Defending our Data: Huawei, 5G, and the 5 Eyes
"Therefore, we must conclude the engagement of Huawei presents a potential security risk to the UK. The key question that follows is can that risk be sufficiently mitigated to render it negligible?" Sir Richard Dearlove
The first major report into the Government’s proposed 5G solution has dismissed mitigation strategies relied upon to justify the decision as “no solution at all”. Last night, one of the report’s authors – Conservative MP, Bob Seely – warned that Huawei “risks becoming a cyber-Hydra” and warned the assurances relied upon by the Government were “insufficiently robust to justify the associated risks.”
In a strongly worded foreword to the report, the former Chief of MI6, Sir Richard Dearlove, branded the Government’s strategy a risk “we simply do not need to take”. Dearlove calls on the Government to “reconsider the Huawei decision” and not to “worry about giving offence to China” or “be influenced by the threat of the economic cost”.
Defending our Data: Huawei, 5G and the Five Eyes, is authored by Bob Seely MP, Dr Peter Varnish OBE, a former Government security adviser, and Dr John Hemmings, of the Henry Jackson Society.
The report studies the components the Government proposes to limit Huawei’s involvement to and finds that:
- UK cyber experts could not find Trojan Horses within the hardware even if they searched for them. There are documented cases where governments have searched for such Trojans and still not found them all after two years of searching.
- UK cyber experts would not be able to remove such security flaws using conventional antivirus software, even if they did find them.
- If a third-party introduced such malicious code, Huawei itself would have trouble removing it because its engineering product cycle is not consistent.
The report recommends that the Government ‘blocks’ Huawei from participation in the UK’s 5G network unless any subsidiary can ‘prove a very high degree of insulation’ from the parent company. The report also calls upon the Government to adopt the risk assessment protocols outlined in the Prague Proposals and to bring forward legislation outlined in the 2018 national security white paper from BEIS.
Featuring chapters by American, Australian and Canadian authors including retired General Robert Spalding who considered 5G proposals for the U.S. National Security Council, the report finds that the Government’s definition of risk is to all intents and purposes “so narrowly defined as to be useless” and it is “unclear” what damage the decision could do the five-eyes intelligence-sharing relationship.
Other findings within the report that have been previously reported include that Huawei’s ownership structure leaves its claims to be a private company “highly questionable”. The report also finds that so-called MIMO antennas used in 5G are vulnerable to signal blocking through software updates.
(Inc. UK P&P)