Top Australian Spy Condemns Britain's Huawei Decision

A former top spy has condemned Britain's decision to involve Huawei in the consruction of its national 5G network, warning Beijing's state-orchestrated campaign of hacks and all-encompassing intelligence laws shows Chinese companies cannot be trusted in cyberspace.

Simeon Gilding, who until last month was head of the Australian Signals Directorate's (ASD) signal intelligence and offensive cyber missions, has offered a rare insight into spy agencies' decision to effectively ban Huawei from supplying equipment to Australia's 5G network, despite the company's and Beijing's protestations.

Gilding was part of an ASD team that designed pages of cybersecurity mitigation measures which would "give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks…But we failed," he wrote.

Huawei's Australian arm has seized upon the UK's decision to allow the company a limited role to supply equipment for the non-core parts of the network in a bid to convince the Australian government to reverse the ban.

But Mr Gilding, who led ASD's assessment of Huawei, said the UK government had "doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei's access to UK telco networks to insert bad code".

In a recent article for the Australian Strategic Policy Institute, Mr Gilding said the ASD had tried to design cybersecurity controls that would give the government confidence a hostile state intelligence agency would not be able to access networks through vendors' technology but failed. He cites China's controversial 2017 laws which require Chinese companies to cooperate with national intelligence work at Beijing's behest as an insurmountable challenge.

He said China had destroyed trust in cyberspace through its "scaled and indiscriminate hacking of foreign networks and its determination to direct and control Chinese tech companies.

Mr Gilding said legally compelled access to 5G vendors was "game changing for Chinese intelligence agencies because hacking is an increasingly tough business", likening it asking a fox to babysit your chickens. "Old style cybersecurity evolved to deal with threats from outside the network. But none of this works if the threat is inside your network....It is simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party, especially one backed by law."

While Huawei has complained Canberra has never told them about any security-related requirements to allow them to become involved in the 5G network, when the ban was announced by the previous government in August 2018, it explicitly nominated the risk posed by vendors "likely to be subject to extrajudicial directions from a foreign government".

Mr Gilding also rebuffs the British view that it is possible to minimise risk by splitting 5G networks into core and non-core functions, saying the technology's full potential for high speeds will only be reached if sensitive functions happen at the edge close to the consumer.

Britain's decision is based on a misunderstanding of the architectural differences between 4G networks, and full 5G networks where the distinction between "core" and "edge" disappear, Gilding wrote. "With 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network." 

Huawei argues that despite being headquartered in an authoritarian country where the Chinese Communist Party’s intelligence and military apparatus reign supreme, it operates free of government influence.

 But Gilding does not agree - he  insists the problem is not with Huawei, but with the Chinese state’s record of cyber-attacks on Australia, and the fact that it has the power to direct private firms to follow its commands. The British decision to involve Huawei was, according to Gilding, based on the mistaken assumption that a country can apply “traditional” defences to stop a cyber-attack launched with the help of a company running part or all of a 5G network. 

IT News:        Sydney Morning Herald:        ZDNet:       Australian Financial Review:

You Might Also Read:

Is Widespread Suspicion Of Huawei Justified?:

 

 

 

« Fake News And The 2020 Presidential Election
The New Wave Of Attack Vectors »

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

WEBINAR: How to design a least privilege architecture in AWS

WEBINAR: How to design a least privilege architecture in AWS

Tuesday, April 14, 2020 - Join SANS and AWS Marketplace to learn about how to design a least privilege architecture in AWS.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Go Cyber

Go Cyber

Go Cyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services including cybersecurity.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.