The Guardian view on cybersecurity: trust – but verify | Editorial
How far can we trust Chinese companies to supply our critical national infrastructure? The question was raised by the Hinkley Point power station, but is even more pressing in the telecoms business. Broadband internet is now as critical a part of the infrastructure as the road or rail network. So the question seems to answer itself. Many countries are extremely reluctant to allow two Chinese telecoms companies in particular, Huawei and ZTE, to do business with them. They view both of them as arms of the Chinese state, even though Huawei is legally a private company. In fact the US government nearly shut down ZTE altogether this year by forbidding its American component suppliers to deal with it, although it was later allowed to resume operations on payment of a $1bn fine. The British National Cyber Security Centre has already warned telecoms companies against the use of ZTE equipment or services.
Huawaei had already abandoned the US market in 2013, but in the UK it has had a central position in BT's broadband operation since 2010, having won its first contract in 2005. A 2013 report by the parliamentary intelligence and security committee was extremely critical of the way in which that deal had been nodded through without any ministerial input at all. Partly as a result, an arrangement was reached that allowed experts from GCHQ to examine the code in Huawei equipment used in Britain. The latest report from the oversight committee, which watches the progress of monitoring, suggests that there is more work to be done in some areas, mostly to do with third party components. This is not very alarmist language, and the company claims that it shows the process is working as designed. But it still reminds us of the inherent dangers of an obscure situation.
Continue reading...