Feeds

UK discovers Huawei UK staff auditing Huawei kit: Govt orders probe

Sir Kim'll fix it

Choosing a cloud hosting partner with confidence

Huawei will be probed by a top Whitehall official after the Chinese tech giant's staff in Oxfordshire were given the job of auditing Huawei's telecoms gear for Blighty's communications networks.

The review was ordered following the publication of a report by an influential committee of MPs which warned of a conflict of interest and a threat to national security. Specifically, the panel had assumed GCHQ brains were scrutinising Huawei's products rather than Huawei employees. The review will be carried out by Britain's national security adviser, Sir Kim Darroch.

Telecoms equipment kingpin Huawei, separately accused of spying on nations for the Chinese government, supplies crucial hardware for the UK's communications arteries. The tech giant denies any wrongdoing.

It was encouraged in 2010 to establish a Cyber-Security Evaluation Centre, dubbed the Cell, in Banbury to weed out security vulnerabilities in its technology - ultimately so that British businesses and politicians could trust its hardware was secure against hackers and spies.

A report [PDF] titled Foreign Involvement in the Critical National Infrastructure, written by Parliament's Intelligence and Security Committee, highlighted the fact that the Cell was staffed by Huawei rather than run by GCHQ.

"While we recognise that the Government does not expect the Cell to find every vulnerability, and that there are other mitigations in place, we remain concerned that a Huawei-run Cell is responsible for providing assurance about the security of Huawei products," the ISC said in its dossier.

"Before seeking clarification, we assumed that Huawei funded the Cell but that it was run by GCHQ.

"A self-policing arrangement is highly unlikely either to provide, or to be seen to be providing, the required levels of security assurance. We therefore strongly recommend that the staff in the Cell are GCHQ employees. We believe that such a change is not only in both Huawei’s and Government’s interests, but that it is in the national interest."

Government officials responded to the report on Thursday by agreeing to review the role of Huawei staff in the Oxfordshire centre, as a statement by the Cabinet Office explains:

The Government has carefully considered the ISC’s report on Foreign Investment in the Critical National Infrastructure and its particular focus on managing new threats to the UK’s telecommunications systems and networks. We take threats to our Critical National Infrastructure very seriously and need to be responsive to changes in a fast-moving and complex, globalised telecommunications marketplace. We have robust procedures in place to ensure confidence in the security of UK telecommunications networks.

However, we are not complacent and as such we have agreed to the main recommendation of the report to conduct a review of Huawei’s Cyber Security Evaluation Centre (the ‘Banbury Cell’) to give assurance that we have the right measures and processes in place to protect UK telecommunications.

Cell out

The Cyber Security Evaluation Centre was established after Huawei - said to have close links to the Chinese administration - gained more and more contracts with UK communication providers, years after its breakthrough deals with BT.

Prior to 2010, BT - with support from GCHQ - had undertaken its own security reviews of the equipment. Then as Huawei’s presence in the UK increased, the Cell was supposed to audit the equipment to reassure other telcos and ISPs that the gear could not be tapped into by foreign powers-that-be or private miscreants.

MPs on the ISC also raised wider concerns about the lack of "effective procedure for considering foreign investment in critical national infrastructure" systems. The government accepted that in retrospect national security issues went largely overlooked at the time BT began sourcing kit from Huawei in 2003. However, more recently, procedures have been tightened up and adequate controls are already in place.

"The Government does not agree with the Committee’s statement that there have been no improvements since then or that national security issues are overlooked. Indeed the National Security Council (NSC), which was not in existence at the time of the BT-Huawei contract, can and does consider similar issues today in order to ensure that HMG’s approach balances economic prosperity and commercial competitiveness with national security," the government said in its official response.

"Boosting trade and investment is a key part of the Government’s plan for growth and we are working hard to develop our economic relationships with key trading partners, including China. At the same time, the Government works with major Communication Service Providers (CSPs) in the UK to ensure that their networks and the services they provide are appropriately secure. Our work with Huawei and their UK customers gives us confidence that the networks in the UK that use Huawei equipment are operated to a high standard of security and integrity."

It was generally agreed that it was impractical to build the UK's telecoms infrastructure from kit sourced from UK firms alone and that obtaining equipment from overseas suppliers, answerable to shareholders, is always going to pose national security concerns. Even sourcing from UK suppliers alone wouldn't wholly answer these concerns, given the global nature of supply chains.

Nonetheless, concerns about Huawei's role in supplying telecoms infrastructure kit have been raised by politicians on both sides of the Atlantic for years now.

A Huawei spokeswoman welcomed the review.

"Huawei shares the same goal as the UK government and the ISC in raising the standards of cybersecurity in the UK and ensuring that network technology benefits UK consumers," she told the BBC. The firm issued a fuller defence of its approach to security evaluation in the UK days after the ISC's report came out last month:

Prior to BT's selection of Huawei in 2005, Huawei was subject to a comprehensive audit across 11 different areas, including strategic development, management systems, corporate social responsibility and security management. This detailed audit took two years and only when it had been completed did BT sign its first contract with Huawei. Since then, BT has continued to conduct a thorough annual evaluation of Huawei and after eight years of partnership, we have built a strong and mutually beneficial relationship with them.

In 2010, the British Government, Huawei and telecom operators, including BT, collaboratively agreed to establish a cyber-security evaluation centre. Over the past two and a half years, the centre has examined more than 30 types of product which we provide to UK customers, covering GSM, 3G, LTE, IMS, FTTX and others. This rigorous testing system is one of the most advanced in the cyber security field globally and ensures that Huawei can provide advanced telecommunication technology to its customers in the UK.

The review by Sir Kim is due to be completed and presented to the Prime Minister at an unspecified time later this year. Findings of the review will then be passed onto MPs on the ISC. ®

Security for virtualized datacentres

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.