Corresponding with the release of a new UK National Security Advisor report, British Prime Minister David Cameron has called for greater oversight of the cybersecurity center run by Chinese telecom equipment maker Huawei amid concerns the company’s involvement could pose a threat to national security.
The Huawei Cyber Security Evaluation Centre also known as “the Cell”, was originally formed by Huawei in 2010 in Banbury, Oxfordshire, to ensure the integrity of its products including routers used in the UK’s fiber-optic cable network.
According to a newly released report summary (of a classified report) by National Security Advisor Sir Kim Darroch, there need to be greater oversight by the UK Government Communications Headquarters as well as more formalised agreements between HCSEC and Huawei to ensure it operates independently and not as a tool of surveillance.
The boost in oversight, Cameron said, should involve the GCHQ playing a greater role in vetting HCSEC staff, which is in line with the National Security Advisor’s summary.
Fearing espionage, the US and Australia have both barred Huawei from involvement in broadband projects.
The first major Huawei deal in the UK was in 2005 when it became a transmission equipment supplier to British Telecom. Earlier this year, the UK Intelligence and Security Committee found that Huawei’s involvement in BT infrastructure posed a potential threat to national security and recommended HCSEC employees to be on the payroll of the GCHQ instead of Huawei.
While some Members of Parliament have called for the HCSEC site to under the control of the GCHQ, Sir Kim’s summary recommends keeping the Cube’s security experts in the employ of Huawei. The center has “sufficient independence” from its Chinese head office, and a change in management could compromise the staff’s unfettered access to equipment, software code and designs.
Patching known vulnerabilities in Huawei systems has been a task of the Cube’s security experts. The National Security Advisor summary notes, however, that known security flaws identified in Huawei systems, seemed to be “genuine design weaknesses or errors in coding practice” rather than intentional gaps that could be used for foreign surveillance.