back to article UK Telecommunications Act – aka 'power to strip out Huawei' – makes it to the statute book

The UK Telecommunications (Security) Act has received Royal Assent, giving the government more control over the use of "high risk" vendors in networks as well as fines that could hit £100k per day for telcos that fail to toe the line. In case readers are in any doubt who one of those "high risk" vendors is, the statement from …

  1. Mike 137 Silver badge

    Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

    However, successive annual reports from the UK Huawei Cyber Security Evaluation Centre have shown that their code quality and engineering practice have been crap for years. Even the latest report states "there has been no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC."

    Of course it's possible probable that the code and practices of other vendors are just as bad - they just haven't had such a bright spotlight turned on them.

    1. Doctor Syntax Silver badge

      Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

      "probable that the code and practices of other vendors are just as bad - they just haven't had such a bright spotlight turned on them."

      It's not just the quality consideration. Without being able to inspect the code it's possible backdoors could be hidden in there in the way they can't by Huawei

      It's the apparent "better the devil you don't know" approach I find worrying. It leads on to the wondering whether it's stupidity or whether the backdoors do exist and are left ajar for the TLAs.

      1. Chris G Silver badge

        Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

        As far as potential backdoors are concerned, I suppose the government must be extremely worried about the Chinese gathering all kinds of secrets from the UK, given the very short timeline they have allowed telcoms to rid themselves of Huawei kit. 2027!

      2. NoneSuch Silver badge
        FAIL

        Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

        Unsurprising Huawei code is crap. All of the decent Chinese techies were drafted and are in the PLA hacking Lockheed, Boeing and SpaceX.

        Nice to see UK Gov growing a pair and sticking it to a dictatorship. After what they are doing in Hong Kong there are no illusions the CPP is beneficial in any way.

      3. Anonymous Coward
        Anonymous Coward

        Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

        Good luck inspecting cisco code.

        It's hard enough getting the binary.

        1. Anonymous Coward
          Anonymous Coward

          Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

          And even harder getting it licensed once you've installed it.

          1. Jellied Eel Silver badge

            Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

            There's a lot of irony. Smart Care can be a bigger risk to network stability, as well as security. Best practice has always been to expose your control plane to as few people as possible. Now, official vendors expect Internet access to make sure you're paying the right amount of pounds of flesh.

            And that exposes what should be obvious risks, like DoS attacks against vendor license servers, customers being DoS'd by their vendors because those servers are down. Or potential shennanigans like maybe a spoofing attack that revokes licenses.

            But when this first kicked off, I'd been designing a managed Huawei core for a client that had some sensitive customers. The official government guidance was (and I think still is) classified, but the client had been informed, and we went through risks and mitigation. But that was all best practice around limiting and securing the control plane, along with monitoring for suspicious or anomalous activity.

            But there were also political risks. So the evil CCP kills the Internet! In which case, it'd be a rather overt and hostile act, and probaly a prelude to something imminently kinetic. So there'd be bigger problems to worry about. And I'm pretty sure Google, Amazon and Microsoft have caused more large scale outages via config f'ups than Huawei ever has.

            But such is politics. So a potential risk was DoS by trade spat. China is evil, so they might block exports. Which ironically is exactly what has happened, except not by the Chinese, but by our own governments. Obviously rip & replace is hugely expensive and disruptive, and those costs will have to be passed on. Sure, there's some good political sense, ie encouraging domestic supply, but that can be a slow process.

            And we now have the strange situation where civil servants are essentially in control of vendor selection, and vendors could quickly be added to the naughty list after an SI gets waved through Parliament.. Which may be as a result of lobbying. But a neat example of regulatory capture, with potentially huge consequences, and no real accountability.

            1. Anonymous Coward
              Anonymous Coward

              Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

              "And we now have the strange situation where civil servants are essentially in control of vendor selection, and vendors could quickly be added to the naughty list after an SI gets waved through Parliament."

              Or more likely, added to approved list, for the benefit of someone's friends.

              "But a neat example of regulatory capture, with potentially huge consequences, and no real accountability."

              Mission accomplished then. /S

    2. Alan Brown Silver badge

      Re: Huawei has always unsurprisingly denied it is a stooge for the Chinese Communist Party

      7 years ago when the trumpets were being sounded about how bad Huawei code was, it was actually Comware code from their joint venture with 3com that they were in the process of dumping because it was so awful

      Huawei's own Wind River Linux stuff is much better and keeps improving. The comware stuff is still shite and many of the bugs highlighted in the seminars about "how bad Huawei code is" are still shipping in 3com's (now HP) products

      That's not to say Huawei don't produce bad code (they do), but this is very much a case of stones, glass houses, fat brown envelopes and political corruption rather than anything else. The USA has been losing the technological and economic race for a while due to shooting itself in both feet as the "America First" mobsters from the 1930s come back to political power

      Hint: https://www.nj.com/opinion/2017/03/dr_suess_biting_political_cartoons_against_america.html

  2. Yet Another Anonymous coward Silver badge

    Communism bad

    Instead the government mandates that you buy from state approved vendors and suggests that ideally people build their own telecoms equipment rather than from commercial outfits that may have ulterior motives.

    This comes after the nationalise the railways

    Perhaps we could revitalise the British Steel industry with backyard furnaces?

    Come, Join Chairman Boris' great leap forward(*) !

    (* actual direction of leap not guaranteed)

    1. Anonymous Coward
      Anonymous Coward

      Re: Communism bad

      I don't think you have to nationalise anything if the private companies act with integrity. Sadly, the privatisation has lead to companies being more interested in the board members and investors, than the customers.

      In addition, shouldn't tariffs be applied to create a level playing field ?

      Is it possible that operators went for the cheapest equipment, such that local (Europe) manufacturers were at a distinct disadvantage. There is an immediate bottom line benefit, but many years later the "local" manufacturers are now nearly out of business (Marconi ??), and hence we (the west) lose vital advantages and knowledge/capability ?

      This does seem to be the western governments failing in their duty to ensure that the home market continues to thrive and is protected from undercutting etc.

      1. deive

        Re: Communism bad

        "if the private companies act with integrity"

        1. very angry man

          Re: Communism bad

          just have a look at your govt,

          the car fleet probley the biggest in the country , are the cars locally produced or imported?

          their computers local?

          many other things, the govt buys the cheapest / biggest kick back, ?

          they don't care, yet all the sheeple should?

      2. Yet Another Anonymous coward Silver badge

        Re: Communism bad

        > the privatisation has lead to companies being more interested in .... investors, than the customers.

        That is literally the directors legal duty

        1. Boris the Cockroach Silver badge
          IT Angle

          Re: Communism bad

          Directors only real legal duty is to ensure the company is not commiting fraud while trading.

          If the share holders dont mind the company losing money... then the directors dont have any duty to ensure returns on investments or even the company turns a profit so long as everything is above board.

        2. Mike Pellatt

          Re: Communism bad

          They are required to put the long-term interests of the investors first. That is demonstrably achieved by being interested in the company's customers, rather than taking no interest in hem or even working actively against them.

      3. nijam Silver badge

        Re: Communism bad

        > Sadly, the privatisation has lead to companies being more interested in the board members and investors, than the customers.

        Have you forgotten what a gravy train nationalised industries were? Just different groups benefitting - punters all still losing out.

    2. Anonymous Coward
      Anonymous Coward

      Re: Communism bad

      A different problem from "Spy Security" is that locking into highly vertical systems which are completely un-pick-apartable reduces the ability to do R&D and modify as technology changes. It is not about doing just the same thing at a higher labor cost, it's about leaving the door open to do better, and in the long run making a profit out of selling the result.

      Note that the West's most successful exporters (Germany Japan) with ~20% of GDP in manufacturing also have relatively tiny financial sectors ~4% of GDP. Whereas the West's most successful financial centers (US & UK) are at ~10% of GDP in manufacturing, ~10% of GDP in finance.

      There is more than one way to be Capitalist.

    3. Alan Brown Silver badge

      Re: Communism bad

      What comes next is exit visas

      I'm only half joking

  3. Androgynous Cupboard Silver badge

    Meanwhile, at Cisco's lobbyists...

    "Trebles all round! And someone post that Ian Duncan Smith a crate of our finest American Champagne. And a baseball hat, I hear those bald english politicians go wild for them.... what? England. ENGLAND. No I don't know either."

    1. dajames Silver badge

      Re: Meanwhile, at Cisco's lobbyists...

      It's not Cisco that will benefit from this, so much as Nokia and Ericsson.

      1. Al fazed Bronze badge
        Thumb Up

        Re: Meanwhile, at Cisco's lobbyists...

        And Nokia is a trade name that anyone can buy, if they got the right contacts of course..

  4. Anonymous Coward
    Anonymous Coward

    There has been zero proof that any kit from China is dodgy and lets be realistic why take the risk with your billion pound industry?

    This is just another example of us doing what the American machine says like a lap dog. Are other countries banning the kit? If it's such a risk they would be banned all over the world. Over time we are going to fall back technologically with nationalistic strategies like this, it's not like we have a world class educational system to produce the people to take us forward.

    1. Yet Another Anonymous coward Silver badge

      Back when I wor a lad and dinosaurs roamed the Earth - Japan was the devilishly cunning evil empire that was going to destroy all our industry and make us eat raw fish and chips.

      So we banned Japanese companies like Toshiba importing components like LCD screens, forcing them to try and make laptops.

      We were troubled that Nikon and Canon made lithography machines which could threaten America's lead in semi-conductors. So the USA funded Philips spinning out its lithography division into a little outfit called ASML - and that's why all semi-conductors today are made in America Holland Taiwan not Japan and security is assured.

      1. Anonymous Coward
        Anonymous Coward

        A good laugh, thanks. Not sure about the accuracy.

        From wikipedia:

        ASML's corporate headquarters is in Veldhoven, Netherlands. It is also the location for research, development, manufacturing and assembly. ASML has a worldwide customer base and over sixty service points in sixteen countries. The company is listed on both the AEX and NASDAQ Stock Exchanges, as ASML. It is also a component of the Euro Stoxx 50 and NASDAQ-100.

        The company (originally named ASM Lithography, current name ASML, which is an official name and not an abbreviation) was founded in 1984 as a joint venture between the Dutch companies Advanced Semiconductor Materials International (ASMI) and Philips. Nowadays it is a public company with only a minority of the shares owned by Philips. When the company became independent in 1988, it was decided that changing the name was not desirable, and the abbreviation ASML became the official company name.

        In 2000, ASML acquired the Silicon Valley Group (SVG), a US lithography equipment manufacturer, in a bid to supply 193 nm scanners to Intel Corp.

        ASML is subject to cyclical industrial dynamics. For example, at the end of 2008, ASML experienced a large drop in sales, which led management to cut the workforce by about 1000 worldwide—mostly contract workers—and to apply for support from the Dutch national unemployment fund to prevent even larger layoffs. Two and a half years later, ASML expected a record-high revenue.

        In July 2012, Intel announced a deal to invest $4.1 billion into ASML in exchange for 15% ownership, in order to speed up the transition from 300 mm to 450 mm wafers and further development of EUV lithography. This deal is without exclusive rights to future ASML products and, as of July 2012, ASML is offering another 10% of the shares to other companies.As part of their EUV strategy, ASML announced the acquisition of DUV and EUV sources manufacturer Cymer in October 2012.

        The odd thing I learned is that even after Intel invested in ASML in 2012, Intel tried to go their own way to go smaller, while AMD leapfrogged ahead using ASML EUV tech (via TSMC).

        1. Yet Another Anonymous coward Silver badge

          IIRC there was definitely a 'strategic' investment in ASML

          I believe the thinking was, Intel/HP/other US semi-conductor manufacturers wouldn't play nicely together, you couldn't trust the wiley orientals, Korea and Taiwan were for cheap plastic toys and China probably didn't have electricity in the 80s

          So a nice safe, powerless Nato ally with a stable government appealed to everyone when it came to not making waves with technology transfer.

      2. Tams

        Only there's little security risk with using Japanese, Korean, or Taiwanese technology and certainly not the moral questionability that using Chinese (PRC) technology does.

        1. Al fazed Bronze badge
          Flame

          If you trust the USA, UK, Australia, Isreal etc..

          ALF

  5. Anonymous Coward
    Anonymous Coward

    What do you expect

    when we have an American Prime minister. (And let's not forget the leader of the Labour Party is a "Sir"). There is no hope left is there...

    And then there is this,

    "As for what the law actually means, Julia Lopez, minister for Media, Data and Digital Infrastructure, described it as a "major step forward," adding: "Risks to our telecoms networks can never be completely prevented, but we have raised security standards across the board."

    It will also raise consumer's prices you stupid cow. Less competition, get it? And why don't you "raise security standards" against the known "backdoor" provider Cisco? Is it because you couldn't possibly go against our American "friends" who are pulling our American puppet bosses strings?

  6. This post has been deleted by a moderator

  7. Anonymous Coward
    Anonymous Coward

    I note Biden has signed similar stuff into law. This is the only reason we've carried on with this bull since Trump the loser was kicked out.

    All hail our American sovereignty!

    Good luck auditing cisco source code!

  8. Al fazed Bronze badge
    Coat

    Oh yeah,

    We have all been reliant since day one of the digital evolution - on crappy code from the likes of Micorsoft, Adobe, Apple, Cisco, FaceBook, You Tube, ..........et al, and not forgetting a couple of Computer Security software applications I won't name ............. the list is close to inexhaustible and shows no sign of stopping.......

    But the Growvermins of UK and USofA think fit to name and shame and ban the only technology company to have got 5G hardware sorted, (whilst we get our own world beating hardwhere manu f.. a.)

    Oh fuck it........ you know what I am saying

    ALF

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022