report. The government might not need to have penned a letter to telcos urging them to think before they tender. There might even be procedures and protocols in place by now that telcos could follow to ensure their procurement processes do not jeopardise UK national security.

But life doesn't work like that.

Instead, we have a situation where in October, EE lays claim to the UK's first live 5G trial, switching on a Huawei-powered site in Canary Wharf, and then a month later, the government implies that operators should try to avoid using too much Chinese-made kit in their networks.

Huawei and ZTE have been barred from network tenders in the US for many years, and Australia followed suit this August, blocking them from bidding for 5G contracts.

Over the weekend, Huawei New Zealand's deputy chief executive Andrew Bowater told the New Zealand Herald that the company won't even attempt to bid for 5G core network deals in the country because "it's not worth the hassle" of having to overcome national security concerns. There is uncertainty over whether the company will be allowed to participate in any 5G tenders at all.

Will the UK and its allies be safer in the long term if operators are prevented from deploying Huawei equipment?

Probably not, no. A motivated, unfriendly government will focus on another attack vector. Here's one, maybe: the industry is slowly shifting to supplier-neutral, increasingly software-based infrastructure that avoids vendor lock-in; it's conceivable these emerging systems have already drawn the attention of attackers trying to find and exploit any weaknesses therein.

Furthermore, with operators in the US, Australia, New Zealand and possibly the UK having a narrower range of suppliers to choose from, they could end up paying higher prices, with customers ultimately footing the final bill.

In summary then, we could arguably be no more secure than we were before, and we may have to pay higher prices too. Fabulous.