Blog of the website «TechCrunch» Прогноз погоды

People

John Smith

John Smith, 48

Joined: 28 January 2014

Interests: No data

Jonnathan Coleman

Jonnathan Coleman, 32

Joined: 18 June 2014

About myself: You may say I'm a dreamer

Interests: Snowboarding, Cycling, Beer

Andrey II

Andrey II, 41

Joined: 08 January 2014

Interests: No data

David

David

Joined: 05 August 2014

Interests: No data

David Markham

David Markham, 65

Joined: 13 November 2014

Interests: No data

Michelle Li

Michelle Li, 41

Joined: 13 August 2014

Interests: No data

Max Almenas

Max Almenas, 53

Joined: 10 August 2014

Interests: No data

29Jan

29Jan, 31

Joined: 29 January 2014

Interests: No data

s82 s82

s82 s82, 26

Joined: 16 April 2014

Interests: No data

Wicca

Wicca, 36

Joined: 18 June 2014

Interests: No data

Phebe Paul

Phebe Paul, 26

Joined: 08 September 2014

Interests: No data

Артем Ступаков

Артем Ступаков, 98

Joined: 29 January 2014

About myself: Радуюсь жизни!

Interests: No data

sergei jkovlev

sergei jkovlev, 59

Joined: 03 November 2019

Interests: музыка, кино, автомобили

Алексей Гено

Алексей Гено, 8

Joined: 25 June 2015

About myself: Хай

Interests: Интерес1daasdfasf, http://apple.com

ivanov5056 Ivanov

ivanov5056 Ivanov, 69

Joined: 20 July 2019

Interests: No data



Main article: 5g security

<< Back Forward >>
Topics from 1 to 10 | in all: 18

FCC proposes rules requiring telcos remove Huawei, ZTE equipment

21:26 | 28 October

The Federal Communications Commission said it will move ahead with proposals to ban telecommunications giants from using Huawei and ZTE networking equipment, which the agency says poses a “national security threat.”

The two-part proposal revealed Monday would first bar telecoms giants from using funds it receives from the the FCC’s Universal Service Fund, used by the agency to subsidize service to low-income households, from buying equipment from the Chinese telecom equipment makers.

The second proposal would mandate certain telecom giants remove any banned equipment they may have already installed.

In a statement, the FCC said it would offer a reimbursement program to help carriers transition to “more trusted” suppliers.

“We need to make sure our networks won’t harm our national security, threaten our economic security, or undermine our values,” said FCC chairman Ajit Pai in remarks. “The Chinese government has shown repeatedly that it is willing to go to extraordinary lengths to do just that.”

The FCC said Huawei and ZTE were already on the list of companies that pose a threat, but that the draft order would “establish a process for designating other suppliers that pose a national security threat,” potentially opening the door for new additions.

It’s the latest move by the government to crack down on technology providers seen as a potential homeland security threat. Chief among the fears are that Huawei and ZTE are subject to Chinese laws, and could be told to secretly comply with demands from Chinese intelligence services, which could put Americans’ data at risk of surveillance or espionage.

The claims first arose in 2012 following a House inquiry, which labeled the company a national security threat.

Earlier this year, the Trump administration banned federal agencies from buying equipment from Huawei and ZTE, but also Hytera and Hikvision.

Both Huawei and ZTE have long denied the allegations.

Chairman Pai said in an op-ed in the Wall Street Journal: “When it comes to 5G and America’s security, we can’t afford to take a risk and hope for the best. We need to make sure our networks won’t harm our national security, threaten our economic security or undermine our values.”

The FCC’s proposals are expected to be voted on during a meeting on November 19.

 


0

Germany says it won’t ban Huawei or any 5G supplier up front

12:40 | 15 October

Germany is resisting US pressure to shut out Chinese tech giant Huawei from its 5G networks — saying it will not ban any supplier for the next-gen mobile networks on an up front basis, per Reuters.

“Essentially our approach is as follows: We are not taking a pre-emptive decision to ban any actor, or any company,” government spokesman, Steffen Seibert, told a news conference in Berlin yesterday.

The country’s Federal Network Agency is slated to be publishing detailed security guidance on the technical and governance criteria for 5G networks in the next few days.

The next-gen mobile technology delivers faster speeds and lower latency than current-gen cellular technologies, as well as supporting many more connections per cell site. So it’s being viewed as the enabling foundation for a raft of futuristic technologies — from connected and autonomous vehicles to real-time telesurgery.

But increased network capabilities that support many more critical functions means rising security risk. The complexity of 5G networks — marketed by operators as “intelligent connectivity” — also increases the surface area for attacks. So future network security is now a major geopolitical concern.

German business newspaper Handelsblatt, which says it has reviewed a draft of the incoming 5G security requirements, reports that chancellor Angela Merkel stepped in to intervene to exclude a clause which would have blocked Huawei’s market access — fearing a rift with China if the tech giant is shut out.

Earlier this year it says the federal government pledged the highest possible security standards for regulating next-gen mobile networks, saying also that systems should only be sourced from “trusted suppliers”. But those commitments have now been watered down by economic considerations at the top of the German government.

The decision not to block Huawei’s access has attracted criticism within Germany, and flies in the face of continued US pressure on allies to ban the Chinese tech giant over security and espionage risks.

