NCSC Boss: Huawei Security Concerns Aren’t About China

NCSC Boss: Huawei Security Concerns Aren’t About China

The boss of the UK’s National Cyber Security Centre (NCSC) has said it needs to see cybersecurity improvements from Huawei, but appeared to brush off concerns of a more hostile threat from China.

Speaking at the CyberSec event in Brussels yesterday, Ciaran Martin, explained that the UK has “arguably the toughest and most rigorous oversight regime in the world” for the Chinese telecoms kit maker.

That comes in the form of a Huawei Cyber Security Evaluation Centre (HCSEC) paid for by the firm but staffed in part by members of GCHQ, where equipment is rigorously tested.

“And it is proving its worth. Last July, our annual Oversight Board downgraded the assurance we could provide to the UK government on mitigating the risks associated with Huawei because of serious problems with their security and engineering processes,” said Martin.

“As we said then, and repeat today, these problems are about standard of cybersecurity; they are not indicators of hostile activity by China.”

That would seem to come at odds with a US stance increasingly opposed to the Shenzhen giant on national security grounds. The fear is that under new security laws, Beijing could force the firm to spy on its customers — although founder Ren Zhengfei has said he would defy such demands.

These concerns are shared by Australia, which has also banned the firm from its 5G network programs, while the two other Five Eyes nations — Canada and New Zealand — are still deciding.

The UK government has yet to formally decide on the matter, although reports earlier this week claimed GCHQ had given the green light to the firm, despite the “serious problems” found by HCSEC.

Yet the NCSC’s technical director, Ian Levy, was less optimistic. “As of today, we have not seen a credible plan [to address the issue]. That's the reality of the situation, unfortunately,” he’s reported as saying.

A new report from leading defense think tank RUSI yesterday warned that allowing Huawei to participate in building the UK’s critical 5G infrastructure “is at best naive, at worst irresponsible.

“It is far easier to place a hidden backdoor inside a system than it is to find one. In the likely, but unacknowledged, battle between Chinese cyber attackers and the UK’s Huawei Cyber Security Evaluation Centre, the advantage and overwhelming resources lie with the former,” it continued.

The report also argued that, despite Ren’s claims, Huawei would have little choice but to comply with any official requests coming from the Chinese government.

Source: Information Security Magazine