So, what's the real issue? Is it just poor security (as the report seems to suggest) or fear of Chinese government backdoors?
Huawei has not showed British government overseers a "credible plan" for dealing with security shortcomings flagged in a report issued last year, the technical director of the National Cyber Security Centre (NCSC) has said. Dr Ian Levy of GCHQ's cyber arm told the world’s press at a briefing that the Chinese network equipment …
In a sense they are the same - if a company has piss-poor software quality and no credible plan to fix it then you just know there are lots of known bugs waiting to be exploited.
In that sense the Chinese don't need to put in any "back door" code if the windows, air vents, gutters and skylight windows are secured by wet string (or your nearest equivalent) and are well known to their secret service.
"So, what's the real issue? Is it just poor security (as the report seems to suggest) or fear of Chinese government backdoors?"
They're looking for Chinese backdoors, but can't find any.
So they're grabbing on to any security flaw they can find to use as an excuse for blacklisting Huawei kit. Of course other vendors might or might not have similair security flaws, and should be getting the same in-depth scrutiny. And of course the REALLY pertinent security question is, are they looking for *American* backdoors in other vendors' kit?
"GCSB spy chief says no Five Eyes pressure in decision to block Huawei"
20 Feb, 2019 10:32am
"GCSB spy chief Andrew Hampton has given an assurance to MPs on the Intelligence and Security Committee that he was not pressured by Five Eyes intelligence partners in a preliminary decision about Spark's plans for the 5G network - effectively blocking Huawei"
By: Audrey Young, Political editor, NZ Herald
Well Audrey, and Dr GCHQ, UK half-in/half-out...probably fully-out in 40 days or so, CANADA arrests the daughter, AUSTRALIA bans the 'merch, AMERICA does what it likes, and NZ follows meekly with "no-pressure"
that's the 'truth', OK
Yeah, well, I don't know what definition of "no pressure" he was using. Something like this perhaps: "Andrew, look, no pressure buddy, but we think the boys in Langley would be really, really pleased if you banned f***ing Huawei. And really, really annoyed if you didn't."
Well I don't think I will rest until every single piece of UK telecomms / internet equipment is henceforth manufactured, to be as hard as nails, anywhere from, say, Wolverhampton northwards, in the factory of some fella by the name of e.g. Braithwaite, by folk that are all as hard as nails, with each item sporting a heavily embossed British Standards Kite mark on each side. That way we will now what we are dealing with.
“Huawei has not showed British government overseers a “credible plan” for dealing with security shortcomings flag[g]ed in a report issued last year” theRegister
How about hiring on someone full time to test the software for security vulnerabilities.
“The Royal United Services Institute, a military-themed think tank with close links to the government, described the use of Huawei network equipment in the UK as “at best naive, at worst irresponsible” in a paper it issued today. It based this conclusion on new Chinese laws that allow the Communist state to compel its citizens to co-operate with its spies.” theRegister
“The German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain's GCHQ eavesdropping agency. The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies.” Guardian
So....the other guys are "bad guys", but we wouldn't ever do any of that spying stuff!
More generally, western countries have subcontracted almost all computer manufacturing to China for many years......because it's CHEAPER than doing it at home. And now we have governments (responsible for industrial policy at home) whining because the Chinese have learned a thing or two from the outsourcing experience!!!
And this industrial policy point doesn't just apply to computers and electronics. Take a day off and visit the excellent RAF Museum in Cosforth. I enjoyed my visit, and while I was there counted at least ten brands of British aircraft (built in the UK)....now long gone -- Gloster, English Electric, Short Brothers, Hawker, Fairey, de Havilland, Avro, Vickers, Bristol, Supermarine.....
So when it comes to industrial policy, CHEAP or CONVENIENT seems to trump SELF-SUFFICIENCY. And afterwards (and maybe a LONG TIME afterwards) we get the pathetic whining when the policy comes back to bite us......as with Huawei!!
It turns out the report highlights issues with Huawei's engineering processes, use of old software here and there, code equivalency errors, etc.. this is at worst, sloppy. Some western companies have been found to be in a worse state in the past yet no-one cared. Huawei must get its house in order no doubt, but if anything these items represent risks which must be mitigated to the degree required by each end user/consumer/customer. No other company in the industry is remotely required to undergo the level of scrutiny these guys are. Is there a risk that a multi-billion dollar with double-digit growth YoY company would risk its entire future in exchange for spying for the Chinese gov? well yes, in the same way there's a risk a c*ck-shaped meteorite lands on my backyard right this instance and saves me from having to hear the USA contingent look stupid at MWC trying to dig out dirt on these guys.
Facebook has been found to allow companies to mass download and exploit user data, Purestorage settled a lawsuit with EMC for IP theft a few years back, US telcos have just been found guilty of selling location information to bounty hunters.. you get the picture, there are no saints.
Control the guys? yes. Keep a short leash on them? yes. Exclude from 5G overall? sounds stupid. Exclude from CNI/secret gov/GCHQ stuff? of course. IT's called common sense.
Biting the hand that feeds IT © 1998–2022