The US imposed its own export controls on Huawei in May.

A key concern attached to Huawei is that back in 2017 China’s Communist Party passed a national intelligence law which gives the state swingeing powers to compel assistance from companies and individuals to gather foreign and domestic intelligence.

For network operators outside China the problem is Huawei has the lead as a global 5G supplier — meaning any ban on it as a supplier would translate into delays to network rollouts. Years of delay and billions of dollars of cost to 5G launches, according to warnings by German operators.

Another issue is that Huawei’s 5G technology has also been criticized on security grounds.

A report this spring by a UK oversight body set up to assess the company’s approach to security was damning — finding “serious and systematic defects” in its software engineering and cyber security competence.

Though a leak shortly afterwards from the UK government suggested it would allow Huawei partial access — to supply non-core elements of networks.

An official UK government decision on Huawei has been delayed, causing ongoing uncertainty for local carriers. In the meanwhile a government review of the telecoms supply chain this summer called for tougher security standards and updated regulations — with major fines for failure. So it’s possible that stringent UK regulations might sum to a de facto ban if Huawei’s approach to security isn’t seen to take major steps forward soon.

According to Handelsblatt’s report, Germany’s incoming guidance for 5G network operators will require carriers identify critical areas of network architecture and apply an increased level of security. (Although it’s worth pointing out there’s ongoing debate about how to define critical/core network areas in 5G networks.)

The Federal Office for Information Security (BSI) will be responsible for carrying out security inspections of networks.

Last week a pan-EU security threat assessment of 5G technology highlighted risks from “non-EU state or state-backed actors” — in a coded jab at Huawei.

The report also flagged increased security challenges attached to 5G vs current gen networks on account of the expanded role of software in the networks and apps running on 5G. And warned of too much dependence on individual 5G suppliers, and of operators relying overly on a single supplier.

Shortly afterwards the WSJ obtained a private risk assessment by EU governments — which appears to dial up regional concerns over Huawei, focusing on threats linked to 5G providers in countries with “no democratic and legal restrictions in place”.

Among the discussed risks in this non-public report are the insertion of concealed hardware, software or flaws into 5G networks; and the risk of uncontrolled software updates, backdoors or undocumented testing features left in the production version of networking products.

“These vulnerabilities are not ones which can be remedied by making small technical changes, but are strategic and lasting in nature,” a source familiar with the discussions told the WSJ — which implies that short term economic considerations risk translating into major strategic vulnerabilities down the line.

5G alternatives are in short supply, though.

US Senator Mark Warner recently floated the idea of creating a consortium of ‘Five Eyes’ allies — aka the U.S., Australia, Canada, New Zealand and the UK — to finance and build “a Western open-democracy type equivalent” to Huawei.

But any such move would clearly take time, even as Huawei continues selling services around the world and embedding its 5G kit into next-gen networks.

 


0

European risk report flags 5G security challenges

17:49 | 9 October

European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure.

The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5G supplier on national security grounds, with individual Member States such as the UK also taking their time to chew over the issue.

But the report flags risks to 5G from what it couches as “non-EU state or state-backed actors” — which can be read as diplomatic code for Huawei. Though, as some industry watchers have been quick to point out, the label could be applied rather closer to home in the near future, should Brexit comes to pass…

Back in March, as European telecom industry concern swirled about how to respond to US pressure to block Huawei, the Commission stepped in to issue a series of recommendations — urging Member States to step up individual and collective attention to mitigate potential security risks as they roll out 5G networks.

Today’s risk assessment report follows on from that.

It identifies a number of “security challenges” that the report suggests are “likely to appear or become more prominent in 5G networks” vs current mobile networks — linked to the expanded use of software to run 5G networks; and software and apps that will be enabled by and run on the next-gen networks.

The role of suppliers in building and operating 5G networks is also noted as a security challenge, with the report warning of a “degree of dependency on individual suppliers”, and also of too many eggs being placed in the basket of a single 5G supplier.

Summing up the effects expected to follow 5G rollouts, per the report, it predicts:

  • An increased exposure to attacks and more potential entry points for attackers: With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.
  • Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
  • An increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.
  • In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
  • Increased risks from major dependencies on suppliers: a major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.
  • Threats to availability and integrity of networks will become major security concerns: in addition to confidentiality and privacy threats, with 5G networks expected to become the backbone of many critical IT applications, the integrity and availability of those networks will become major national security concerns and a major security challenge from an EU perspective.

The high level report is a compilation of Member States’ national risk assessments, working with the Commission and the European Agency for Cybersecurity. It’s couched as just a first step in developing a European response to securing 5G networks.

“It highlights the elements that are of particular strategic relevance for the EU,” the report says in self-summary. “As such, it does not aim at presenting an exhaustive analysis of all relevant aspects or types of individual cybersecurity risks related to 5G networks.”

The next step will be the development, by December 31, of a toolbox of mitigating measures, agreed by the Network and Information Systems Cooperation Group, which will be aimed at addressing identified risks at national and Union level.

“By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the measures,” the Commission adds.

For the toolbox a variety of measures are likely to be considered, per the report — consisting of existing security requirements for previous generations of mobile networks with “contingency approaches” that have been defined through standardisation by the mobile telephony standards body, 3GPP, especially for core and access levels of 5G networks.

