- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Despite Warnings of Huawei's 'Shoddy' Security Standards, GCHQ Has History of Data Failures

Subscribe
Huawei has pledged to spend over US$2 billion on rectifying these problems, although has warned it could take up to five years to see results - Levy claims not have detected any sign of the company actually taking necessary action yet.

Ian Levy, Technical Director of Britain’s National Cyber Security Centre (NCSC), part of the controversial GCHQ signals intelligence agency, has said China’s Huawei Technologies must raise its “shoddy” security standards.

READ MORE: Europe to Pay Billions if It Chooses to Ban Huawei's 5G Rollout – Report

“Huawei as a company builds stuff very differently to their Western counterparts. Part of that’s how quickly they’ve grown up, part of it could be cultural – who knows. What we have learnt as a result of that, the security is objectively worse, and we need to cope. Huawei is shoddy, the others are less shoddy,” he told a conference in London.

“The start of a high-level plan that we can talk about in public would be a good thing. They have a lot of work to do, and I think they know that. You wouldn’t expect to have, in six months since we published that report, less than that, them coming out going ‘we’ve fixed it’. That would be unachievable.”

Rank Hypocrisy

While measured, Levy’s comments are just the latest broadside to be levelled against Huawei — the world’s biggest producer of mobile network equipment has been under intense US-led pressure internationally for some time, Washington imposing harsh sanctions on the company, attempting to prevent it from purchasing US goods, and pledging to limit intelligence sharing with allies who use the company’s technology. 

While Britain has refused to follow suit entirely, in April following a Whitehall report rebuking the company for failing to fix security flaws in its equipment, the National Security Council blocked Huawei from all core parts of its future 5G network, only granting restricted access to non-core segments.

A Huawei store is seen at a commercial area in Wuhan, Hubei province, China March 30, 2019. Picture taken March 30, 2019 - Sputnik International
World
Theresa May to Confront Trump Over Huawei’s Role in UK 5G Network – Reports
However, such moves — and the NCSC Technical Director’s concerns about Huawei’s security — are somewhat ironic given GCHQ itself has had significant issues in the same regards.

For instance, in March 2016 the agency was forced to admit that despite receiving almost one billion pounds over the previous five years, legacy IT issues were “killing” its cybersecurity capabilities.

In 2014, Whitehall paid Microsoft £5.5 million to extend Windows XP support, as despite being given seven years’ warning the tech giant would be ending its standard support for the operating system, some GCHQ departments were still using the software.

“We’ve not been spending money on fixing legacy IT issues, and that is just killing us. I’ve tried to make this argument to my bosses that surely you have to start there before you try to do anything more sophisticated. But the response has always been ‘I’m not spending cybersecurity program money to subsidise other departments’ IT budgets’. Come on, it’s the aim that you have in mind that justifies it, but I haven’t won that battle yet,” said Alex Dewedney, director of cybersecurity at the information security arm of GCHQ.

Workers sit at the Huawei stand at the Mobile Expo in Bangkok, Thailand, May 31, 2019 - Sputnik International
Ridiculous for US to Tell Others Not to Buy High Quality Huawei Tech - Analyst
Moreover, internal MI5 documents acquired by The Intercept reveal British spying agencies including GCHQ may have put lives at risk as their surveillance systems were sweeping up more data than they could analyse, leading them to miss clues and potential security threats, and failed to properly protect information being harvested.

“[Agencies] can currently collect significantly more than it is able to exploit fully. This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected,” one document cautioned.

Another, relating to program MILKWHITE, saw GCHQ make some of its vast troves of metadata about people’s online activities accessible to MI5, the Metropolitan Police, Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency, the Police Service of Northern Ireland, and an obscure Scotland-based surveillance unit called the Scottish Recording Centre. There was little evidence of safeguards being in place to prevent the databases being abused, or accessed illicitly by unauthorised individuals at the agencies involved.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала