Vodafone UK said the cost of replacing Huawei equipment in its radio access network could run to "hundreds of millions" and endanger the UK's 5G leadership position in Europe.

Executives at a media roundtable event in London this morning also backed Huawei's calls for a Europe-wide security regime that would extend testing to network products from the likes of Cisco, Ericsson and Nokia.

The remarks came ahead of a UK government decision on whether to restrict Huawei's activities in the UK telecom market over concern about network security.

Authorities were this week said to be considering new rules that would prevent any operator from using Huawei in more than 50% of the network.

The Chinese equipment vendor is under fire because of its perceived links to the Chinese government, with critics arguing its products may include "backdoors" to facilitate spying or cyber attacks. US authorities have been leading a campaign against Huawei and urging European governments to ban it from their network equipment markets.

Scott Petty, Vodafone's chief technology officer, told reporters that his business had already carried out a full risk assessment and decided to exclude Huawei from the most vulnerable parts of its network, including the core and transport systems.

Figure 1: Heartbreaker for Huawei? Scott Petty, the chief technology officer of Vodafone UK, says any government-mandated Huawei swap-out would endanger the UK's 5G position.

Banning Huawei from the UK's 5G market would force Vodafone to remove Huawei gear from about 6,000 of the 18,000 mobile sites it operates across the country, he said.

"The first release of 5G is non-standalone and requires 4G to be in place to create a secure network," he explained. "If we were forced to remove Huawei we would need to replace about 32% of basestations with someone else's technology and deploy 5G on top of that. The cost would be hundreds of millions and dramatically affect the 5G business case. We would have to slow down 5G deployment very significantly to go back and refresh the 4G network first to be able to deploy 5G on top of that."

Petty said any risks were minimal in the radio access network, partly because individual basestations are not directly connected but instead link back to the transport and core networks.

Vodafone ruled out the use of Huawei as an optical or core network supplier roughly five years ago when making plans for the rollout of its "Redstream" transport network.

"Optical is medium risk but we took the decision that we wouldn't use Chinese technology in that part of the network because we felt that a combination of transport and radio technologies from a single vendor would create a threat vector that would be too large," he said.

Vodafone is today using optical equipment from Ciena and Nokia as well as an IPsec gateway from Juniper and Cisco. "That creates a level of security making it hard for anyone to penetrate," said Petty.

Vodafone reckons the main vulnerability is in the core network, which is today deployed across four locations in the UK market through a partnership with Cisco. "The reason the risk is higher is that getting in would provide control of the entire network," said Petty.

He also appeared to rule out the use of Huawei as a provider of mobile edge computing technology, which would mean extending core network functions to other locations for service improvements. "The idea is you take elements of the core and distribute out through the network closer to basestations," he said. "The points of attack increase and vulnerability increases."

Vodafone's risk assessment closely resembles that of BT, the UK telecom incumbent, which is similarly excluding Huawei from its core, optical and edge networks but retaining it as a radio supplier.

Other parts of Vodafone have been less restrictive following their own risk assessments, partly because they are less involved in critical infrastructure projects than Vodafone UK, executives explained.

Security in focus
Despite the security steps Vodafone UK has taken, Helen Lamprell, the operator's general counsel, said the company had never found evidence of backdoors in Huawei products.

Drawing attention to a service outage at network rival O2 last December, caused by an expired certificate in core network software from Ericsson, Petty backed recent calls for a Europe-wide security regime that would assess all equipment and not just products from Chinese vendors.

"It is not just Huawei that is a potential risk and we are working with all vendors across Europe to have something at the European level," he said.

You're invited to attend Light Reading’s Big 5G Event! Formerly the Big Communications Event and 5G North America, Big 5G is where telecom's brightest minds deliver the critical insight needed to piece together the 5G puzzle. We'll see you May 6-8 in Denver -- communications service providers get in free!

Senior executives from Huawei this week met officials from the European Union (EU) to discuss proposals for a security regime along the lines of GDPR, a set of EU rules about data privacy and protection that companies active in the region are now required to follow.

The Chinese vendor has also just opened a new cybersecurity center in Brussels, although this would not have the same government oversight board as a UK facility and seems unlikely to be made available to other vendors.

Setting up a cybersecurity center for the testing of equipment from all vendors would be a major challenge, said Petty. "It is tricky to do because you have direct access to source code and it is hard to see how one center would test four different vendors and for vendors to be confident that source code wasn't available to everyone else," he said. "Source code is the crown jewel for vendors and they will be incredibly nervous about sharing that."

Petty declined to comment on whether the GSM Association, a lobby group for the mobile industry, could take the lead on the development of new security rules.

The organization recently put forward proposals for post-development testing of 5G equipment, but these have encountered fierce resistance from Ericsson. Börje Ekholm, the Swedish vendor's CEO, has complained they would slow down innovation and drive up industry costs.

Related posts:

— Iain Morris, International Editor, Light Reading