But it also warns that “fundamental differences in how 5G operates also means that the current security measures as deployed on 4G networks might not be wholly effective or sufficiently comprehensive to mitigate the identified security risks”, adding that: “Furthermore, the nature and characteristics of some of these risks makes it necessary to determine if they may be addressed through technical measures alone.

“The assessment of these measures will be undertaken in the subsequent phase of the implementation of the Commission Recommendation. This will lead to the identification of a toolbox of appropriate, effective and proportionate possible risk management measures to mitigate cybersecurity risks identified by Member States within this process.”

The report concludes with a final line saying that “consideration should also be given to the development of the European industrial capacity in terms of software development, equipment manufacturing, laboratory testing, conformity evaluation, etc” — packing an awful lot into a single sentence.

The implication is that the business of 5G security will need to get commensurately large to scale to meet the multi-dimensional security challenge that goes hand in glove with the next-gen tech. Just banning a single supplier isn’t going to cut it.

 


0

Trump administration bans federal agencies from buying Huawei, ZTE tech

21:30 | 7 August

The Trump administration has banned U.S. federal agencies from buying equipment and obtaining services from Huawei and two other companies as part of the government’s latest crackdown on Chinese technology amid national security fears.

Jacob Wood, a spokesperson for the White House’s Office of Management and Budget, was quoted as saying that the administration will “fully comply” with the legislation passed by Congress as part of a defense spending bill passed last year.

CNBC first reported the spokesperson’s remarks.

The new rule will take effect in a week — August 13 — and will also take aim at Chinese tech giants ZTE, Hytera, and Hikvision, amid fears that the companies could spy for the Chinese government. The rule comes in a year before Congress’ mandated deadline of August 2020 for all federal contractors doing business with Huawei, ZTE, Hytera, and Hikvision.

The government will grant waivers to contractors on a case-by-case basis so long as their work does not pose a national security threat.

Huawei has long claimed it does not nor can it spy for the Chinese government. Critics, including the government and many lawmakers, say the company’s technology, primarily networking equipment like 5G cell stations, could put Americans’ data at risk of Chinese surveillance or espionage. Huawei has vigorously denied the allegations, despite findings from the U.K. government that gave a damning assessment of the technology’s security.

The company first came to focus in 2012 following a House inquiry, which labeled the company a national security threat.

Spokespeople for Huawei and ZTE did not respond to requests for comment.

 


0

UK to toughen telecoms security controls to shrink 5G risks

22:49 | 22 July

Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the UK government has published a review of the telecoms supply chain which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.

However it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the US has been pressurizing its allies to do.

Giving a statement in parliament this afternoon, the UK’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.

“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.

“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”

Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government”.

The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.

“Until the new legislation is put in place, government and Ofcom will work with all telecoms operators to secure adherence to the new requirements on a voluntary basis,” Wright told parliament today. “Operators will be required to subject vendors to rigorous oversight through procurement and contract management. This will involve operators requiring all their vendors to adhere to the new Telecoms Security Requirements.

“They will also be required to work closely with vendors, supported by government, to ensure effective assurance testing for equipment, systems and software, and to support ongoing verification arrangements.”

The review also calls for competition and diversity within the supply chain — which Wright said will be needed “if we are to drive innovation and reduce the risk of dependency on individual suppliers”.

The government will therefore pursue “a targeted diversification strategy, supporting the growth of new players in the parts of the network that pose security and resilience risks”, he added.

“We will promote policies that support new entrants and the growth of smaller firms,” he also said, sounding a call for security startups to turn their attention to 5G.

Government would “seek to attract trusted and established firms to the UK market”, he added — dubbing a “vibrant and diverse telecoms market” as both good for consumers and for national security.

“The Review I commissioned was not designed to deal only with one specific company and its conclusions have much wider application. And the need for them is urgent. The first 5G consumer services are launching this year,” he said. “The equally vital diversification of the supply chain will take time. We should get on with it.”

Last week two UK parliamentary committees espoused a view that there’s no technical reason to ban Huawei from all 5G supply — while recognizing there may be other considerations, such as geopolitics and human rights, which impact the decision.

The Intelligence and Security committee also warned that what it dubbed the “unnecessarily protracted” delay in the government taking a decision about 5G suppliers is damaging UK relations abroad.

Despite being urged to get a move on on the specific issue of Huawei, it’s notable that the government continues to hold off. Albeit, a new prime minister will be appointed later this week, after votes of Conservative Party members are counted — which may be contributing to ongoing delay.

“Since the US government’s announcement [on May 16, adding Huawei and 68 affiliates to its Entity List on national security grounds] we have sought clarity on the extent and implications but the position is not yet entirely clear. Until it is, we have concluded it would be wrong to make specific decisions in relation to Huawei,” Wright said, adding: “We will do so as soon as possible.”

In a press release accompanying the telecoms supply chain review the government said decisions would be taken about high risk vendors “in due course”.

Earlier this year a leak from a meeting of the UK’s National Security Council suggested the government was preparing to give an amber light to Huawei to continue supplying 5G — though limiting its participation to non-core portions of networks.

The Science & Technology committee also recommended the government mandate the exclusion of Huawei from the core of 5G networks.

