All the latest UK technology news, reviews and analysis


Government calls for stricter security controls between Huawei and GHCQ

17 Dec 2013
huawei-sign-logo

A review into security arrangements between Huawei and GCHQ for vetting the firm's telecoms kit in the UK has called for several changes, although it has dismissed many of the original concerns raised.

The report was conducted after major security concerns were raised earlier this year by the Intelligence and Security Committee (ISC). It was concerned that Huawei had been able to carve out a dominant position in the telecoms market without scrutiny.

This also led to fears that the Huawei Cyber Security Evaluation Centre (HCSEC, also known as the Cell) used to evaluate Huawei kit in the UK, was staffed by its own employees rather than GCHQ staff.

This led to a review of the working practices at the Cell and the relationship between Huawei and GCHQ, carried out by national security adviser Sir Kim Darroch. The report has now been published and, although no major issues came to light, several recommendations have been put forward.

These focused on formalising many of the currently informal working practices between the two organisations, such as when code and equipment is made available for checking. The report also said that senior staff at the Cell should be appointed with more direct input from GCHQ.

“GCHQ’s involvement in the future appointment of senior staff to HCSEC should be strengthened. At present, GCHQ have a power of veto over appointments through the security vetting process,” it said.

“The review recommends that, in future, GCHQ should lead and direct senior HCSEC appointments (in consultation with Huawei), in particular through chairing the selection panel.”

However, the report noted that although initial concerns focused on the amount of control Huawei has over the oversight of its own equipment, this is required given the complexities involved in accessing source code.

“Although the fact of HCSEC staff being employed by Huawei appeared to create conflicts of interest, it was, in reality, the best way of ensuring continued complete access to Huawei products, codes and engineers, without which HCSEC could not do its job,” it said.

“In particular, were HCSEC staff not to be Huawei employees, access arrangements would be complicated by Huawei’s non-disclosure agreements with its hundreds of third-party suppliers.

“Also, there would be a possibility of commercial risk or even liabilities for the taxpayer were GCHQ, in effect, to impose themselves between Huawei and the UK telecommunications market.”

Huawei said it welcomed the report and that it vindicated its own strategy in tackling cyber security. "We are pleased that the model of the UK Government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK," the firm said.

"Huawei believes it is only by working together internationally, as vendors, customers, policy and law makers, that the challenge of global cyber security can be met."

The UK's continued open-arms policy towards Huawei stands in stark contrast with other Western nations such as Australia and the US, which are far more wary of the firm given its close links to the Chinese government.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
20%
14%
4%
20%
30%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs Xperia Z2 home screen

Xperia Z2 vs Galaxy S5

We break down the strengths and weaknesses of the two Android heavyweights

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Junior Developer Hedge Fund C# WPF .Net - London

Junior Developer C# .Net - Mayfair Hedge Fund Junior...

IT Database Administrator (SQL)

Say hello to big brands & bigger career opportunities...

Magento Developer

Tile Mountain is a one stop online shop for all your...
To send to more than one email address, simply separate each address with a comma.