Huawei not a threat to UK says… Huawei Oversight Board (Wired UK)


Shutterstock


Huawei’s work in the UK is not a threat to national security — an
investigation commissioned by
a
 Huawei Oversight
Board has said.

The Chinese telecoms giant supplies equipment for national
infrastructure and to some of the UK’s biggest networks, including
BT, Sky and EE. In response to government concerns about security
— founded on either basic paranoia or the country’s history of alleged global cyber surveillance, depending on your
viewpoint — the Huawei Cyber Security Evaluation Centre
(HCSEC) was set up in Oxfordshire in 2010.

It was not long, however, before the ability of a Huawei-founded
centre to investigate Huawei was called into question; the news in
2013 that the tech giant would be opening a $200m (£125m) R&D
centre in the UK was followed by the government ordering an
independent investigation.

Cue the creation of the HCSEC Oversight Board. Despite
comprising, in part, Huawei employees, the Chinese firm says the
Oversight Board is impartial and not run by Huawei. This
is because it also comprises around 12 members of GCHQ staff,
government employees and independent members from industry. It is
also chaired by a GCHQ employee. Though his deputy works
for Huawei.

To allay any fears the Board commissioned Ernst and Young to
carry out an audit of HCSEC. The UK government has not provided
access to the final document, but we are assumed via a summary that
all is above board at the Oxfordshire centre. Snippets of quotes
provided by the Oversight Board can be vieweed  on the UK government website.

For their report Ernst and Young looked across multiple
departments, from finance and budgeting to personnel and programme
planning, and came to the conclusion that “there were no major
concerns about the independent operation of HCSEC”.

The auditors did flag up three “control weaknesses” within
HCSEC, however, though it apparently reached an internal verdict
“that each should formally be rated as ‘Low’ in terms of the
overall risk to HCSEC’s independence”.

Two of those three points related to bonus payments by Huawei
and internal budgeting processes (there were, to date, no formal
record of agreements with HCSEC contributors that could be
tracked). But it was promised that a change in policy would remedy
these.

The third point is the most interesting. At least four members
of staff were operating at the centre without Developed Vetting
clearance (the highest form of security clearance, involving
interviews and a review of personal finances), the report said,
though these staff did not have access to all parts of the
operation. It was initially flagged in the report in
context of HCSEC’s struggle to find employees with the necessary
cyber skills. The problem was compounded by difficulties in hiring
people who also had the correct security
clearance. 

So who’s to blame? Not Huawei, said the board. “The Board
accepts that this is not the fault of the company [Huawei] and is
the result of a wider backlog in the vetting system, which is the
responsibility of the Government.”

“The choice in these circumstances is between leaving HCSEC
short-staffed, or putting in place specific mitigations to manage
any risk. The Board is satisfied that in choosing the latter
approach, HCSEC, in conjunction with GCHQ, is taking appropriate
steps. The Board will continue to pay very close attention to this
issue. However at present we do not consider it a serious
risk.”

Also flagged up by Ernst and Young, was a “tension” between
HCSEC and the Product Security Incident Response Team (PSIRT) based
at the Huawei HQ in Shenzhen. Communication between the two is
necessary to ensure any issues with Huawei products are dealt with
swiftly. But don’t worry: the Board says “recent improvements” have
been made to the relationship, and although it would like to see
more progress “the Board is satisfied that this issue has not had a
detrimental effect on the security of UK networks.” Naturally.

The Board’s deputy chairman (who also happens to be executive
director of the Huawei Group Board) Ryan Ding points out the
importance of the UK collaboration: “In the globalised,
interconnected digital age, we must all work together to deliver
the best solutions to the challenges we face.” The report, or the
pieces of it we’re currently able to see, can be read here.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

27 March 2015 | 3:54 pm – Source: wired.co.uk

[ad_2]

Leave a Reply

Your email address will not be published.