Now they tell us! Spooks ‘never trusted firm’
BRITISH intelligence officials have ‘never trusted’ Huawei and believe the firm could be ordered by the Chinese state to harm the UK, according to a bombshell dossier.
The National Cyber Security Centre (NCSC) also warned ministers that the Chinese state has carried out and ‘will continue to carry out cyber attacks’ against the UK.
But in an analysis of Huawei’s potential involvement in the UK’s 5G network, it concluded that the risk of the tech giant being used as a ‘Trojan horse’ for Chinese intelligence services was ‘manageable’.
It said the Chinese state could find easier and more effective ways to launch a cyberattack than exploiting any ‘back door’ via Huawei’s equipment.
The UK ruled yesterday that Huawei can be rolled out in its 5G networks, but with restrictions imposed, including only being allowed to account for 35 per cent of the kit in a network’s periphery.
In an assessment prepared ahead of the decision, the NCSC warned that any market share higher than that could lead to the UK becoming nationally dependent on the ‘high-risk’ firm and this would lead to an ‘unacceptable’ threat to security. NCSC technical director Dr Ian Levy said Huawei had always been treated as a high-risk vendor and the authorities had ‘worked to limit their use in the UK’.
He said: ‘We’ve never “trusted” Huawei and the artefacts you can see... exist because we treat them differently to other vendors.
‘We ask operators to use Huawei in a limited way so we can collectively manage the risk and NCSC put in place a wider mitigation strategy.’
The Chinese firm’s activities in the UK have been overseen by arrangements including the Huawei Cyber Security Evaluation Centre (HCSEC). The NCSC report said: ‘Due to the UK’s mitigation strategy, which includes HCSEC as an essential component, our assessment is that the risk of trojan functionality in Huawei equipment remains manageable.
‘Placing “back doors” in any Huawei equipment supplied into the UK is not the lowest risk, easiest to perform or most effective means for the Chinese state to perform a major cyber-attack on UK telecoms networks today.’
The NCSC guidance said Huawei was considered to be a high-risk vendor because ‘under China’s National Intelligence Law of 2017, it could be ordered to act in a way that is harmful to the UK’.