• Huawei to be classified as ‘high risk’ and limited accordingly
• There’s to be a 35 per cent cap on ‘high risk vendor’ supply, even to the non-sensitive parts of the network
• Minister characterises the decision as a “UK-specific solution for UK-specific reasons”

Today the UK’s Conservative government finally ended its prevarication, swallowed hard and came down in support of a half in, half out position on Huawei...  the one originally recommended back when Theresa May was Prime Minister. 

Essentially, Trump is to be ignored and Huawei is to be allowed to supply equipment to the less sensitive parts of operators’ UK telecoms infrastructure.

Trump’s increasingly precarious tenure at the Whitehouse - impeached by the House of Representatives, but not (yet?) removed from office by the Senate - may have emboldened Prime Minister Johnson into finally making a balanced decision, as Trump now looks unlikely to be around for too much longer. Even if he does linger on for the rest of his term, his ability to inflict retribution on security and trade arrangements will likely be limited and temporary. 

However, the government has announced an infrastructure security regime, to be backed by legislation, that will apply to the infrastructure or systems being introduced to UK public networks. It this morning released what it claimed are the conclusions of the ‘Telecoms Supply Chain Review’. 

New restrictions are to be placed on the use of what it calls “high risk vendors” in the UK’s 5G and gigabit-capable networks and these are to be excluded from the sensitive ‘core’. Exactly who’s in the high risk club is not announced. Huawei certainly, but ZTE? The government helpfully tautologises that “High risk vendors are those who pose greater security and resilience risks to UK telecoms networks.”

The government is to set a 35 per cent cap on ‘high risk vendor’ access to the non-sensitive parts of the network. The detail (and there are obviously many questions) is to be fleshed out in guidance to be issued to operators in advance of legislation. 

What we do know is that ‘high risk’ vendors will be limited to a minority presence in the periphery of the network, (defined as the access network) which connects devices and equipment to mobile phone masts.

The idea that operators might be able to ‘game’ the regulations in some way is already being discussed but, given that what’s being proposed is really enforced ‘best practice’ around second sourcing and supplier diversity (and is anyway in line with industry moves to normalise an ‘open RAN’ where functions are disaggregated), it doesn’t seem likely that UK operators will be keen to dodge the requirements.  

However, some of the proposals seem slightly over the top. The high risk ‘Breakfast Club’ inmates will be excluded from all safety related and safety critical networks in Critical National Infrastructure and from sensitive geographic locations, such as nuclear sites and military bases.

The government claims that, “as part of the Review, the UK’s National Cyber Security Centre (NCSC) carried out a technical and security analysis that offers the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.”

To assist with the vendor diversity element the government is now developing an ambitious strategy to help diversify the supply chain. It says it will seek to attract established vendors who are not present in the UK, will support the emergence of new, disruptive entrants and will promote the adoption of open, interoperable standards that will reduce barriers to entry.

So where this leaves the UK/US ‘special relationship’ is unclear. The anti-Trump New York Times interprets the UK’s declaration of independence as “the starkest sign yet that an American campaign against the telecommunications company is faltering.”

That’s not an interpretation likely to please Trump who famously values ‘winning’ above all other considerations. 

Perhaps in anticipation of Trumpian rage, the UK minister responsible, Nicky Morgan, the secretary for digital, culture, media and sport, has been careful to characterise the decision as a “UK-specific solution for UK-specific reasons and the decision deals with the challenges we face right now.” In other words the government wanted to be supportive of the US position and it does cast Huawei as a ‘high risk’ vendor, but needs must. If it could ban Huawei it would. 

And that ‘facing both ways’ stance is likely to cause the government trouble with its own hard liners. Essentially it’s letting a ‘high risk vendor’ (under its own definition) supply kit and systems to the UK’s essential infrastructure. It’s not the strongest position to defend.