All the latest UK technology news, reviews and analysis


Government calls for stricter security controls between Huawei and GHCQ

17 Dec 2013
A sign with the Huawei logao

A review into security arrangements between Huawei and GCHQ for vetting the firm's telecoms kit in the UK has called for several changes, although it has dismissed many of the original concerns raised.

The report was conducted after major security concerns were raised earlier this year by the Intelligence and Security Committee (ISC). It was concerned that Huawei had been able to carve out a dominant position in the telecoms market without scrutiny.

This also led to fears that the Huawei Cyber Security Evaluation Centre (HCSEC, also known as the Cell) used to evaluate Huawei kit in the UK, was staffed by its own employees rather than GCHQ staff.

This led to a review of the working practices at the Cell and the relationship between Huawei and GCHQ, carried out by national security adviser Sir Kim Darroch. The report has now been published and, although no major issues came to light, several recommendations have been put forward.

These focused on formalising many of the currently informal working practices between the two organisations, such as when code and equipment is made available for checking. The report also said that senior staff at the Cell should be appointed with more direct input from GCHQ.

“GCHQ’s involvement in the future appointment of senior staff to HCSEC should be strengthened. At present, GCHQ have a power of veto over appointments through the security vetting process,” it said.

“The review recommends that, in future, GCHQ should lead and direct senior HCSEC appointments (in consultation with Huawei), in particular through chairing the selection panel.”

However, the report noted that although initial concerns focused on the amount of control Huawei has over the oversight of its own equipment, this is required given the complexities involved in accessing source code.

“Although the fact of HCSEC staff being employed by Huawei appeared to create conflicts of interest, it was, in reality, the best way of ensuring continued complete access to Huawei products, codes and engineers, without which HCSEC could not do its job,” it said.

“In particular, were HCSEC staff not to be Huawei employees, access arrangements would be complicated by Huawei’s non-disclosure agreements with its hundreds of third-party suppliers.

“Also, there would be a possibility of commercial risk or even liabilities for the taxpayer were GCHQ, in effect, to impose themselves between Huawei and the UK telecommunications market.”

Huawei said it welcomed the report and that it vindicated its own strategy in tackling cyber security. "We are pleased that the model of the UK Government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK," the firm said.

"Huawei believes it is only by working together internationally, as vendors, customers, policy and law makers, that the challenge of global cyber security can be met."

The UK's continued open-arms policy towards Huawei stands in stark contrast with other Western nations such as Australia and the US, which are far more wary of the firm given its close links to the Chinese government.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C#.Net Developer - C#.Net, SQL, VS2012

C#.Net Developer - , SQL, VS2012 We have an excellent...

Business Analyst (Financial Systems) - Milton Keynes - £55K

Business Analyst (Financial Systems) - £55K + 14% pension...

SQL Database Administrator - SQL DBA - Chippenham - £45K

SQL DBA - SQL Database Administrator - £45K + ON CALL...

Web Development Manager - Perl, PHP - Bedfordshire - £65K

Web Development Manager - Perl, PHP, Python - Bedfordshire...
To send to more than one email address, simply separate each address with a comma.