Top Australian Spy Condemns Britain's Huawei Decision

A former top spy has condemned Britain's decision to involve Huawei in the consruction of its national 5G network, warning Beijing's state-orchestrated campaign of hacks and all-encompassing intelligence laws shows Chinese companies cannot be trusted in cyberspace.

Simeon Gilding, who until last month was head of the Australian Signals Directorate's (ASD) signal intelligence and offensive cyber missions, has offered a rare insight into spy agencies' decision to effectively ban Huawei from supplying equipment to Australia's 5G network, despite the company's and Beijing's protestations.

Gilding was part of an ASD team that designed pages of cybersecurity mitigation measures which would "give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks…But we failed," he wrote.

Huawei's Australian arm has seized upon the UK's decision to allow the company a limited role to supply equipment for the non-core parts of the network in a bid to convince the Australian government to reverse the ban.

But Mr Gilding, who led ASD's assessment of Huawei, said the UK government had "doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei's access to UK telco networks to insert bad code".

In a recent article for the Australian Strategic Policy Institute, Mr Gilding said the ASD had tried to design cybersecurity controls that would give the government confidence a hostile state intelligence agency would not be able to access networks through vendors' technology but failed. He cites China's controversial 2017 laws which require Chinese companies to cooperate with national intelligence work at Beijing's behest as an insurmountable challenge.

He said China had destroyed trust in cyberspace through its "scaled and indiscriminate hacking of foreign networks and its determination to direct and control Chinese tech companies.

Mr Gilding said legally compelled access to 5G vendors was "game changing for Chinese intelligence agencies because hacking is an increasingly tough business", likening it asking a fox to babysit your chickens. "Old style cybersecurity evolved to deal with threats from outside the network. But none of this works if the threat is inside your network....It is simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party, especially one backed by law."

While Huawei has complained Canberra has never told them about any security-related requirements to allow them to become involved in the 5G network, when the ban was announced by the previous government in August 2018, it explicitly nominated the risk posed by vendors "likely to be subject to extrajudicial directions from a foreign government".

Mr Gilding also rebuffs the British view that it is possible to minimise risk by splitting 5G networks into core and non-core functions, saying the technology's full potential for high speeds will only be reached if sensitive functions happen at the edge close to the consumer.

Britain's decision is based on a misunderstanding of the architectural differences between 4G networks, and full 5G networks where the distinction between "core" and "edge" disappear, Gilding wrote. "With 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network." 

Huawei argues that despite being headquartered in an authoritarian country where the Chinese Communist Party’s intelligence and military apparatus reign supreme, it operates free of government influence.

 But Gilding does not agree - he  insists the problem is not with Huawei, but with the Chinese state’s record of cyber-attacks on Australia, and the fact that it has the power to direct private firms to follow its commands. The British decision to involve Huawei was, according to Gilding, based on the mistaken assumption that a country can apply “traditional” defences to stop a cyber-attack launched with the help of a company running part or all of a 5G network. 

IT News:        Sydney Morning Herald:        ZDNet:       Australian Financial Review:

You Might Also Read:

Is Widespread Suspicion Of Huawei Justified?:

 

 

 

« Fake News And The 2020 Presidential Election
The New Wave Of Attack Vectors »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Deep Secure

Deep Secure

Deep Secure’s Content Threat Removal platform delivers total protection of high value data for your business.

GamaSec

GamaSec

GamaSec provide security solutions for detecting and protecting websites, web applications and other vulnerable online information.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Jolocom

Jolocom

Jolocom builds decentralized software solutions that enable people, organizations, and machines to own and control their identity information.

CyLumena

CyLumena

CyLumena's mission is to provide clients with peace of mind around cybersecurity through a cost-effective combination of preparation, prevention, and responsive action.