Wright’s statement appears to hint that that position remains the preferred one — baring a radical change of policy under a new PM — with, in addition to talk of encouraging diversity in the supply chain, the minister also flagging the review’s conclusion that there should be “additional controls on the presence in the supply chain of certain types of vendor which pose significantly greater security and resilience risks to UK telecoms”.

Additional controls doesn’t sound like a euphemism for an out-and-out ban.

In a statement responding to the review, Huawei expressed confidence that it’s days of supplying UK 5G are not drawing to a close — writing:

The UK Government’s Supply Chain Review gives us confidence that we can continue to work with network operators to rollout 5G across the UK. The findings are an important step forward for 5G and full fibre broadband networks in the UK and we welcome the Government’s commitment to “a diverse telecoms supply chain” and “new legislation to enforce stronger security requirements in the telecoms sector”. After 18 years of operating in the UK, we remain committed to supporting BT, EE, Vodafone and other partners build secure, reliable networks.”

The evidence shows excluding Huawei would cost the UK economy £7 billion and result in more expensive 5G networks, raising prices for anyone with a mobile device. On Friday, Parliament’s Intelligence & Security Committee said limiting the market to just two telecoms suppliers would reduce competition, resulting in less resilience and lower security standards. They also confirmed that Huawei’s inclusion in British networks would not affect the channels used for intelligence sharing.

A spokesman for the company told us it already supplies non-core elements of UK carriers’ EE and Vodafone’s network, adding that it’s viewing Wright’s statement as an endorsement of that status quo.

While the official position remains to be confirmed all the signals suggest the UK’s 5G security strategy will be tied to tightened regulation and oversight, rather than follow a US path of seeking to shut Chinese tech giants out.

Commenting on the government’s telecoms supply chain review in a statement, Ciaran Martin, CEO of the UK’s National Cyber Security Centre, said: “As the UK’s lead technical authority, we have worked closely with DCMS [the Department for Digital, Culture, Media and Sport] on this review, providing comprehensive analysis and cyber security advice. These new measures represent a tougher security regime for our telecoms infrastructure, and will lead to higher standards, much greater resilience and incentives for the sector to take cyber security seriously.

“This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place to live and work online by ensuring that cyber security is embedded into future networks from inception.”

Although tougher security standards for telecoms combined with updated regulations that bake in major fines for failure suggest Huawei will have its work cut out not to be excluded by the market, as carriers will be careful about vendors as they work to shrink their risk.

Earlier this year a report by an oversight body that evaluates its approach to security was withering — finding “serious and systematic defects” in its software engineering and cyber security competence.

 


0

Huawei 5G indecision is hitting UK’s relations abroad, warns committee

15:20 | 19 July

The UK’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay.

In a statement on 5G suppliers, the Intelligence and Security committee (ISC) writes that the government must take a decision “as a matter of urgency”.

Earlier this week another parliamentary committee, which focuses on science and technology, concluded there is no technical reason to exclude Huawei as a 5G supplier, despite security concerns attached to the company’s ties to the Chinese state, though it did recommend it be excluded from core 5G supply.

The delay in the UK settling on a 5G supplier policy can be linked not only to the complexities of trying to weight and balance security considers with geopolitical pressures but also ongoing turmoil in domestic politics, following the 2016 EU referendum Brexit vote — which continues to suck most of the political oxygen out of Westminster. (And will very soon have despatched two UK prime ministers in three years.)

Outgoing PM Theresa May, whose successor is due to be selected by a vote by Conservative Party members next week, appeared to be leaning towards giving Huawei an amber light earlier this year.

A leak to the press from a National Security Council meeting back in April suggested Huawei would be allowed to provide kit but only for non-core parts of 5G networks — raising questions about how core and non-core are delineated in the next-gen networks.

The leak led to the sacking by May of the then defense minister, Gavin Williamson, after an investigation into confidential information being passed to the media in which she said she had lost confidence in him.

The publication of a government Telecoms Supply Chain Review, whose terms of reference were published last fall, has also been delayed — leading to carriers to press the government for greater clarity last month.

But with May herself now on the way out, having agreed to step down as PM back in May, the decision on 5G supply is on hold. It will be down to either Boris Johnson or Jeremy Hunt, the two remaining contenders to take over from May, to choose whether or not to let the Chinese tech giant supply UK 5G networks.

Though whichever of the men wins the vote they will arrive in the top job needing to give their full attention to finding a way out of the Brexit morass — in a mere three months, with an October 31 extension deadline looming. So there’s a risk that 5G may not seem as urgent an issue as Brexit, and a decision once again be kicked back.

In its statement on 5G supply, the ISC backs the view expressed by the public-facing branch of the UK’s intelligence service that network security is not dependent on any one supplier being excluded from building it — writing that: “The National Cyber Security Centre… has been clear that the security of the UK’s telecommunications network is not about one company or one country: the ‘flag of origin’ for telecommunications equipment is not the critical element in determining cyber security.”

The committee argues that “some parts of the network will require greater protection” — writing that “critical functions cannot be put at risk” but also that there are “less sensitive functions where more risk can be carried”, without specifying what the latter functions might be.

“It is this distinction — between the sensitivity of the functions — that must determine security, rather than where in the network those functions are located: notions of ‘core’ and ‘edge’ ate therefore misleading in this context,” it adds. “We should therefore be thinking of different levels of security, rather than a one size fits all approach, within a network that has been built to be resilient to attack, such that no single action could disable the system.”

