Pompeo said it was not possible to mitigate risk by limiting the role of an untrusted vendor © AFP/Getty Images
Pompeo said it was not possible to mitigate risk by limiting the role of an untrusted vendor © AFP/Getty Images

US urges EU to ban high-risk IT suppliers

13 February 2020

US secretary of state Mike Pompeo has urged the EU to completely exclude “untrustworthy” vendors from its 5G networks in a move evidently aimed at trying to block Chinese manufacturer Huawei.

Pompeo’s remarks came in response to the EU’s Network Information Security Cooperation Group releasing a toolbox of recommended measures to mitigate security risks in 5G networks. 

While Pompeo said that the US welcomed that initiative it warned that suppliers with “high risk profiles” should face additional restrictions. 

In a statement widely regarded as being aimed at Huwaei, Pompeo called on EU member states to exclude high risk suppliers not only from critical and sensitive parts of their 5G networks, but from all parts.

“5G networks will touch every aspect of our lives, including electrical grids, autonomous vehicles, smart manufacturing, medical treatments, and personal data,” said Pompeo. 

“Given that 5G will support these and other vital applications, the United States does not assess it is possible to adequately mitigate risk by limiting the role of an untrusted vendor to only certain parts of the network.”

He said that all parts of future 5G networks should be considered critical infrastructure.

“The United States has taken steps to secure its own 5G networks by prohibiting untrusted suppliers, such as Huawei and ZTE, which are subject to the direction of the Chinese Communist Party,” Pompeo added.

“Our actions are in line with the EU’s assessment that 5G suppliers headquartered in countries without democratic checks and balances may pose an unacceptable security risk.”

Under the EU’s proposals member states will be responsible for protecting their own networks. 

Pompeo said it was “misguided” to think that the risks associated with installing equipment from suppliers, who might be controlled by “authoritarian regimes with a track record of malign cyber behavior”, could be mitigated.

It has been reported that Vodafone is to remove Huawei equipment from the core parts of its mobile networks across Europe, even though this will cost £169m over the next five years.

The decision follows the UK government’s move last week to limit the use of Huawei equipment in the country’s 5G network.

The government has excluded high-risk vendors such as Huawei from “sensitive core parts of 5G and gigabit-capable networks” and restricted their role in other parts to 35%.

However Nick Read, Vodafone’s chief executive, said if more European countries followed the UK’s example and capped Huawei’s participation in 5G networks at 35% it could lead to delays of between two and five years.

At the end of January BT estimated the decision to restrict the use of vendors such as Huawei in the 5G network would cost it around £500m over the next five years. 

BT chief executive Philip Jansen told investors the bulk of the cost would come from stripping out 4G boxes developed by Huawei as it continues to roll out its 5G network.

 Want to stay up to date with the news? Sign up to our daily bulletin.

CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates