As British Prime Minister Boris Johnson was making a political compromise on Tuesday in allowing Huawei build up to 35 per cent of the non-sensitive part of Britain’s future 5G networks, cybersecurity officials in the country were publicly laying bare their distrust of the Chinese telecoms giant. The officials pointed to a lack of existing vendors in the market to provide the necessary technology for what is expected to be life-changing, ultra-fast mobile experience, leading one cybersecurity official to call the situation “crazy”. Published alongside the British government’s announcement – which bars Huawei from “core” elements that deal with sensitive data – the Government Communications Headquarters (GCHQ) outlined its advice on the use of equipment from high-risk vendors in the country’s telecoms networks. The document singles out Huawei in a separate chapter, refers to it as the country’s only high-risk vendor (HRV) and warns of “increased national risk”, wrote the GCHQ’s National Cyber Security Centre. It outlines five reasons why Huawei – the Shenzhen-based company that has consistently rejected accusations of being a national security concern to the West – constitutes a risk. First, the company has a significant market share in the UK already, which gives it a “strategic significance”, the document says. In 2018, the British government estimated that Huawei’s market share for 4G networks was around 35 per cent. Second, the document echoes Washington’s argument that Huawei, under China’s National Intelligence Law of 2017, could be ordered to act in a way that is harmful to the UK. Third, the National Cyber Security Centre said the Chinese state, and its associated actors, “have carried out and will continue to carry out cyberattacks against the UK and our interests”. British telecoms giant to strip Huawei from core networks, limit 5G access The centre also said its experience has shown that Huawei’s cybersecurity and engineering quality is low and its processes opaque. For example, it says, an official oversight board raised significant concerns in 2018 about Huawei’s engineering processes. Its 2019 report confirmed that the company had made “no material progress” in addressing those technical issues. Last, it said a large number of Huawei subsidiaries were currently on the US Entity List, which names businesses, institutions and individuals that Washington believes pose a national security threat. “Although we do not have knowledge as to whether these entities will remain on the US Entity List, this listing may have a potential impact on the future availability and reliability of Huawei’s products,” the British document says. “We’ve always treated them as a ‘high risk vendor’ and have worked to limit their use in the UK and put extra mitigations around their equipment and services,” Ian Levy, technical director of the National Cyber Security Centre, said in a blog post. In a statement, Huawei said it was “reassured” that it would be able to continue working with its British customers on 5G, albeit in a restricted role. “We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology,” said Victor Zhang, a Huawei vice-president. EU won’t recommend banning Huawei in upcoming 5G risk rules Huawei, alongside European rivals Nokia and Ericsson, are the only suppliers of the 5G technology suitable for the UK. “That’s crazy,” said Levy, “so we need to diversify the market significantly in the UK so that we have a more robust supply base to enable the long term security of the UK networks and to ensure we do not end up nationally dependent on any vendor.” One of the most vocal critics in the British parliament, Tom Tugendhat, who was the last foreign affairs committee chairman, cast doubt on Johnson’s approach. 4. The Review looked at the vendor’s ‘domestic security laws’. How did Huawei pass given China’s law on compliance with state intelligence services and cooperation with the police in the mass-detention of Uyghur Muslims in Xinjiang? 6/8 — Tom Tugendhat (@TomTugendhat) January 28, 2020 “The reduction [of Huawei’s involvement] to 35% is welcome. But will this reduce over time to wean operators off the Chinese provider or will 35% be an enduring figure?” he said in a series of tweets. He also questioned the pledge from the British government to restrict high-risk vendors from sensitive locations, such as nuclear sites and military bases. Such an exclusion, said Tugendhat, “seems near impossible to achieve in densely populated areas and in a world of mobile devices”. Purchase the China AI Report 2020 brought to you by SCMP Research and enjoy a 20% discount (original price US$400). This 60-page all new intelligence report gives you first-hand insights and analysis into the latest industry developments and intelligence about China AI. Get exclusive access to our webinars for continuous learning, and interact with China AI executives in live Q&A. Offer valid until 31 March 2020.