Huawei deal with BT shows 'disconnect' over national security policy, MPs say

Chinese firm now 'embedded' in UK infrastructure

BT's decision to use Chinese telecoms firm Huawei to help build its 21st Century Network was a strategic misstep that has left the UK facing unquantifiable level of security risk, the influential Parliamentary Intelligence and Security Committee has said in a stinging rebuke to officials.

The picture painted by the Committee's report, Foreign involvement in the Critical National Infrastructure: The implications for national security, is one of considerable anxiety over Huawei.

Despite a charm offensive in recent times, the Chinese firm's financial structures were still too obscure, its board appointment policy unclear and involvement with the Chinese state open to question, the report said.

This is despite the normally suspicious GCHQ giving Huawei a positive assessment and the strenuous efforts of the Chinese firm to convince doubters of its good intentions, including founding the 'Cell', an assessment unit designed to examine its products for security issues.

However, the Committee noted, even the Cell's usefulness was open to doubt as it amounted to a self-policing initiative in which GCHQ merely had some input.

It should be a major priority for GCHQ to gain greater control and input into the working of the Cell unit, it said.

The report's authors were also hugely critical of the lax processes that allowed Huawei to tie up a major deal to supply communications equipment without there being adequate ministerial oversight. This had left Ministers "unsighted" on a topic of major national importance.

Huawei's equipment was first installed by BT in 2007 as part of its major 21st Century Network upgrade. The Chinese firm has since also supplied TalkTalk and Everything Everywhere or EE (formerly Orange and T-Mobile), as well as becoming a major investor in the UK.

The arguments raised by the controversial deal underlined a much larger issue, that of whether a free-market approach was compatible with investment in important national infrastructure such as communications.

What had been good commercially for BT in 2007 might not be good for the country as a whole in the longer term.

Huawei issued a statement defending its record.

"Prior to BT's selection of Huawei in 2005, Huawei was subject to a comprehensive audit across 11 different areas, including strategic development, management systems, corporate social responsibility and security management," it said.

"This detailed audit took two years and only when it had been completed did BT sign its first contract with Huawei. Since then, BT has continued to conduct a thorough annual evaluation of Huawei and after eight years of partnership, we have built a strong and mutually beneficial relationship with them."

The company noted GCHQ's endorsement and said that it received regular visits from UK security delegations.

"Any project that relates to UK Critical National Infrastructure (CNI) should be scrutinised carefully, especially in a climate where we are seeing advanced threats emerging every day," commented global security consultant and ex-Scotland Yard detective, Adrian Culley, of security firm Damballa.

"It is however, questionable that the 'cell' that is investigating Huawei's kit, which is run by Huawei employees, will add any value at all and give us a better insight into what's going on there," he said.

"It will be interesting in light of the forthcoming Sunnylands Summit this weekend whether the security concerns surrounding commercial entities emerging from a non-democratic communist state can ever be reconciled to the satisfaction of western democratic powers.

"Given China and the USA's mutual global reach and role in technology matters, we may have been in danger of sleepwalking into Cyber Cold War.

In the US, of course, Huawei has found itself on the receiving end of a mountain of suspicion at a time when the Chinese state and its proxies are routinely accused of conducting major espionage attacks against US firms.

In April, the US Government banned a clutch of agencies form buying equipment from Huawei or its fellow Chinese competitor, ZTE.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechBTsecurityParliamentintelGCHQ

More about BT AustralasiaCNIGCHQHuaweiOrangeT-MobileT-MobileZTE

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place