The UK’s Intelligence and Security Committee (ISC) has published a report that highlights serious concerns about the relationship between BT and Huawei, as well as wider problems concerning the security of telecoms networks.
The report, “Foreign involvement in the Critical National Infrastructure”, mainly centres around the 10-year relationship between UK incumbent operator BT and the China-based vendor.
Huawei was one of the vendors chosen in 2003 to supply equipment, including routers, for the upgrade of BT’s network.
The ISC cast doubt on Huawei’s reputation, referring to its alleged links to the Chinese state, the fact that 20 percent of detected cyber attacks in the UK are likely to be state-sponsored or linked to organised crime, a lack of clarity about its finances and a recent PR campaign relating to its improved transparency that “appears to have fallen flat”.
The report stated: “The Security Service had already told us in early 2008 that, theoretically, the Chinese State may be able to exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity.”
Huawei released a statement saying it had the “full support” of the UK government and customers, including BT.
It went on: “Huawei is willing to work with all governments in a completely open and transparent manner to jointly reduce the risk of cyber security.”
The report is also critical of the UK’s National Security Information Exchange (NSIE) working group, saying the ISC “was shocked that officials chose not to inform, let alone consult, Ministers” about the contracts BT entered into with Huawei.
It said NSIE officials willfully chose to not to inform the government because the “potential trade, financial and diplomatic consequences” would be too significant.
BT is spared criticism as it was told “to take its own commercial decision” with the caveat that it “should not use an untrusted supplier’s equipment”.
Huawei has been banned from similar deals in the US on security grounds.
The UK Government’s Communications Headquarters intelligence agency (GCHQ) is quoted in the report as backing up BT's involvement.
It said: “We are confident that the UK network has not been at risk... at any stage because of the mitigations that BT have had in place from the outset. BT has acted responsibly in investing significant money and manpower to manage this risk.
“The mitigations implemented by BT since 2004 have resulted in a well- managed communications infrastructure drawing on products developed in a global market. In this sense they might be considered an exemplar."
However, the report’s authors noted that “there will always be a risk in any telecommunications system”.
The report also included a statement from BT, which said: “We clearly recognise that increased globalisation of the telecoms industry means there is a diverse range of cyber threats to consider when building and securing networks. BT takes a risk management approach on the use of components from Huawei.”
Yesterday, BT released another statement that said: “Security is at the heart of BT and it will continue to be so in the future. Our testing regime enables us to enjoy constructive relationships with many suppliers across the globe. One of these is Huawei with whom we have had a long and constructive relationship since 2005.”
In April, Huawei forecast it would grow by 10 percent over the next five years as telecom networks strive to meet the requirements of ubiquitous connectivity.