Top UK Official: Huawei Is ‘Bad Security’

A top UK government cyber-official has called out the telecom supplier, long suspected to use its infrastructure sales as a base for industrial espionage.

THE HAGUE, Netherlands – A top official at the National Cyber Security Centre in the UK set his sights on Huawei, the telecom equipment giant, in an opening keynote session at the GSMA’s Mobile360 Security for 5G conference on Tuesday.

Ian Levy, technical director at the agency, took the stage for the “Policy in the 3G Era” opening session at the show here. Addressing a packed room, including top executives from global telco giants and other communications equipment suppliers, he bluntly said that Huawei is a paragon of “bad security.”

This echoes the National Cyber Security Centre’s (NCSC) latest conclusion laid forth in its Oversight Board report, which is a recurring report on the influence and risk of Huawei’s involvement as a supplier to the UK’s critical infrastructure. In the most recent version of the document from April, the NCSC found Huawei to be a significant issue given what it believes to be the potential for using its mobile networks footprint as a basis for espionage operations. The agency also found that it “can provide only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK.”

“[We have a market] where the leader in the market, in terms of market volume, has the security we published in the Oversight report in March,” Levy said from the stage. “We need to fix that.”

He also mentioned that the number of telecom equipment suppliers has dwindled from at least a dozen as recently as 10 years ago to just five today – Ericsson, Nokia, ZTE and Samsung, in addition to Huawei – contributing to what he termed a “broken” market.

“Now we have three to five scale vendors across the world,” he noted. “How is that OK?”

The UK is of course not alone in viewing Huawei, ironically the headline sponsor for this packed security conference, as a national security problem. Australia has banned Huawei from building its 5G networks; and in the U.S., a law has bans federal agencies from buying Huawei products. President Trump, citing concerns about violating U.S. sanctions on Iran, has also effectively starved the Chinese giant of semiconductor supplies by recently putting the company on a blacklist, blocking $11 billion in annual sales to the equipment-maker.

Huawei coincidentally said Wednesday that it is pressing on with a lawsuit against the United States, challenging the constitutionality of the measure. The government is “using the strength of an entire nation to come after a private company,” Song Liuping, Huawei’s chief legal officer, said in a press conference in Shenzhen on Wednesday, in an effort, he said, to put the company out of business for competitive reasons.

Levy, for his part, concluded with the sentiment that “security is fundamentally broken in the telecoms sector,” but noted that it’s not just a Huawei problem – operators too will have to step up to the plate to acquire the skill set they need to build security into what he said promises to be a much more complex network infrastructure than has been seen before, thanks to the virtualization at the core of the technology.

“You have to build a 5G component around trust and security,” he said. “You now have software running on commoditized hardware, which is a different risk model. We need to start thinking about how we get and maintain the skills within operators to run this stuff better. This is a big change – and it’s also a marketing change…being a bit pipe doesn’t pay.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.