Britain's Huawei compromise puts Australia's cyber hawks under pressure

The Australian arm of Chinese telecommunications giant Huawei has wasted no time in using its strictly limited inclusion in the United Kingdom’s 5G build to put the boot into Australia’s security apparatus, claiming the government here was given dud advice.

And so begins the great hectoring.

The telco equipment maker on Wednesday seized on the UK’s highly anticipated decision to allow the company some limited participation in the nation’s 5G rollout, despite frenetic lobbying from Washington to have Huawei banished as it is in Australia.

“This decision by the UK Government proves beyond doubt that there is a way to manage security on 5G networks without excluding vendors simply for being from a certain country,” Huawei Australia’s director of corporate and public affairs, Jeremy Mitchell said.

“It also demonstrates that the Turnbull Government was given incorrect advice that the Core and Radio networks cannot be separated on 5G – that is completely incorrect as the UK operators are now doing it in the real world.

The British decision not to go down the road of full exclusion is certain to be used as a precedent by Huawei to argue that fears surrounding its equipment and ownership really born of geopolitical friction and posturing rather than technical and employee security concerns.

The UK’s limited deployment, which comes swiftly after a sturdy election victory for the Conservatives, sends a firm signal that a key member of the post-war Five Eyes intelligence sharing network is prepared to manage its security risk exposure on its own terms rather than in lockstep with allies.

Make that ally. Johnson knows full well that allowing the UK’s cyber posture to be sock-puppeted by the US would not be a great starting point for reasserting the kind of national independence he fought the election on.

He also doesn’t want to be a price and standards taker beholden to a pair of hard-nosed Scandi manufacturers. 

Australia has been one of Huawei’s most difficult markets with the equipment maker very publicly excluded by both sides of politics from both the National Broadband Network and nascent 5G rollout.

The strong line being run out of Australian security agencies advising policymakers about the risks of allowing Huawei near Australia’s critical infrastructure has also been bolstered by US miltech-aligned thinktanks essentially seeking to set the narrative around cyber posture and risks.

A key proponent of thought leadership and research is the Australian Security Policy Institute that has never been shy of calling out growing regional Chinese influence or Huawei as a protagonist of extending Beijing’s reach.

While much of the concern aired about state sponsored cyber intrusion, espionage and interference is very legitimate, so too is the observation that many of the US-aligned miltech firms supporting ASPI drink from the publicly funded cyber protection trough.

There are strong commercial interests in maintaining and growing those markets, and supporting research and a strong public policy presence is a core tool in fostering public and political persuasion.

(It’s certainly been more effective than some of the cack-handed lobbying efforts of Facebook, Google and assorted other big IT vendors now copping it for not paying tax).

As a former colonial power whose reach helped create the two biggest republics in the world, Britain’s role in balancing competing American and Chinese demands was always going to be more politically nuanced and independent than Australia’s.

And the delivery somewhat more polished.

When Britain’s decision on 5G was made clear, it came after lengthy public discourse and debate followed by stage setting and then some diplomatic theatre. Johnson also had a major election victory under his belt and some domestic expectations to meet.

In contrast, Australia’s August 2018 decision was a rushed piece of deck clearing that landed immediately prior to yet another internecine execution of a Prime Minister.

We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia. This is a extremely disappointing result for consumers. Huawei is a world leader in 5G. Has safely & securely delivered wireless technology in Aust for close to 15 yrs

— Huawei Australia (@HuaweiOZ) August 22, 2018

Amid the fracas of a leadership change there was essentially a void of leadership commentary or background on the 5G decision in the aftermath, with both politicians and securocrats transfixed by the second political implosion in as many terms.

Compare that to the plain speaking and necessarily long blog issued by the UK National Cyber Security Centre’s Technical Director, Dr Ian Levy.

There’s now a strong contest over what’s core, what’s non-core or edge (why do political promises come to mind) and whether allowing any ‘high risk’ vendors near 5G or fibre backhaul is a good idea.

Levy does appear to have rather a gift for calling bullshit on FUD and cyber Sinophobia with an eloquent spray.

“In 5G you need lots of smaller basestations as well as big ones, and the small ones will be on lampposts, bus shelters and other places that aren’t secure from physical interference by bad guys,” Levy observes.

“So, if your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure.”

Levy also cogently argues that for all of 5G’s promises, it will never be all things to all people. 

“The international standards that define what a 5G network actually is allow you to do all sorts of things, and some of those things could lead to security or operational risks that can’t be mitigated. That doesn’t mean you have to do them,” the NCSC technical lead says.

Contrast that with the views of Simon Gilding, who was until last December the Australian Signals Directorate’s head of signal intelligence and offensive cyber missions who has now become an ASPI senior fellow.

Gilding reckons it's a pivotal moment in world affairs.

“If you have the keys to 5G networks, you will be trusted with the nervous system running down the backbone of every country which uses your gear and contracts you to service it,” Gilding write in ASPI’s earnestly titled zine, The Strategist.

“That includes critical infrastructure and safety-critical systems on which the lives and livelihoods of our citizens depend—traffic, power, water, food supply and hospitals. You get to be ‘The Borg’,” Gilding continues.

What Gilding omits to mention is that a major thrust of China’s technological evolution is to ensure it does not become beholden to Western technology systems for critical infrastructure that could compromise its own national security.

That spans across communications equipment, payment systems, social media and the internet as a whole. China is giving as good as it gets on that front, especially when it comes to rapid scaling (not that we need any more bike share schemes).

What critics of China’s rapid tech expansion often avoid mentioning is that policies of globalisation prosecuted in the UK and US under both sides of politics led to the Five Eyes losing their carrier equipment manufacturing capacity to a Scandinavian duopoly.

Malcolm Turnbull called it out when he left office and now the NCSC’s Levy is also sheeting home some obvious, if inconvenient, facts.

Under the heading “The market is broken” Levy points out that without Huawei, the UK would have been locked into choosing from the telco equivalent of Ansett and TAA.

“There are only three scale suppliers of 5G RAN kit that can currently be used in the UK: Nokia, Ericsson and Huawei. That’s crazy, so we need to diversify the market significantly in the UK so that we have a more robust supply base to enable the long term security of the UK networks and to ensure we do not end up nationally dependent on any vendor,” Levy said.

“Being nationally dependent on any vendor would be bad, but it would be particularly bad when that’s a high risk vendor. 

“We’re not nationally dependent on anyone now and the measures the government has announced today ensure that won’t happen in the UK in the future, regardless of the commercial drivers.”

Cue the Boris banquet in Beijing.