Germany's data protection and security regulator is not too stressed about the supposed threat of using Huawei equipment in 5G networks.
Arne Schönbohm, head of Germany's Federal Office for Information Security, told Der Spiegel the risks posed by the Chinese outfit are manageable and that a next-generation mobile network made up of equipment from a variety of vendors would be safer.
"There are essentially two fears: First, espionage – i.e. that data will be siphoned off involuntarily. But we can counter that with improved encryption. The second is sabotage – i.e. manipulating networks remotely or even shutting them down. We can also minimise this risk by not relying exclusively on one supplier in critical areas. By possibly excluding them from the market, we also increase pressure on these suppliers."
Schönbohm said that if a 5G network were to be used for medical services and self-driving cars, it would need to be more secure than today's mobile networks. That means reviewing and certifying hardware and software for security and banning kit that fails the test.
There's Huawei too many vulns in Chinese giant's firmware: Bug hunters slam pisspoor codeREAD MORE
He said it would be helpful to analyse source code for some products to check for hidden functions, as GCHQ offshot NCSC does in the UK via the Huawei Cyber Security Evaluation Centre. Some of Huawei software coding was described by HCSEC as "piss poor" but no backdoors have been found.
Pushed on differences between US and UK approaches, he said: "We're in close contact with our American and English colleagues, and there are different risk assessments. I think that's legitimate."
The British government last week again deferred its decision on whether to ban Huawei hardware from 5G networks in the UK, a decision that was initially expected with the Telecom Supply Chain review in March.
Schönbohm was asked if he had seen hard evidence of Huawei spying, and in response said: "Let me put it this way: if we saw uncontrollable risks, we would not have adopted our approach."
On wider tech security threats, Schönbohm said ransomware attacks were becoming more widespread and professional, often using several types of Trojan.
With this in mind, the German regulator is taking on 350 additional staff this year. ®