The committee’s statement also backs the view that the best way to achieve network resilience is to support diversity in the supply chain — i.e. by supporting more competition.

But at the same time it emphasizes that the 5G supply decision “cannot be viewed solely through a technical lens — because it is not simply a decision about telecommunications equipment”.

“This is a geostrategic decision, the ramifications of which may be felt for decades to come,” it warns, raising concerns about the perceptions of UK intelligence sharing partners by emphasizing the need for those allies to trust the decisions the government makes.

It also couches a UK decision to give Huawei access a risk by suggesting it could be viewed externally as an endorsement of the company, thereby encouraging other countries to follow suit — without them paying the full and necessary attention to the security piece.

“The UK is a world leader in cyber security: therefore if we allow Huawei into our 5G network we must be careful that that is not seen as an endorsement for others to follow. Such a decision can only happen where the network itself will be constructed securely and with stringent regulation,” it writes.

The committee’s statement goes on to raise as a matter of concern the UK’s general reliance on China as a technology supplier.

“One of the lessons the UK Government must learn from the current debate over 5G is that with the technology sector now monopolised by such a few key players, we are over-reliant on Chinese technology — and we are not alone in this, this is a global issue. We need to consider how we can create greater diversity in the market. This will require us to take a long term view — but we need to start now,” it warns.

It ends by reiterating that the debate about 5G supply has been “unnecessarily protracted”, pressing the next UK prime minister to get on and take a decision “so that all concerned can move forward”

 


0

No technical reason to exclude Huawei as 5G supplier, says UK committee

15:59 | 15 July

A UK parliamentary committee has concluded there are no technical grounds for excluding Chinese network kit vendor Huawei from the country’s 5G networks.

In a letter from the chair of the Science & Technology Committee to the UK’s digital minister Jeremy Wright, the committee says: “We have found no evidence from our work to suggest that the complete exclusion of Huawei from the UK’s telecommunications networks would, from a technical point of view, constitute a proportionate response to the potential security threat posed by foreign suppliers.”

Though the committee does go on to recommend the government mandate the exclusion of Huawei from the core of 5G networks, noting that UK mobile network operators have “mostly” done so already — but on a voluntary basis.

If it places a formal requirement on operators not to use Huawei for core supply the committee urges the government to provide “clear criteria” for the exclusion so that it could be applied to other suppliers in future.

Reached for a response to the recommendations, a government spokesperson told us: “The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.”

The spokesperson for the Department for Digital, Media, Culture and Sport added: “The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.”

In recent years the US administration has been putting pressure on allies around the world to entirely exclude Huawei from 5G networks — claiming the Chinese company poses a national security risk.

Australia announced it was banning Huawei and another Chinese vendor ZTE from providing kit for its 5G networks last year. Though in Europe there has not been a rush to follow the US lead and slam the door on Chinese tech giants.

In April leaked information from a UK Cabinet meeting suggested the government had settled on a policy of granting Huawei access as a supplier for some non-core parts of domestic 5G networks, while requiring they be excluded from supplying components for use in network cores.

On this somewhat fuzzy issue of delineating core vs non-core elements of 5G networks, the committee writes that it “heard unanimously and clearly” from witnesses that there will still be a distinction between the two in the next-gen networks.

It also cites testimony by the technical director of the UK’s National Cyber Security Centre (NCSC), Dr Ian Levy, who told it “geography matters in 5G”, and pointed out Australia and the UK have very different “laydowns” — meaning “we may have exactly the same technical understanding, but come to very different conclusions”.

In a response statement to the committee’s letter, Huawei SVP Victor Zhang welcomed the committee’s “key conclusion” before going on to take a thinly veiled swiped at the US — writing: “We are reassured that the UK, unlike others, is taking an evidence based approach to network security. Huawei complies with the laws and regulations in all the markets where we operate.”

The committee’s assessment is not all comfortable reading for Huawei, though, with the letter also flagging the damning conclusions of the most recent Huawei Oversight Board report which found “serious and systematic defects” in its software engineering and cyber security competence — and urging the government to monitor Huawei’s response to the raised security concerns, and to “be prepared to act to restrict the use of Huawei equipment if progress is unsatisfactory”.

Huawei has previously pledged to spend $2BN addressing security shortcomings related to its UK business — a figure it was forced to qualify as an “initial budget” after that same Oversight Board report.

“It is clear that Huawei must improve the standard of its cybersecurity,” the committee warns.

It also suggests the government consults on whether telecoms regulator Ofcom needs stronger powers to be able to force network suppliers to clean up their security act, writing that: “While it is reassuring to hear that network operators share this point of view and are ready to use commercial pressure to encourage this, there is currently limited regulatory power to enforce this.”

Another committee recommendation is for the NCSC to be consulted on whether similar security evaluation mechanisms should be established for other 5G vendors — such as Ericsson and Nokia: Two European based kit vendors which, unlike Huawei, are expected to be supplying core 5G.

“It is worth noting that an assurance system comparable to the Huawei Cyber Security Evaluation Centre does not exist for other vendors. The shortcomings in Huawei’s cyber security reported by the Centre cannot therefore be directly compared to the cyber security of other vendors,” it notes.

