Home
 » ISP News » 
Sponsored Links

UK Intelligence Committee Raises Security Fears over BT and Chinese Kit

Friday, Jun 7th, 2013 (9:29 am) - Score 1,158

The government’s Intelligence and Security Committee (ISC) has today published its report on foreign involvement in the UK’s Critical National Infrastructure (CNI), which warns that BT’s deployment of broadband ISP and telecoms equipment supplied by Chinese firm Huawei could have “implications for national security“.

Both the USA and Australia have controversially banned the use of Huawei’s and or ZTE’s telecoms equipment over concerns that it could be used to spy on domestic communications or for future cyber-attacks. Other countries, such as Canada and a few European states, have also raised similar fears.

Advertisement

But unlike those countries the United Kingdom has embraced Huawei, which was founded in 1987 by Ren Zhengfei (former officer of the People’s Liberation Army), and other Chinese telecoms firms. Huawei supplies related equipment to BT, O2, TalkTalk, EE and Three UK among others.

In particular BT, which is responsible for large parts of the UK’s telecommunications infrastructure, embarked on a major “£10bn rationalisation and upgrade project” (i.e. their 21st Century Network) in 2003 that involved a significant contract with Huawei to supply some of the needed transmission and access equipment (e.g. routers).

At the time BT said that takes a “risk-management approach on the use of components from Huawei” and saw “no need to change our position” following the banning of related equipment elsewhere (here). The operator added that it works closely with each of their suppliers to “gain assurance through rigorous review that the security of the network is not compromised“.

Never the less today’s report warns of a potential “conflict between the commercial imperative and national security” and that the committee’s investigation had revealed a “disconnect between the UK’s inward investment policy and its national security policy“. In particular it noted that the government failed to properly investigate and check BT’s contract with Huawei, which was partly born out of an understandable desire to avoid damaging trade and diplomacy between the two countries.

Advertisement

ISC Statement

There was no justification for failing to consult Ministers about the situation when BT first notified officials of Huawei’s interest. Such a sensitive decision, with potentially damaging ramifications, should have been put in the hands of Ministers.

The handling of the BT/Huawei case highlights a number of weaknesses in the UK’s approach to deployment of equipment within the CNI. First, there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company.

Second, even where companies take the initiative to inform Government – as happened in the BT/Huawei case – there is no proper process for ensuring that Ministers are informed or consulted. The failure in this case to consult Ministers seems to indicate a complacency which was extraordinary given the seriousness of the issue.”

But what about Huawei’s actual equipment? Does it really have implications for the UK’s national security. A somewhat significant question mark has always existed over this point and Huawei has historically denied all of the allegations. Sadly the ISC’s report has no real answer and merely talks “theoretically” about the potential for China to “exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network“.

The UK Government’s Communications Headquarters (GCHQ) has previously said that “we are confident that the UK network has not been at risk… at any stage because of the mitigations that BT have had in place from the outset“.

But at the same time GCHQ also acknowledged that the “risk of unauthorised access cannot be entirely eliminated“, which is arguably true of any telecoms equipment no matter what its source. “It is just impossible to go through that much code and be absolutely confident you have found everything,” said GCHQ.

Likewise it would be impossible for every single piece of Huawei’s kit to be picked apart and forensically examined, prior to installation, in order to unequivocally prove that they weren’t a threat. So where do we go from here?

Advertisement

ISC Statement

It is this risk management approach that is key, and what the UK must focus on if it is to safeguard its national security without stifling free trade and innovation. Government must have a proper procedure for assessing the risks – as we have mentioned previously – and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”

On top of that one of GCHQ’s primary mitigation strategies was to setup the Cyber Security Evaluation Centre (The Cell) to examine Huawei’s equipment. But this facility, which has been staffed by security cleared UK personnel, is also funded entirely by Huawei and is only now approaching full functionality, over seven years after the BT contract was awarded.

But the ISC noted that the benefits of The Cell, and in particular its staffing, do not “outweigh the risks of Huawei effectively policing themselves“. The ISC now wants the National Security Adviser to conduct a substantive review of the effectiveness of the Cell as a “matter of urgency“. It also called for GCHQ to take-over The Cell’s running to prevent concerns “that a Huawei-run Cell is responsible for providing assurance about the security of Huawei products“.

Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.99
132Mbps
Gift: None
Sky UK ISP Logo
Sky £27.00
145Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £19.00
300Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (6053)
  2. BT (3649)
  3. Politics (2729)
  4. Business (2444)
  5. Openreach (2412)
  6. Building Digital UK (2336)
  7. Mobile Broadband (2157)
  8. FTTC (2086)
  9. Statistics (1914)
  10. 4G (1827)
  11. Virgin Media (1776)
  12. Ofcom Regulation (1591)
  13. Fibre Optic (1471)
  14. Wireless Internet (1464)
  15. 5G (1417)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon