Should the UK share US fears over Chinese tech firms?

By Sooraj Shah, Stuart Sumner
15 Oct 2012 View Comments
huawei-on-chineseflag

"Cyber security is not just a matter for government, and industry has a key responsibility to ensure that their products are suitably secure and robust for use. CESG [the Information Assurance arm of GCHQ] on behalf of HMG, has worked with Huawei in establishing the Cyber Security Evaluation Centre in the UK," it said.

Further reading

A cynic might suggest that GCHQ is preparing its scapegoat, should things go wrong.

US security vendor RSA's executive chairman Art Coviello told Computing that it's important not just to understand the company, but its supply chain.

"In any instance where you're going to implement technology, you have to have the ability to understand the supply chain and how the supply chain might have been compromised. That doesn't have to be Huawei, that's just an issue with any supply chain."

Smith countered that the UK does indeed understand Huawei's supply chain, as it has been working with the firm since 2010. He echoed Huawei's own statement from 2010 on the matter.

"The evaluation centre is there to assure our end-to-end equipment: both hardware and software solutions will be tested in the centre to ensure its ability to withstand growing cyber security threats," it said at the time.
Smith added that to maintain and build confidence in the UK's infrastructure, overseas suppliers must meet very robust and stringent security standards.

"Companies have to meet those standards in order to be able to gain access to our competitive markets, now that's across the board whether it's in telecoms, IT or anything else - we work with companies closely to reduce and manage the threats to our networks and will continue to do that," he said.

Meanwhile, mobile operator EE, whose 4G network is to be powered by Huawei, admitted that it has not seen the US report, but issued a statement to clarify the security process it undertook with the Chinese firm.

"We have a rigorous security process in place that ensures all our partners and work undertaken by them meets our required standards. Huawei, a globally trusted and respected company, underwent a stringent security check and agreed to a specific set of security requirements before being selected to work with EE in May 2011 on the installation and upgrade of our ‘4G ready' 2G network infrastructure," the statement said.

Smith concluded by saying that the government takes security and the integrity of all equipment used by government and the public sector very seriously.

"It's very important for us to maintain public and business confidence across national and indeed international networks," he said.

Despite these assurances, many still question the wisdom of allowing a Chinese firm with close ties to the Beijing government to supply the backbone of the UK's communications infrastructure. The US government certainly views it as a risk not worth taking. The Coalition, however, appears to be satisfied that it has taken the necessary precautionary measures, and has so far found nothing sufficient to prevent it from doing business with Huawei.

As ever, the proof will be in the pudding. Huawei has got to be where it is today by delivering good technology at a highly competitive price. Should its equipment eventually prove to be free from bugs (the secretive, listening kind), malware and back-doors, then Cameron and his government will point to a cost-effective contract that other countries were too xenophobic to take advantage of.

But should diplomatic ties between China and the West nosedive, and evidence of the leakage of sensitive information from the UK come to light, then the blame game with start.

For its own part, Huawei itself needs to find a way to satisfy international partners that its intentions are honest, or it will find itself increasingly excluded from high-value and high-profile national infrastructure projects.
While Zhengfei, with his ties - real or perceived - to the Chinese state, remains CEO, it may find that to be an uphill struggle.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 9 - what do you want?

What would your business require from Windows 9 "Threshold" to make it an attractive proposition?

35 %
5 %
10 %
6 %
44 %