On the issue of 5G security generally the committee dubs this “critical”, adding that “all steps must be taken to ensure that the risks are as low as reasonably possible”.

Where “essential services” that make use of 5G networks are concerned, the committee says witnesses were clear such services must be able to continue to operate safely even if the network connection is disrupted. Government must ensure measures are put in place to safeguard operation in the event of cyber attacks, floods, power cuts and other comparable events, it adds. 

While the committee concludes there is no technical reason to limit Huawei’s access to UK 5G, the letter does make a point of highlighting other considerations, most notably human rights abuses, emphasizing its conclusion does not factor them in at all — and pointing out: “There may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.

It adds that Huawei’s global cyber security and privacy officer, John Suffolk, confirmed that a third party had supplied Huawei services to Xinjiang’s Public Security Bureau, despite Huawei forbidding its own employees from misusing IT and comms tech to carry out surveillance of users.

The committee suggests Huawei technology may therefore be being used to “permit the appalling treatment of Muslims in Western China”.

 


0

UK carriers warn over ongoing Huawei 5G uncertainty: Report

14:45 | 11 June

UK mobile network operators have drafted a letter urging the government for greater clarity on Chinese tech giant Huawei’s involvement in domestic 5G infrastructure, according to a report by the BBC.

Huawei remains under a cloud of security suspicion attached to its relationship with the Chinese state, which in 2017 passed legislation that gives authorities more direct control over the operations of internet-based companies — leading to fears it could repurpose network kit supplied by Huawei as a conduit for foreign spying.

Back in April, press reports emerged suggesting the UK government was intending to give Huawei a limited role in 5G infrastructure — for ‘non-core’ parts of the network — despite multiple cabinet ministers apparently raising concerns about any role for the Chinese tech giant. The UK government did not officially confirmed the leaks.

In the draft letter UK operators warn the government that the country risks losing its position as a world leader in mobile connectivity as a result of ongoing uncertainty attached to Huawei and 5G, per the BBC’s report.

The broadcaster says it has reviewed the letter which is intended to be sent to cabinet secretary, Mark Sedwill, as soon as this week.

It also reports that operators have asked for an urgent meeting between industry leaders and the government to discuss their concerns — saying they can can’t invest in 5G infrastructure while uncertainty over the use of Chinese tech persists.

The BBC’s report does not name which operators have put their names to the draft letter.

We reached out to the major UK mobile network operators for comment.

A spokesperson for BT, which owns the mobile brand EE — and was the first to go live with a consumer 5G service in the UK last month — told us: “We are in regular contact with UK government around this topic, and continue to discuss the impact of possible regulation on UK telecoms networks.”

A Vodafone spokesperson added: “We do not comment on draft documents. We would ask for any decision regarding the future use of Huawei equipment in the UK not to be rushed but based on all the facts.”

At the time of writing Orange, O2 and 3 had not yet responded to requests for comment.

A report in March by a UK oversight body set up to evaluate Huawei’s security was damning — describing “serious and systematic defects” in its software engineering and cyber security competence, although it resisted calls for an outright ban.

Reached for comment on the draft letter, a spokesperson for the Department for Digital, Culture, Media and Sport told us it has not yet received it — but sent the following statement:

The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.

The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.

The spokesperson added that the government has undertaken extensive consultation with industry as part of its review of the 5G supply chain, in addition to regular engagement, and emphasized that it is for network operators to confirm the details of any steps they have taken in upgrading their networks.

Carriers are aware they must comply with the government’s final decision, the spokesperson added.

At the pan-Europe level, the European Commission has urged member states to step up individual and collective attention on network security to mitigate potential risks as they roll out 5G networks.

The Commission remains very unlikely to try to impose 5G supplier bans itself. Its interventions so far call for EU member states to pay close attention to network security, and help each other by sharing more information, with the Commission also warning of the risk of fragmentation to its flagship “digital single market” project if national governments impose individual bans on Chinese kit vendors.

 


0

UK gives Huawei an amber light to supply 5G

12:13 | 24 April

The UK government will allow Huawei to be a supplier for some non-core parts of the country’s 5G networks, despite concerns that the involvement of the Chinese telecoms vendor could pose a risk to national security. But it will be excluded from core parts of the networks, according to reports in national press.

The news of prime minister Theresa May’s decision made during a meeting of the National Security Council yesterday was reported earlier by The Telegraph. The newspaper said multiple ministers raised concerns about her approach — including the Home Secretary, Foreign Secretary, Defence Secretary, International Trade Secretary, and International Development Secretary.

The FT reports that heavy constraints on Huawei’s involvement in U.K. 5G networks reflects the level of concern raised by ministers.

May’s decision to give an amber light to Huawei’s involvement in building next-gen 5G networks comes a month after a damning report by a U.K. oversight body set up to evaluate the Chinese company’s approach to security.

The fifth annual report by the Huawei Cyber Security Evaluation Centre Oversight Board blasted “serious and systematic defects” in its software engineering and cyber security competence.

Though the oversight board stopped short of calling for an outright ban — despite saying it could provide “only limited assurance that all risks to U.K. national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term”.

But speaking at a cyber security conference in Brussels in February, Ciaran Martin, the CEO of the U.K.’s National Cyber Security Centre (NCSC) expressed confidence UK authorities can mitigate any risk posed by Huawei.

