UK cyber security chiefs at the National Cyber Security Centre (NCSC) have apparently stated that any potential risk posed by involving technology concern Huawei Technologies Co Ltd’s solutions in forthcoming UK telecoms projects “can be managed”. The NCSC’s assessment, initially reported in The Financial Times, has come to light in the wake of ongoing accusations from US authorities that Huawei’s products could be used by the Chinese Government for spying operations.
The US has been joined by Australia and New Zealand (who are also members of the anglophone intelligence alliance ‘Five Eyes’ aimed at co-operation in the sphere of signals intelligence) in effectively banning Chinese organisation Huawei’s involvement in any new ultra-fast 5G mobile broadband networks, while a number of other countries (including some of those across Europe) are actively considering a ban. Here in the UK, both BT and Vodafone are reported to have suspended use of Huawei’s components in their active networks.
For their part, EE and Three have been reported as working with Huawei on developing their own 5G networks and now eagerly await the outcomes of a UK Government review – led by the Department of Digital, Culture, Media and Sport and encompassing comments made by the NCSC- that will let them know whether any involvement from Huawei will be possible going forward.
BBC business correspondent Rob Young has said on the news organisation’s website that the NCSC’s conclusion “will carry weight” with the Government, but points out that the review could still rule against Huawei.
The BBC also reports that a spokesperson for the Department of Culture, Media and Sport has said its analysis of the situation is “ongoing” and that: “No decisions have been taken. Any suggestion to the contrary is inaccurate.”
Huawei – which is the world’s biggest producer of telecoms equipment – has vehemently denied that its equipment presents any form of security risk, stating that the business “gives nothing to Beijing” other than taxes.
According to The Financial Times, the US National Security Agency has been sharing more information with allies and partners to underscore the potential risks involved, but several European countries – with the UK and Germany among them – haven’t been convinced that a ban is warranted.
Evidence of malicious activity
Robert Hannigan – the former head of GCHQ – recently wrote in The Financial Times that the NCSC had “never found evidence of malicious Chinese state cyber activity through Huawei” and that any “assertions that any Chinese technology in any part of a 5G network represents an unacceptable risk are nonsense”.
While the NCSC has made no direct comment on the report published in The Financial Times, the organisation has moved to reiterate earlier concerns about Huawei’s engineering and security capabilities. “As was made clear in July’s Huawei Cyber Security Evaluation Centre (HCSEC) oversight board, the NCSC has concerns around Huawei’s engineering and security capabilities. We have set out the improvements we expect the company to make. The latest annual HCSEC report will be published in the near future.”
Commenting on the news, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “Transparency is key on both sides. Foreign companies need to be more open in sharing information on critical equipment, while the UK Government needs to share its own concerns more specifically. Without this transparency, it becomes a perceived issue of trade rather than a security one.”
Hancock added: “Transparency doesn’t have to mean giving away Intellectual Property (IP). Properly protected IP should stand up to managed scrutiny. Further, it’s highly unlikely that we will be able to develop next generation technologies such as 5G mobile networks, autonomous vehicles or Artificial Intelligence systems without foreign technology. The UK simply doesn’t have the scale of investment or industry required.”
According to Hancock, there are other issues with 5G networks. “We treat telecommunications as if it were a utility like power or water. Faster speeds will lead to a greater reliance on telecommunications in our day-to-day lives, with more devices being connected than ever before. Adopting next generation technology will significantly increase the potential for data theft. On that basis, the telecoms companies need to be able to offer secure 5G services. For its part, the Government should play a key role in driving this.”