UK cyber security leaders move to state perceived Huawei 5G risks “can be managed”

UK cyber security chiefs at the National Cyber Security Centre (NCSC) have apparently stated that any potential risk posed by involving technology concern Huawei Technologies Co Ltd’s solutions in forthcoming UK telecoms projects “can be managed”. The NCSC’s assessment, initially reported in The Financial Times, has come to light in the wake of ongoing accusations from US authorities that Huawei’s products could be used by the Chinese Government for spying operations.

The US has been joined by Australia and New Zealand (who are also members of the anglophone intelligence alliance ‘Five Eyes’ aimed at co-operation in the sphere of signals intelligence) in effectively banning Chinese organisation Huawei’s involvement in any new ultra-fast 5G mobile broadband networks, while a number of other countries (including some of those across Europe) are actively considering a ban. Here in the UK, both BT and Vodafone are reported to have suspended use of Huawei’s components in their active networks.

For their part, EE and Three have been reported as working with Huawei on developing their own 5G networks and now eagerly await the outcomes of a UK Government review – led by the Department of Digital, Culture, Media and Sport and encompassing comments made by the NCSC- that will let them know whether any involvement from Huawei will be possible going forward.

BBC business correspondent Rob Young has said on the news organisation’s website that the NCSC’s conclusion “will carry weight” with the Government, but points out that the review could still rule against Huawei.

The BBC also reports that a spokesperson for the Department of Culture, Media and Sport has said its analysis of the situation is “ongoing” and that: “No decisions have been taken. Any suggestion to the contrary is inaccurate.”

Huawei – which is the world’s biggest producer of telecoms equipment – has vehemently denied that its equipment presents any form of security risk, stating that the business “gives nothing to Beijing” other than taxes.

According to The Financial Times, the US National Security Agency has been sharing more information with allies and partners to underscore the potential risks involved, but several European countries – with the UK and Germany among them – haven’t been convinced that a ban is warranted.

Evidence of malicious activity

Robert Hannigan

Robert Hannigan

Robert Hannigan – the former head of GCHQ – recently wrote in The Financial Times that the NCSC had “never found evidence of malicious Chinese state cyber activity through Huawei” and that any “assertions that any Chinese technology in any part of a 5G network represents an unacceptable risk are nonsense”.

While the NCSC has made no direct comment on the report published in The Financial Times, the organisation has moved to reiterate earlier concerns about Huawei’s engineering and security capabilities. “As was made clear in July’s Huawei Cyber Security Evaluation Centre (HCSEC) oversight board, the NCSC has concerns around Huawei’s engineering and security capabilities. We have set out the improvements we expect the company to make. The latest annual HCSEC report will be published in the near future.”

Commenting on the news, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “Transparency is key on both sides. Foreign companies need to be more open in sharing information on critical equipment, while the UK Government needs to share its own concerns more specifically. Without this transparency, it becomes a perceived issue of trade rather than a security one.”

Hancock added: “Transparency doesn’t have to mean giving away Intellectual Property (IP). Properly protected IP should stand up to managed scrutiny. Further, it’s highly unlikely that we will be able to develop next generation technologies such as 5G mobile networks, autonomous vehicles or Artificial Intelligence systems without foreign technology. The UK simply doesn’t have the scale of investment or industry required.”

According to Hancock, there are other issues with 5G networks. “We treat telecommunications as if it were a utility like power or water. Faster speeds will lead to a greater reliance on telecommunications in our day-to-day lives, with more devices being connected than ever before. Adopting next generation technology will significantly increase the potential for data theft. On that basis, the telecoms companies need to be able to offer secure 5G services. For its part, the Government should play a key role in driving this.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts