UK cyber security chief says Huawei risk can be managed
UK ministers deciding on Chinese company’s involvement in future 5G networks
The UK has warned Huawei that it needs to improve its cyber security standards and software engineering. Photograph: Reuters
One of the UK’s most senior intelligence chiefs has said he is confident British cyber security authorities can manage any risk posed by the Chinese telecoms group Huawei if UK ministers decide to give the company the go-ahead to get involved in future 5G networks.
In a speech in Brussels, Ciaran Martin, the chief executive of the UK’s National Cyber Security Centre, part of signals intelligence agency GCHQ, said that despite concerns over espionage and disruption raised by US intelligence, he believed that strict controls and oversight could offset the risks.
“Our job is to make sure that the government can be confident that behind whatever decision it takes, there will be a technical framework that works and a competent national authority that knows what it is doing,” Mr Martin told the CyberSec conference.
His comments come after it was reported at the weekend that British intelligence officials had concluded that the risks to the UK from using Huawei equipment could be mitigated. A final decision will be taken by UK ministers following the conclusion of a government review of the telecoms market in the spring.
Mr Martin set out three pre-conditions that needed to be adopted by all telecoms suppliers to ensure future 5G networks are safe from cyber attack, including “sustainable diversity in the 5G supplier market”, meaning the UK should not be reliant on one provider.
But he also reiterated the UK’s warning to Huawei that it needed to improve its cyber security standards and software engineering if it is to be allowed to continue to provide kit to British telecoms suppliers in the future.
A report by the UK’s Huawei oversight board, which is led by the NCSC, downgraded the level of assurance it had in the Chinese company last year with a new report expected to be even more critical of software engineering.
“We will monitor and report on progress and we will not declare the problems are on the path to being solved unless and until there is clear evidence this is the case,” he said.
In a phone call with journalists after Mr Martin’s speech, the NCSC’s technical director Ian Levy added that Huawei had as yet not produced “a credible plan” to resolve those problems. The apparent lack of action from Huawei comes despite the Chinese company pledging to spend £2 billion (€2.3 billion) during the next five years to address those concerns.
Mr Martin’s assurances over the risks posed by Huawei’s 5G equipment stand in stark contrast to the view of the US and two of the UK’s other key allies in the Five Eyes intelligence sharing network, Australia and New Zealand.
With Huawei already banned from the US telecoms networks, American security chiefs and policymakers have been pressing Washington’s allies and European partners to follow suit, amid concerns that the company could be used to spy on western countries.
New Zealand and Australia have blocked or banned some of their telecoms companies from using Huawei in 5G.
Following his speech Mr Martin insisted the cyber security partnership between the UK and the US was “strong and growing”.
The NCSC’s verdict does, however, potentially place the relationship under strain and could give other European countries such as Germany and France the confidence to allow Huawei to provide 5G technology.
A report published on Wednesday by the Royal United Services Institute, a UK defence think-tank, also undermined Mr Martin’s assertions. The author Charles Parton, a former British diplomat and Beijing specialist, concluded the British government should take a more hawkish position. “Allowing Huawei’s participation [in UK 5G networks] is at best naive, at worst irresponsible,” said Mr Parton.
Huawei did not immediately respond to a request for comment. – Copyright The Financial Times Limited 2019