The British spy agency provides a scathing assessment of the security risks posed by Huawei



[ad_1]

The British government has issued a scathing assessment of the security risks posed by the Chinese telecommunications company Huawei to British telecommunication networks, while London questions whether US calls to ban the company from evading the next 5G network generation fear to allow spying the Chinese government and potential cyberattacks.

This is the second year in a row that the government's communications headquarters, or GCHQ – the British spy agency – has identified serious problems. This year, officials said they discovered "other important technical issues" in the company's engineering processes, as well as in "problems with" Huawei software, "generating new risks" in British telecommunication networks 4G.

More worrisome, the spy agency, which oversees a center that checks Huawei hardware and software against security bugs and vulnerabilities, said it could only provide "that". limited assurance "that long-term risks to national security could be managed in Huawei's deployed equipment in Britain. , and that it will be "difficult" to manage the risk of future products until the current defects are corrected.

The United States has assembled the press in its entirety to urge partners around the world not to include Huawei in their 5G network in the coming years. National security officials said Huawei's ties with the Chinese government, as well as recent Chinese laws requiring Chinese companies, where appropriate, to assist the government in intelligence gathering, as well as allegations intellectual property theft, make it an untrustworthy seller – one whose access to telecommunication networks could open the door to espionage or perhaps, even worse, to disruptive operations.

READ MORE:
* Spark's 5G aspirations became a pawn in the East and West in the Battle of Huawei
* Spark turns to Britain to find the next clue in solving the Huawei puzzle
* UK recognizes Huawei as "manageable risk" – difficult conclusion in New Zealand

The UK GCHQ report did not focus on the Chinese state, but on the engineering and software failures of the machinery manufactured by Huawei, the world's largest manufacturer of telecom equipment . The company has been present in the UK telecommunications network since 2003.

GCHQ officials also seemed to offer Huawei some leeway, concluding that "Huawei's transformation plan" to solve his problems "could in principle be successful," and quoted Huawei's estimate of three at five years old. However, the government would require evidence of "lasting change," they said.

The intelligence agency oversees the Huawei cybersecurity assessment center, or "cell," a facility located in Oxfordshire and owned by Huawei. The center employs Huawei staff, but is managed by the GCHQ. Its findings are advisory and the role of the supervisory board is not to decide whether Huawei should be excluded from the networks.

Nevertheless, his findings are likely to influence the 5G strategy announced by the British government this spring. The new 5G network is designed to be up to 100 times faster than the current 4G system, powering autonomous cars, smart cities, more efficient and potentially deadly military operations, but also raising new concerns concerning cybersecurity and the espionage of networks.

"The atrocious conclusion of this report should make any country think that would consider using Huawei for 5G," said James Lewis, expert on cyber policy at the Center for Strategic and International Studies. It's quite overwhelming for the UK, which has done more than any other way to reduce the risks associated with using Huawei, to say that it can only manage the risk associated with it. Use of future Huawei products. "

The United States has been campaigning against the use of Huawei for security reasons.

ANDY WONG / AP

The United States has been campaigning against the use of Huawei for security reasons.

Last year, the US Congress banned Huawei and another Chinese company, ZTE, from US government networks and its subcontractors. Australia has effectively blocked Huawei and ZTE from its future 5G networks by asking telecommunication companies not to use providers "likely to be the subject of out-of-court instructions from foreign governments in conflict with the Australian law ". In New Zealand, the government's Communications Security Office rejected Spark's request to use Chinese telecommunications giant's 5G hardware because of a significant security "risk" for the network.

Britain is still in the process of deciding on its 5G strategy. The GCHQ report will inform the deliberations. The agency has presented options ranging from a total ban to companies such as Huawei to various mitigation techniques. A decision from other ministries and the Prime Minister is expected later this spring.

Matthew Green, computer scientist at the Institute for Information Security Johns Hopkins, said the GCHQ said in essence that "Huawei can not write software to save their lives." According to the report, the GCHQ can not even verify that the software running on its 4G LTE cell towers is actually the same software provided by Huawei for source code review.

A revision of the source code, he said, "is only valid if the source code being examined is actually the same code as that installed on the devices.This is a serious problem."

The report points to code duplication, in one case 70 copies of four different versions of OpenSSL software, one of the most commonly used types of software. "This is problematic because some older versions of OpenSSL have vulnerabilities, which means that cryptography might not be reliable," Green said.

Huawei officials have repeatedly defended their case, claiming that they have not and will never plant "back doors" in their products. However, the presence of serious software problems could make systems vulnerable to compromise even without a deliberate back door.

Currently, Huawei equipment is not used in the heart of the UK 4G network, in government networks or in sensitive systems that handle electricity, transportation or other critical functions.

[ad_2]
Source link