The NCSC is part of the domestic GCHQ signals intelligence agency.

Dr Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs at Oxford University, told TechCrunch he’s not surprised by the government’s decision to work with Huawei.

“It’s a message that was long expected,” he said. “U.K. officials have been carefully sending signals in the previous months. In a sense, this makes us closer to the end of the 5G drama.”

“With proper management most risk can be mitigated. It all depends on the strategic planning,” he added.

“I believe the level of [security] responsibility at telecoms will remain similar to today’s. The main message expected by telecoms is clarity to enable them to move on with infrastructure.”

The heaviest international pressure to exclude the Chinese vendor from next-gen 5G networks has been coming from the U.S. where president Trump has been leaning on key intelligence-sharing allies to act on espionage fears and shut Huawei out — with some success.

Last year Australia and New Zealand both announced bans on Chinese kit vendors citing national security fears.

But in Europe governments appear to be leaning in another direction: Towards managing and mitigating potential risks rather than shutting the door completely.

The European Commission has also eschewed pushing for a pan-EU ban — instead issuing recommendations encouraging Member States to step up individual and collective attention on network security to mitigate potential risks.

It has warned too — and conversely — of the risk of fragmentation to its flagship ‘digital single market’ project if Member State governments decide to slam doors on their own. So, at the pan-EU level, national security considerations are very clearly being weighed against strategic commercial imperatives and technology priorities.

Equally, individual European governments appear to have little appetite to throw a spanner in the 5G works, given the risk of being left lagging as cellular connectivity evolves and transforms — an upgrade that’s expected to fuel and underpin developments in artificial intelligence and big data analysis, among myriad other much hyped benefits.

In the UK’s case, national security concerns have nonetheless been repeatedly brandished as justification for driving through domestic surveillance legislation so draconian parts of it have later been unpicked by both UK and EU courts.

Even if the same security concerns are here deemed ‘manageable’ — rather than grounds for a similarly draconian approach to 5G procurement.

It’s not clear at this stage how extensively Huawei will be involved in supplying and building U.K. 5G networks.

The NCSC sent us the following statement in response to questions:

National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.

The security and resilience of the UK’s telecoms networks is of paramount importance.

As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.

“How ‘non-core’ will be defined is anyone’s guess but it would have to be clearly defined and publicly communicated,” added Olejnik. “I would assume this refers to government and military networks, but what about safety communication or industrial systems, such as that of power plants or railroad? That’s why we should expect more clarity.”

 


0

UK report blasts Huawei for network security incompetence

16:48 | 28 March

The latest report by a UK oversight body set up to evaluation Chinese networking giant Huawei’s approach to security has dialled up pressure on the company, giving a damning assessment of what it describes as “serious and systematic defects” in its software engineering and cyber security competence.

Although it falls short of calling for an outright ban on Huawei equipment in domestic networks — an option U.S. president Trump continues dangling across the pond.

The report, prepared for the National Security Advisor of the UK by the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, also identifies new “significant technical issues” which it says lead to new risks for UK telecommunications networks using Huawei kit.

The HCSEC was set up by Huawei in 2010, under what the oversight board couches as “a set of arrangements with the UK government”, to provide information to state agencies on its products and strategies in order that security risks could be evaluated.

And last year, under pressure from UK security agencies concerned about technical deficiencies in its products, Huawei pledged to spend $2BN to try to address long-running concerns.

But the report throws doubt on its ability to do so — with the board writing that it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects”.

So it sounds like $2BN isn’t going to be nearly enough to fix Huawei’s security problem in the UK.

The board also writes that it will require “sustained evidence” of better software engineering and cyber security “quality”, verified by HCSEC and the UK’s National Cyber Security Centre (NCSC), if there’s to be any possibility of it reaching a different assessment of the company’s ability to reboot its security credentials.

In another damning segment it says there has been “no material progress” on issues raised by last year’s report.

All the issues identified by the security evaluation process relate to “basic engineering competence and cyber security hygiene” which the board noting that gives rise to vulnerabilities capable of being exploited by “a range of actors”. It adds that the NCSC does not believe the defects found are a result of Chinese state interference.

This year’s report is the fifth the oversight board has produced since it was established in 2014, and it comes at a time of acute scrutiny for Huawei, as 5G network rollouts are ramping up globally — pushing governments to address head on any suspicions attached to the Chinese giant and consider whether to trust it with critical next-gen infrastructure.

“The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated,” the report warns in one of several key conclusions that make very uncomfortable reading for Huawei.

“Overall, the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it adds in summary.

Reached for its response to the report, a Huawei UK spokesperson sent us a statement in which it describes the $2BN earmarked for security improvements related to UK products as an “initial budget”.

It writes:

The 2019 OB [oversight board] report details some concerns about Huawei’s software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year Huawei’s Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2BN.

A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.

Seeking to find something positive to salvage from the report’s savaging, Huawei suggests it demonstrates the continued effectiveness of the HCSEC as a structure to evaluate and mitigate security risk — flagging a description where the board writes that it’s “arguably the toughest and most rigorous in the world”, and which Huawei claims shows at least there hasn’t been any increase in vulnerability of UK networks since the last report.

Though the report does identify new issues that open up fresh problems — albeit the underlying issues were presumably there last year too, just undiscovered.

The board’s withering assessment certainly amps up the pressure on Huawei which has been aggressively battling U.S.-led suspicion of its kit — claiming in a telecoms conference speech last month that “the U.S. security accusation of our 5G has no evidence”, for instance. And appealing for the industry to work together to come up with collective processes for evaluating the security and trustworthiness of network kit.

Earlier this month it opened another cyber security transparency center — this time in Brussels, where the company has been lobbying European policymakers to establish security standards to foster collective trust. Though there’s little doubt that’s a long game.

Meanwhile, critics of Huawei can now point to impatience rising in the U.K., despite comments by the head of the NCSC, Ciaran Martin, last month — who said then that security agencies believe the risk of using Huawei kit can be managed, suggesting the government won’t push for an outright ban.

The report does not literally overturn that view but it does blast out a very loud and alarming warning about the difficulty for UK operators to “appropriately” risk-manage defective and vulnerable Huawei kit.

Including flagging the risk of future products which the board suggests will be increasingly complex to manage — all of which could well just push operators to seek out alternatives.

On the mitigation front, the board writes that — “in extremis” — the NCSC could order Huawei to carry out specific fixes for equipment currently installed in the UK. Though it also warns that such a step would be difficult, and could for example require hardware replacement which may not mesh with operators “natural” asset management and upgrades cycles, emphasizing that it does not offer a sustainable solution to the underlying technical issues.

“Given both the shortfalls in good software engineering and cyber security practice and the currently unknown trajectory of Huawei’s R&D processes through their announced transformation plan, it is highly likely that security risk management of products that are new to the UK or new major releases of software for products currently in the UK will be more difficult,” the board writes in a concluding section discussing the UK national security risk.

“On the basis of the work already carried out by HCSEC, the NCSC considers it highly likely that there would be new software engineering and cyber security issues in products HCSEC has not yet examined.”

It also describes the number and severity of vulnerabilities discovered, as well as architectural and build issues, by what the relatively small team in the HCSEC as “a particular concern”.

“If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly,” it adds. “Other impacts could include being able to access user traffic or reconfiguration of the network elements.”

In another section on mitigating the risks of using Huawei kit, the report notes that architectural controls in place in most UK operators can limit the ability of attackers to exploit any vulnerable network elements not explicitly exposed to the public Internet — adding that such controls, combined with good opsec generally, will “remain critically important in the coming years to manage the residual risks caused by the engineering defects identified”.

In other highlights from the report the board does have some positive things to say, writing that an NCSC technical review of its capabilities showed improvements in 2018, while another independent audit of HCSEC’s ability to operate independently of Huawei HQ once again found “no high or medium priority findings”.

“The audit report identified one low-rated finding, relating to delivery of information and equipment within agreed Service Level Agreements. Ernst & Young concluded that there were no major concerns and the Oversight Board is satisfied that HCSEC is operating in line with the 2010 arrangements between HMG and the company,” it further notes.

Last month the European Commissioner said it was preparing to step in to ensure a “common approach” across the European Union where 5G network security is concerned.

And earlier this week it issued a set of recommendations for Member States that combine legislative and policy measures to assess 5G network security risks and help strengthen preventive measures.

Among the suggested operational measures it advises Member States to take is to complete a national risk assessment of 5G network infrastructures by the end of June 2019, and follow that by updating existing security requirements for network providers — including conditions for ensuring the security of public networks.

“These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks,” it recommended. “The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.”  

At an EU level the Commission said Member States should share information on network security, saying this “coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level” — leaving the door open for further action.

While the EU’s executive body has not pushed for a pan-EU ban on any 5G vendors it did restate Member States’ right to exclude companies from their markets for national security reasons if they fail to comply with their own standards and legal framework.

 


0
<< Back Forward >>
Topics from 1 to 10 | in all: 18

Site search


Last comments

Walmart retreats from its UK Asda business to hone its focus on competing with Amazon
Peter Short
Good luck
Peter Short

Evolve Foundation launches a $100 million fund to find startups working to relieve human suffering
Peter Short
Money will give hope
Peter Short

Boeing will build DARPA’s XS-1 experimental spaceplane
Peter Short
Great
Peter Short

Is a “robot tax” really an “innovation penalty”?
Peter Short
It need to be taxed also any organic substance ie food than is used as a calorie transfer needs tax…
Peter Short

Twitter Is Testing A Dedicated GIF Button On Mobile
Peter Short
Sounds great Facebook got a button a few years ago
Then it disappeared Twitter needs a bottom maybe…
Peter Short

Apple’s Next iPhone Rumored To Debut On September 9th
Peter Short
Looks like a nice cycle of a round year;)
Peter Short

AncestryDNA And Google’s Calico Team Up To Study Genetic Longevity
Peter Short
I'm still fascinated by DNA though I favour pure chemistry what could be
Offered is for future gen…
Peter Short

U.K. Push For Better Broadband For Startups
Verg Matthews
There has to an email option icon to send to the clowns in MTNL ... the govt of India's service pro…
Verg Matthews

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short

CrunchWeek: Apple Makes Music, Oculus Aims For Mainstream, Twitter CEO Shakeup
Peter Short
Noted Google maybe grooming Twitter as a partner in Social Media but with whistle blowing coming to…
Peter Short