Top Australian Spy Condemns Britain's Huawei Decision

A former top spy has condemned Britain's decision to involve Huawei in the consruction of its national 5G network, warning Beijing's state-orchestrated campaign of hacks and all-encompassing intelligence laws shows Chinese companies cannot be trusted in cyberspace.

Simeon Gilding, who until last month was head of the Australian Signals Directorate's (ASD) signal intelligence and offensive cyber missions, has offered a rare insight into spy agencies' decision to effectively ban Huawei from supplying equipment to Australia's 5G network, despite the company's and Beijing's protestations.

Gilding was part of an ASD team that designed pages of cybersecurity mitigation measures which would "give the government confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks…But we failed," he wrote.

Huawei's Australian arm has seized upon the UK's decision to allow the company a limited role to supply equipment for the non-core parts of the network in a bid to convince the Australian government to reverse the ban.

But Mr Gilding, who led ASD's assessment of Huawei, said the UK government had "doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei's access to UK telco networks to insert bad code".

In a recent article for the Australian Strategic Policy Institute, Mr Gilding said the ASD had tried to design cybersecurity controls that would give the government confidence a hostile state intelligence agency would not be able to access networks through vendors' technology but failed. He cites China's controversial 2017 laws which require Chinese companies to cooperate with national intelligence work at Beijing's behest as an insurmountable challenge.

He said China had destroyed trust in cyberspace through its "scaled and indiscriminate hacking of foreign networks and its determination to direct and control Chinese tech companies.

Mr Gilding said legally compelled access to 5G vendors was "game changing for Chinese intelligence agencies because hacking is an increasingly tough business", likening it asking a fox to babysit your chickens. "Old style cybersecurity evolved to deal with threats from outside the network. But none of this works if the threat is inside your network....It is simply not reasonable to expect that Huawei would refuse a direction from the Chinese Communist Party, especially one backed by law."

While Huawei has complained Canberra has never told them about any security-related requirements to allow them to become involved in the 5G network, when the ban was announced by the previous government in August 2018, it explicitly nominated the risk posed by vendors "likely to be subject to extrajudicial directions from a foreign government".

Mr Gilding also rebuffs the British view that it is possible to minimise risk by splitting 5G networks into core and non-core functions, saying the technology's full potential for high speeds will only be reached if sensitive functions happen at the edge close to the consumer.

Britain's decision is based on a misunderstanding of the architectural differences between 4G networks, and full 5G networks where the distinction between "core" and "edge" disappear, Gilding wrote. "With 5G, all network functionality is virtualised and takes place within a single cloud environment. That means there is no physical or logical separation between the core and edge of the network." 

Huawei argues that despite being headquartered in an authoritarian country where the Chinese Communist Party’s intelligence and military apparatus reign supreme, it operates free of government influence.

 But Gilding does not agree - he  insists the problem is not with Huawei, but with the Chinese state’s record of cyber-attacks on Australia, and the fact that it has the power to direct private firms to follow its commands. The British decision to involve Huawei was, according to Gilding, based on the mistaken assumption that a country can apply “traditional” defences to stop a cyber-attack launched with the help of a company running part or all of a 5G network. 

IT News:        Sydney Morning Herald:        ZDNet:       Australian Financial Review:

You Might Also Read:

Is Widespread Suspicion Of Huawei Justified?:

 

 

 

« Fake News And The 2020 Presidential Election
The New Wave Of Attack Vectors »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

Pangu Laboratory

Pangu Laboratory

Beijing Qi an Pangu Laboratory Technology Co., Ltd. was established on the basis of Pangu laboratory, a well-known cyber security team.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Forward Networks

Forward Networks

Forward Networks - transforming networks to be more reliable, agile, and secure.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.