Home
 » ISP News » 
Sponsored

UK Intelligence Committee Raises Security Fears over BT and Chinese Kit

Friday, June 7th, 2013 (9:29 am) - Score 1,025
spying on uk ISP internet traffic

The government’s Intelligence and Security Committee (ISC) has today published its report on foreign involvement in the UK’s Critical National Infrastructure (CNI), which warns that BT’s deployment of broadband ISP and telecoms equipment supplied by Chinese firm Huawei could have “implications for national security“.

Both the USA and Australia have controversially banned the use of Huawei’s and or ZTE’s telecoms equipment over concerns that it could be used to spy on domestic communications or for future cyber-attacks. Other countries, such as Canada and a few European states, have also raised similar fears.

But unlike those countries the United Kingdom has embraced Huawei, which was founded in 1987 by Ren Zhengfei (former officer of the People’s Liberation Army), and other Chinese telecoms firms. Huawei supplies related equipment to BT, O2, TalkTalk, EE and Three UK among others.

In particular BT, which is responsible for large parts of the UK’s telecommunications infrastructure, embarked on a major “£10bn rationalisation and upgrade project” (i.e. their 21st Century Network) in 2003 that involved a significant contract with Huawei to supply some of the needed transmission and access equipment (e.g. routers).

At the time BT said that takes a “risk-management approach on the use of components from Huawei” and saw “no need to change our position” following the banning of related equipment elsewhere (here). The operator added that it works closely with each of their suppliers to “gain assurance through rigorous review that the security of the network is not compromised“.

Never the less today’s report warns of a potential “conflict between the commercial imperative and national security” and that the committee’s investigation had revealed a “disconnect between the UK’s inward investment policy and its national security policy“. In particular it noted that the government failed to properly investigate and check BT’s contract with Huawei, which was partly born out of an understandable desire to avoid damaging trade and diplomacy between the two countries.

ISC Statement

There was no justification for failing to consult Ministers about the situation when BT first notified officials of Huawei’s interest. Such a sensitive decision, with potentially damaging ramifications, should have been put in the hands of Ministers.

The handling of the BT/Huawei case highlights a number of weaknesses in the UK’s approach to deployment of equipment within the CNI. First, there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company.

Second, even where companies take the initiative to inform Government – as happened in the BT/Huawei case – there is no proper process for ensuring that Ministers are informed or consulted. The failure in this case to consult Ministers seems to indicate a complacency which was extraordinary given the seriousness of the issue.”

But what about Huawei’s actual equipment? Does it really have implications for the UK’s national security. A somewhat significant question mark has always existed over this point and Huawei has historically denied all of the allegations. Sadly the ISC’s report has no real answer and merely talks “theoretically” about the potential for China to “exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network“.

The UK Government’s Communications Headquarters (GCHQ) has previously said that “we are confident that the UK network has not been at risk… at any stage because of the mitigations that BT have had in place from the outset“.

But at the same time GCHQ also acknowledged that the “risk of unauthorised access cannot be entirely eliminated“, which is arguably true of any telecoms equipment no matter what its source. “It is just impossible to go through that much code and be absolutely confident you have found everything,” said GCHQ.

Likewise it would be impossible for every single piece of Huawei’s kit to be picked apart and forensically examined, prior to installation, in order to unequivocally prove that they weren’t a threat. So where do we go from here?

ISC Statement

It is this risk management approach that is key, and what the UK must focus on if it is to safeguard its national security without stifling free trade and innovation. Government must have a proper procedure for assessing the risks – as we have mentioned previously – and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”

On top of that one of GCHQ’s primary mitigation strategies was to setup the Cyber Security Evaluation Centre (The Cell) to examine Huawei’s equipment. But this facility, which has been staffed by security cleared UK personnel, is also funded entirely by Huawei and is only now approaching full functionality, over seven years after the BT contract was awarded.

But the ISC noted that the benefits of The Cell, and in particular its staffing, do not “outweigh the risks of Huawei effectively policing themselves“. The ISC now wants the National Security Adviser to conduct a substantive review of the effectiveness of the Cell as a “matter of urgency“. It also called for GCHQ to take-over The Cell’s running to prevent concerns “that a Huawei-run Cell is responsible for providing assurance about the security of Huawei products“.

Delicious
Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
7 Responses
  1. dragoneast

    So if it was referred to Ministers, with no evidence either way, they could have done what, exactly? I know security = paranoia. So where does that get us? Let’s eavesdrop, monitor and intercept communications, and slow everything down until the politicians and their bureaucrats can keep up.

  2. Ignitionnet

    This is silly. A UK provider of equipment could just as easily be bribed to introduce vulnerabilities or do so for their own commercial reasons.

    Following the same paranoia as the USA.

  3. dragoneast

    It seems anyway that GCHQ (who presumably as the County’s security agency have access to the appropriate expertise) have been satisfied. But no, as usual, the politicians know better than the experts. They don’t. Big heads with nowt between the ears.

  4. cyclope

    Could be that some lobbying is going on, yet another cash for questions case mmm, maybe some greedy MP or MP’s have their noses in the trough again

  5. Nilsatis

    Whatever next a UK government using a foreign governments programe to avoid legal process so to snoop around its own citizens.

  6. keith

    Load of old waffle if they are that concerned they are going to have to ban mobile phones entirely…
    1)Because most are made in China (Including iphones)
    2)The firms huawei, zte etc are some of the biggest here in the UK even the world with mobile phones on various networks often branded by the operator name and then a silly device name (EG Orange San Francisco) all made by them.

    Even more funny Trendnet a USA firm based in California which has had devices made in china also had a major security flaw in some of their gear recently where if you had a web cam anyone could access it. I guess that was ok though as it was a USA firm LOL and the UK powers love to lick presidential ass.

    Once again the Luddites that run things have no clue

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £18.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: CHRISTMAS18
  • Onestream £19.95 (*34.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.50
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • Vodafone £23.00 (*25.00)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2290)
  2. FTTP (1755)
  3. FTTC (1521)
  4. Broadband Delivery UK (1491)
  5. Openreach (1234)
  6. Politics (1227)
  7. Business (1093)
  8. Statistics (965)
  9. Mobile Broadband (886)
  10. Fibre Optic (881)
  11. FTTH (819)
  12. Ofcom Regulation (813)
  13. Wireless Internet (807)
  14. 4G (768)
  15. Virgin Media (742)
  16. Sky Broadband (546)
  17. TalkTalk (525)
  18. EE (508)
  19. Vodafone (397)
  20. Security (371)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules