[ad_1]
Security concerns but no evidence of spying on Chinese vendor, says UK cyber spy chief
The risks badociated with using the Huawei kit in 5G telecommunication networks can be managed, according to UK cyber security officials.
Ciaran Martin, chief executive of the UK's National Cyber Security Center (NCSC), the insurance division of GCHQ, told reporters Wednesday that the NCSC had seen no evidence of malicious acts of Huawei, even though they remained on the lookout.
"I would have to report it if there was evidence of malicious intent on the part of Huawei but we have not done so yet," said Martin, adding that a recent alert on cyber espionage allegedly sponsored by the Chinese state relied on low corporate security rather than on backdoors in any telecom kit.
Last year, the NCSC publicly attributed to Russia certain attacks on British networks, including telecommunication networks.
"As far as we know, these networks did not have a Russian kit in them, anywhere else," Martin told delegates at the CyberSec conference in Brussels, Belgium.
"The techniques used by the Russians to target these networks were looking for weaknesses in their architecture and operation."
"Of the 1,200 or so major cybersecurity incidents managed by NCSC since its inception, the country of origin of the providers is not among the major sources of concern in the manner in which these attacks are carried out," he said. he added.
Huawei 5Eyes
The closest British intelligence partners, including the United States, Australia and New Zealand, had banned the use of the Huawei Kit in critical national infrastructure networks for fear that the supplier could not help spying on China.
Huawei allegedly attempted to steal trade secrets from telecommunications service providers and equipment suppliers through an employee bonus program and other summary tactics. When asked about this, Martin said the issues surrounding the criminal charges against Huawei should be referred to the US authorities.
The UK has strict controls over the deployment of Huawei's technology. For example, Huawei's telecommunications equipment is not approved for use in UK government networks.
A technology center made up of NCSC workers has access and checks Huawei equipment, a regime that does not exist for Huawei's rare 5G telecommunications equipment providers such as Cisco and Ericsson.
The scheme is arguably the toughest and most rigorous control in the world for Huawei, according to Martin.
Last July, the NCSC-led oversight committee downgraded the badurance that it had provided the UK government with mitigated risks badociated with Huawei due to "serious security and security process issues." d & # 39; engineering. "
These problems stemmed from failure to comply with best practices and cybersecurity standards rather than anything that was harmful.
Huawei has accepted these conclusions and proposed a "letter of intent" to improve its infoec over the next three to five years, but the NCSC has not yet seen a "credible plan" to address its concerns, according to NCSC Technical Director Ian Levy.
In response to a follow-up question on this point, Martin said the NCSC "will not compromise on improvements to be made by Huawei".
This does not look promising for Huawei, but one of the weaknesses comes from the need for the UK to make supplier diversity a selection criterion for the 5G kit.
Martin pointed out that there is still no UK decision on the deployment of 5G. This decision will be made by UK ministers at the conclusion of an ongoing review, which takes into account economic and service quality issues, as well as security issues.
"Everything is on the table," Martin concluded. "Unlike some reports, no decision has been made."
The 5G review conducted by the Department for Digital, Culture, Media and Sport (DCMS) is expected to be completed in the spring of this year.
More stringent cybersecurity standards across the telecom sector are needed, Martin added, adding that resilience was a key factor.
Independent experts have argued that the telecommunication equipment of any supplier should be thoroughly audited.
Brian Honan, infosec consultant and founder of the CSIRT of Ireland, commented"All equipment, not just Huawei's, must be evaluated and managed accordingly. Naïve to think that China could be the only nation-state to take advantage of domestic manufacturers of communications. "
A blog post by Ian Levy of NCSC, titled "Security, Complexity and Huawei; protection of UK telecommunications networks ", describes the Agency's approach to certification from a technical point of view.
RELATED UK plans to "manage" security risks for Huawei 5G
[ad_2]
Source link
