Huawei leak reveals govt's own security flaws
By Harvey Morris | China Daily Global | Updated: 2019-05-07 09:19
The spectacular sacking of the UK defense minister over a leak from a top-secret security meeting has highlighted a debate over Chinese company Huawei's role in the UK's telecom networks.
Gavin Williamson, the minister in question, continues to maintain his innocence in a saga that reveals more about a breakdown of discipline within Prime Minister Theresa May's Brexit-beleaguered government than it does about Britain's state secrets.
The leak to the Daily Telegraph newspaper from the National Security Council (NSC), an ad-hoc grouping of ministers and spy chiefs, revealed that a number of May's close associates - Williamson included - had raised concerns about a decision to allow Huawei to help build the UK's 5G network.
Although the leak was initially viewed as a potential criminal breach of the Official Secrets Act -the police have since decided it was not - you do not have to be James Bond to find out what the secret meeting was discussing.
A clue to that is in a report from something called the Huawei Cyber Security Evaluation Centre(HCSEC) Oversight Board, which is freely available on the official UK government website.
The evaluation center is based at a business park in Oxfordshire and owned by Huawei, where company employees work under the oversight of the UK's GCHQ spy agency on cybersecurity issues.
The so-called "cell" was set up in 2010 to address UK concerns about the robustness of Huawei's security protocols, at a time when the company had already established partnerships with UK telecoms companies.
This intense level of cooperation between the Chinese company and British officials may come as a surprise to most people in Britain, to whom Huawei was hardly a household name before the leak controversy erupted at the end of April.
The latest 46-page findings from the cell's Oversight Board amount to a "must try harder" report on the company's operations. "HCSEC's work continues to identify significant, concerning issues in Huawei's approach to software development bringing significantly increased risk to UK operators," the report concluded.
The report revealed that UK intelligence was concerned that security weaknesses could be exploited by a range of outside actors, although it stressed that cybersecurity officials did "not believe that the defects identified are a result of Chinese state interference".
Huawei responded by acknowledging the concerns about its software engineering capabilities. "We understand these concerns and take them very seriously," said a company spokesperson.
The debate on Huawei and cybersecurity is not, of course, confined to the UK. The United States has blocked Huawei and urged its allies to do likewise. Some countries, including Australia, have followed suit but the UK is clearly among those countries that want to maintain a relationship with the Chinese company as it moves into the 5G era.
In the UK, however, the Huawei debate has erupted at a time of almost unprecedented political turmoil as a lame-duck prime minister finds herself under fire from all sides for her failure to get her deal on the country's departure from the European Union through Parliament.
As rivals within her own Conservative Party vie to replace her when she eventually quits - commentators say her premiership may have only weeks or months to run - the Huawei issue has emerged as yet one more stick with which to beat her.
Some potential successors are casting themselves as security hawks in comparison with May, and her finance minister, chancellor Philip Hammond, who are portrayed as "soft" on China.
Williamson was among those who had placed himself firmly on the side of the hawks when he said in December that he had "very deep concerns" about Huawei's involvement in the UK's 5G network.
The sub-text of the anti-Huawei camp is that May and her Cabinet allies are putting commercial benefit above the national interest.
In more normal times, such disagreements would have been confined to the closed environment of the NSC. But that was blown apart by the April leak.
Despite the secrecy that would normally surround such high-level deliberations, the actual pros and cons of the Huawei debate are freely available.
Ian Levy, the technical director of GCHQ's National Cyber Security Centre, also known as NCSC, outlined the issues at stake in a February blog post that is still freely available on the NCSC's website.
"The details are very important and security implications of certain decisions will be different across different countries, and even different networks in the same country," he wrote in a more sober tone than that which has characterized the political controversy.
Levy has not been uncritical of Huawei's alleged lapses. In an April interview, he referred to alleged "shoddy" engineering practices and said the company could be barred from working on the inner core of the 5G network.
That seems to be precisely the conclusion reached at the notorious leaked meeting. The government essentially decided to maintain the status quo by limiting Huawei's products to the outer ring of the network, perhaps raising the question of what all the fuss was about.
Harvey Morris is a senior media consultant for China Daily UK