After years on the naughty step over suspicions of spying, Chinese telecoms giant Huawei has been given the all clear by the GCHQ-controlled committee given the job of monitoring its technology for backdoors.
The first annual report looked at the work of Huawei’s Banbury-based Cyber Security Evaluation Centre (HCSEC), set up by the firm in 2010 to allow the UK security services to check out its equipment for surveillance or other security problems.
The Advisory Board, chaired by GCHQ director general Ciaran Martin was added in early 2014 as an extra layer of oversight after worries were expressed about the transparency of the Centre’s work, not least criticism the previous year by the influential Parliamentary Intelligence and Security Committee.
Separately there were reports that government departments were even refusing to use teleconferencing equipment for fear of surveillance.
It appears to be a case of so far so good for the HCSEC which the report said “fulfilled its obligations in respect of the provision of assurance that any risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated.”
If this doesn’t sound like an unqualified endorsement – the phrase “sufficiently mitigated” is slightly ambiguous – that could simply be the type of denatured language used by such reports.
“Additionally it is hoped that this report adds to Parliamentary – and through it public knowledge of the operation of the arrangements,” it added by way of acknowledging that wider perceptions were as important as the work of the Board itself.
“GCHQ has advised the Oversight Board that it is confident that HCSEC is providing the technical assurance of sufficient scope and quality as to be appropriate for the current stage in the assurance framework around Huawei in the UK.”
The HCSEC had sent over 100 reports back to Huawei R&D in China about security metrics and any practices of concern,” it said without elaborating. As well as opening up Huawei’s technology to scrutiny, finding and general security vulnerabilities may also be part of the remit.
For extra assurance, the independence of the HCSEC was audited by Ernst & Young, which is said it was happy with its performance.
The Board doesn’t only study the technical work carried out by HCSEC but the staff it hires, including whether it has enough people with the required skills. The staffing level was currently 25 people, the report noted, with further expansion agreed to cope with an expanding workload.
Although HCSEC is not yet fully staffed, it has so far been able to meet all current technical and business requirements and in the course of the audit of HCSEC.”
Huawei will hope that that the report turns the tide against critics who have consistently fretted about the company’s incredible power at the heart of the UK’s telecoms infrastructure. Huawei equipment is currently heavily used by BT, Vodafone, Talk Talk and EE.