Senior MP tells UK Defence Committee on 5G security: Russia could become China's cyber-attack dog
One has the vulns, the other has the brass neck to pull off heists. Right?
Russia might begin carrying out cyber attacks against Britain's 5G networks "at the behest of China", the chairman of a Parliamentary Select Committee has ventured.
The startling prediction came from Tobias Ellwood MP, chairman of the Defence Committee, as he presided over a hearing on 5G security and Huawei's involvement.
"I predict that Russia and China, over the next decade, are going to become closer and closer," Ellwood told his committee. "To put it in cruder terms, Russia is going to become more subservient to China." He added: "If Russia understands the weaknesses, the vulnerabilities or the back doors that China provides, it can be Russia continuing to do those cyber attacks at the behest of China."
Giving evidence to the committee were tech venture capitalist Andre Pienaar and Emily Taylor of cyberintel firm Oxford Information Labs. MPs were asking to what extent Huawei's involvement in 5G networks poses a threat to British national security.
Taylor also punched a hole through Huawei's continual denials that its commercial objectives are linked with the Chinese state's objectives, saying: "Mexico was offered a very generous loan on 1 per cent interest, on the condition that 80 per cent of it was spent with Huawei. So we see that technology build-out is very much forming part of the Belt and Road strategy – a patient, sustained strategy that has been conducted over decades."
Pienaar linked Huawei's commercial success to what he described as $75bn of "state aid" from China, apparently citing a Wall Street Journal investigation from December last year. In response to a question from Conservative MP Alicia Kearns, who was a "guest member" of the panel from the Foreign Affairs Committee, Pienaar said: "It is calculated that the Chinese government have financed the growth of Huawei with some $75bn over the past three years to enable it to achieve the kind of market dominance it currently has in telecommunications equipment."
Kearns had asked whether it was important to shut the Chinese comms giant out of the core of the UK's 5G networks. In his answer, Pienaar referenced the 2019 Huawei Cyber Security Evaluation Centre (HCSEC) report, which laid bare Huawei's pisspoor software development practices.
Speculating about why Huawei "are so shoddy in their cybersecurity engineering", he wondered aloud whether Huawei "just do not care about it and it is not important to them", perhaps unfairly adding: "That might be related to the price point at which they sell their product."
Taylor sounded a note of caution over Pienaar's description of Huawei as deliberately deceptive, remarking: "I would not run away with the idea that those faults are deliberately placed in it."
Do not forget that Huawei is also providing equipment in other markets, such as China. In cybersecurity, the worst example is when you create a vulnerability and then it is used against you. A vulnerability can be used against anybody who is using the equipment, including the home team, if you like.
Huawei embarked on a short-lived charm offensive after last year's HCSEC report, emphasising how much it spent on cybersecurity.
Overall the committee, not normally known for its ability to uncover original insights, was left with the impression that Huawei is a risk not only to security – as the government has already concluded – but to Britain's relations with key allies America and Australia. Even though Taylor pointed out that it is far easier for Australia and the US to insist on a no-Huawei policy because they have had de facto bans since the early 2010s, this didn't seem to gain much attention.
Although there are targets to cap Huawei's involvement in UK 5G networks at 35 per cent of access layer equipment, there have been murmurings from current Defence Secretary Ben Wallace that this ought to be a much lower target. ®
At one point Ellwood chipped in to describe 5G network topology as composed of four parts, in his understanding: transition networks ("the pipes, if you like"); the core ("which they call the brains, so the encryption, the payments, the tariff and so forth"); the access network ("masts"); and the "management system, which is business support". ®