2 Comments

Summary:

The UK’s national security advisor is to check whether it’s smart to have Huawei staff test Huawei equipment for security loopholes. When even the head of the ITU says we’re in a state of cyberwar, you can see why.

Huawei engineer equipment factory

Huawei has a facility in the United Kingdom called the “Cell,” in which the Chinese telecom equipment manufacturer’s products are tested to make sure they don’t have any nasty backdoors for the benefit of the Chinese military. Last month, a parliamentary committee issued a damning a report into the arrangement, noting that the Cell is staffed by Huawei employees, not UK intelligence staff as you’d expect to be the case.

Bear in mind that Huawei’s kit has found its way into many major operators’ networks over the last decade, including that of the giant, BT. The UK is full of Huawei equipment, and the committee recommended that the government should maybe review what’s going on. On Thursday, the government agreed, tasking National Security Adviser Sir Kim Darroch with investigating the Cell. He will report back to the prime minister later this year.

That said, the government added that its work with Huawei and its UK customers “gives us confidence that the networks in the UK that use Huawei equipment are operated to a high standard of security and integrity.”

The government also agreed with the committee’s assessment that, in millions of lines of code, you can’t be sure you’re going to find the loophole. This is why the Cell forms part of a risk mitigation strategy rather than being a sure-fire backdoor finder – you will note that the United States and Australia have avoided the risk entirely by simply barring Huawei from their critical national infrastructure.

Perspective shift

When I last covered the UK’s Huawei fears, the PRISM scandal was only about to break. When it did break, one of my first thoughts was, “I bet Huawei’s besieged public relations staff are having a wry chuckle right now.” Thanks to Edward Snowden and the aftermath of his revelations, we now have a clearer picture of the international cybersecurity landscape.

Is China using Huawei and ZTE equipment as a way to infiltrate or seize control of western networks? I don’t know – let’s err on the side of caution while recognizing the potential. It’s not like we don’t do similar things: just look at the U.S. Communications Assistance for Law Enforcement Act (CALEA), which obliges network equipment vendors to install backdoors so that U.S. agencies can tap VoIP calls and other communications.

If we’re going to be fair about it, that should make U.S.-made equipment less attractive around the world than Huawei’s is. After all, we know about CALEA for a fact, while any theories about Chinese tactics are purely speculative at this point.

Cyberwar (but don’t panic)

The fact is, we are in a state of low-level global cyberwar, where the identities of the actors and their alliances remain frustratingly cloudy. I wouldn’t call it anything to panic about, but it’s a reality worth keeping a cautious eye on – the glimpses we’ve seen so far have been both technically fascinating and fundamentally worrying.

For example, the U.S. and Israel attacked Iranian nuclear facilities with the Stuxnet worm/weapon in 2010. China may have flexed its muscles by causing blackouts in the U.S. as far back as 2003 and the country remains, shall we say, highly active. Then there’s the NSA’s PRISM and the UK’s global wiretapping endeavor, Tempora, and you can throw in Anonymous if you want to spice things up further.

“There is a cyberwar going on… Just like a conventional war, there are no winners, only destruction,” Hamadoun Touré, the head of UN telecommunications agency the ITU, said earlier this week. Touré also made another good point: there are no superpowers in this game, because cyberwar’s barrier to entry is pretty low.

So yes, it does make sense for the UK authorities to be suspicious about the Cell, and I hope they look into it properly. I have no doubt that the Chinese closely inspect all U.S. and UK telecommunications products that are sold in China, and again they are smart to do so. If Snowden taught us anything, it’s that the moral high ground remains vacant.

UPDATE (9am PT): Michael Hayden reportedly said on Thursday that Huawei definitely spies for the Chinese government. His words carry weight – he’s the only guy to have headed up both the NSA and the CIA.

  1. Hilarious, inviting the big bad wolf to protect the sheep.

    The difference to a backdoor is that CALEA is well defined and public. That the FBI is passing on information from “lawful intercept” possibly unlawfully on the backend to the NSA is a different story. In any case, CALEA does not have the ability to manipulate configurations on devices or tap into encrypted IPsec or SSL links. (Of course, anything is possible with the right effort, but this again narrows the scope of surveillance to selected targets.)

    With Huawei I would not be so sure about this – as a government, service provider, or Fortune 500 I would never risk having Huawei in my network for that reason. There might be a larger reason why Huawei is allegedly undercutting its own production cost. Who knows – it becomes part of a risk assessment at this point. In any case, I would kind of trust my NATO allies a bit more to be friendly.

    Share
  2. Reblogged this on Huawei site and commented:
    Don’t forget Max Battery Booster: https://play.google.com/store/apps/details?id=com.faygroup.maxbatterybooster

    Share

Comments have been disabled for this post