Top Australian Spy Condemns Britain's Huawei Decision

A former top spy has condemned Britain's decision to involve Huawei in the consruction of its national 5G network, warning Beijing's state-orchestrated campaign of hacks and all-encompassing intelligence laws shows Chinese companies cannot be trusted in cyberspace.

Simeon Gilding, who until last month was head of the Australian Signals Directorate's (ASD) signal intelligence and offensive cyber missions, has offered a rare insight into spy agencies' decision to effectively ban Huawei from supplying equipment to Australia's 5G network, despite the company's and Beijing's protestations.

Gilding was part of an ASD team that designed pages of cybersecurity mitigation measures which would "give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks…But we failed," he wrote.

Huawei's Australian arm has seized upon the UK's decision to allow the company a limited role to supply equipment for the non-core parts of the network in a bid to convince the Australian government to reverse the ban.

But Mr Gilding, who led ASD's assessment of Huawei, said the UK government had "doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei's access to UK telco networks to insert bad code".

In a recent article for the Australian Strategic Policy Institute, Mr Gilding said the ASD had tried to design cybersecurity controls that would give the government confidence a hostile state intelligence agency would not be able to access networks through vendors' technology but failed. He cites China's controversial 2017 laws which require Chinese companies to cooperate with national intelligence work at Beijing's behest as an insurmountable challenge.

He said China had destroyed trust in cyberspace through its "scaled and indiscriminate hacking of foreign networks and its determination to direct and control Chinese tech companies.

Mr Gilding said legally compelled access to 5G vendors was "game changing for Chinese intelligence agencies because hacking is an increasingly tough business", likening it asking a fox to babysit your chickens. "Old style cybersecurity evolved to deal with threats from outside the network. But none of this works if the threat is inside your network....It is simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party, especially one backed by law."

While Huawei has complained Canberra has never told them about any security-related requirements to allow them to become involved in the 5G network, when the ban was announced by the previous government in August 2018, it explicitly nominated the risk posed by vendors "likely to be subject to extrajudicial directions from a foreign government".

Mr Gilding also rebuffs the British view that it is possible to minimise risk by splitting 5G networks into core and non-core functions, saying the technology's full potential for high speeds will only be reached if sensitive functions happen at the edge close to the consumer.

Britain's decision is based on a misunderstanding of the architectural differences between 4G networks, and full 5G networks where the distinction between "core" and "edge" disappear, Gilding wrote. "With 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network." 

Huawei argues that despite being headquartered in an authoritarian country where the Chinese Communist Party’s intelligence and military apparatus reign supreme, it operates free of government influence.

 But Gilding does not agree - he  insists the problem is not with Huawei, but with the Chinese state’s record of cyber-attacks on Australia, and the fact that it has the power to direct private firms to follow its commands. The British decision to involve Huawei was, according to Gilding, based on the mistaken assumption that a country can apply “traditional” defences to stop a cyber-attack launched with the help of a company running part or all of a 5G network. 

IT News:        Sydney Morning Herald:        ZDNet:       Australian Financial Review:

You Might Also Read:

Is Widespread Suspicion Of Huawei Justified?:

 

 

 

« Fake News And The 2020 Presidential Election
The New Wave Of Attack Vectors »

Perimeter 81

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security is a cyber security technology consulting, incident response and applied research company.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Symposium on Securing the IoT

Symposium on Securing the IoT

The Symposium on Securing the IoT Conference covers the critical issues faced by companies looking to integrate IoT solutions into their manufacturing processes.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.