GCHQ to vet Huawei's security evaluation centre managers

The Government Communications Headquarters (GCHQ) is to scrutinise Chinese telecoms technology used in the UK's communications infrastructure.

The GCHQ is monitoring China's Huawei
The GCHQ is monitoring China's Huawei

The Government Communications Headquarters (GCHQ) is taking a pro-active stance on the governance issue surrounding Chinese telecoms kit in the UK's communications infrastructure.

The UK Government has announced that GCHQ will now be taking an active interest in systems supplied by Chinese telecoms vendor Huawei, against a backdrop of concerns that the company's products potentially have unknown back doors that could be used for espionage purposes.

The announcement follows on from the UK's Intelligence and Security Committee (ISC) reporting in June that it was shocked at the way the Government had allowed Huawei to become embedded in the UK's telecoms infrastructure around eight years ago without adequate security checks.

In its summer analysis/report on the issue, the ISC - which is made up of cross-party MPs and other professionals - called for a major overhaul of the way Whitehall assesses such investment in future.

The rising worry over the security of Huawei's telecoms kit in the UK mirrors similar actions in the US where - in October of last year - a Congressional committee recommended banning Huawei and ZTE on grounds they represent a threat to national security.

That recommendation came amidst reports of remote back doors being found in at least one of the vendor's mobile phones, although the Chinese telecoms firm has claimed the remote service access is simply there for engineering facilities.

Under the plans announced by the UK Government, GCHQ will be given a much greater role in directing senior appointments at Huawei's Security Evaluation Centre (HCSEC), which was set up by the Chinese telecoms firm to assess potential security vulnerabilities in its hardware and systems software.

Unsurprisingly, Huawei has welcomed GCHQ's master plan, saying in a prepared statement: "We are pleased that the model of the UK government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK."

Commenting on the news that GCHQ is taking a pro-active stance in monitoring Huawei's systems governance in the UK, Quocirca security analyst Rob Bamforth welcomed the move but warned that there are other countries that the UK should be worried about.

"A few years ago there were reports that the US had access codes to UK systems, which is all well and good whilst relations remain excellent. In the post-Snowden era, however, there are fears that even a friendly nation like the US has other motives in its actions," he told SCMagazineUK.com.

"And there is always going to be a risk in the usage of IT kit from foreign suppliers,” he added.  “My view is that it's more a case of how pervasive the hardware systems are and their usage in the UK - we need to quantify the risk attached with using kit from Huawei and other vendors, and then work out what that risk perspective means.”

Nigel Stanley, CEO and analyst of Incoming Thought, the information security consultancy, also welcomed the news and said it is a good example of the work that GCHQ does in protecting the UK's interests on the security front.

"It is interesting how this has come about. On the one hand we - as a country - want to do business with China, but on the other there is clearly a risk associated with using this type of kit.

“It's a tricky one, as you have to balance the risk to the telecoms network of the UK against the fact that the systems that Huawei supplies [to us] are clearly price competitive," he explained.  

Sign up to our newsletters