A report by the UK’s Intelligence Security Committee, a parliamentary body, has criticised what it sees as the lax manner in which China’s Huawei was allowed to get “embedded” in the UK’s critical national infrastructure (CNI).
While the committee finds no evidence that Huawei has been guilty of any cyber espionage or wrongdoing, the report is particularly scathing about lack of government communication that meant ministers didn’t know, until at least a year afterwards, that BT had awarded the Chinese supplier a contract for access and transmission equipment in 2005.
Huawei has subsequently become a supplier to other UK operators, including mobile players O2 and EE.
In the committee’s report, referring to the BT/Huawei relationship that began nearly ten years ago, it notes that the “the process for considering national security issues at that time was insufficiently robust”.
The report goes on to say that the committee was “shocked that officials chose not to inform, let alone consult, ministers on such an issue”.
Perhaps the committee’s most damning criticism is when it says that it’s still “not convinced that there has been any improvement since then in terms of an effective procedure for considering foreign investment in CNI. The difficulty of balancing economic competitiveness and national security seems to have resulted in stalemate. Given what is at stake, that is unacceptable.”
The Chinese supplier has made various attempts at alleviating security concerns. One measure was to pay for the Cyber Security Evaluation Centre, or the Cell, which opened in 2010, where equipment can be tested.
But even here the committee is critical. “We question why the Cell is only now approaching full functionality, over seven years after the BT contract was awarded,” says the report. “Given these delays and the lack of evidence so far that it will be able to provide the level of security assurance required, we recommend that the National Security Adviser conducts a substantive review of the effectiveness of the Cell as a matter of urgency.”
The UK security committee’s report is an unwelcome development for Huawei, coming after setbacks in the US and Australia.
In the US, the House Permanent Select Committee on Intelligence (HPSCI) recently published a scathing assessment of Huawei’s reliability in an ‘Investigative Report on the US National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE’. Their report concluded that “the risks associated with Huawei and ZTE’s provision of equipment to US critical infrastructure could undermine core US national-security interests”.
Moreover, the Australian Government has decided, reportedly on national security grounds, to exclude Huawei from involvement in their National Broadband Network, a similar upgrade project to that being pursued in the UK by BT.
Most of the concerns surrounding Huawei, says the UK’s security committee, relate to its perceived links to the Chinese State. And as the committee noted in its last Annual Report, 20 per cent of detected cyber attacks against UK interests demonstrate levels of sophistication which indicate that they are more likely to be state-sponsored, or related to organised crime. China, says the committee, is suspected of being one of the main perpetrators of State-sponsored attacks, which are focused on espionage and the acquisition of information.
“In this context,” notes the report, “the alleged links between Huawei and the Chinese State are concerning, as they generate suspicion as to whether Huawei’s intentions are strictly commercial or are more political.
For its part, however, Huawei strenuously denies that it has direct links with the Chinese Government or military, claiming that it receives no financial support from the Chinese Government and that it is 98.6 per cent owned by its employees. Nevertheless, maintains the report, “there is a lack of clarity about its financial structure”.
Huawei employs 650 people in the UK and plans to increase this to 1,350 over the next five years.