Government calls for stricter security controls between Huawei and GHCQ

A review into security arrangements between Huawei and GCHQ for vetting the firm's telecoms kit in the UK has called for several changes, although it has dismissed many of the original concerns raised.
The report was conducted after major security concerns were raised earlier this year by the Intelligence and Security Committee (ISC). It was concerned that Huawei had been able to carve out a dominant position in the telecoms market without scrutiny.

This also led to fears that the Huawei Cyber Security Evaluation Centre (HCSEC, also known as the Cell) used to evaluate Huawei kit in the UK, was staffed by its own employees rather than GCHQ staff.
This led to a review of the working practices at the Cell and the relationship between Huawei and GCHQ, carried out by national security adviser Sir Kim Darroch. The report has now been published and, although no major issues came to light, several recommendations have been put forward.

These focused on formalising many of the currently informal working practices between the two organisations, such as when code and equipment is made available for checking. The report also said that senior staff at the Cell should be appointed with more direct input from GCHQ.

“GCHQ’s involvement in the future appointment of senior staff to HCSEC should be strengthened. At present, GCHQ have a power of veto over appointments through the security vetting process,” it said.
“The review recommends that, in future, GCHQ should lead and direct senior HCSEC appointments (in consultation with Huawei), in particular through chairing the selection panel.”

However, the report noted that although initial concerns focused on the amount of control Huawei has over the oversight of its own equipment, this is required given the complexities involved in accessing source code.
“Although the fact of HCSEC staff being employed by Huawei appeared to create conflicts of interest, it was, in reality, the best way of ensuring continued complete access to Huawei products, codes and engineers, without which HCSEC could not do its job,” it said.

“In particular, were HCSEC staff not to be Huawei employees, access arrangements would be complicated by Huawei’s non-disclosure agreements with its hundreds of third-party suppliers.

“Also, there would be a possibility of commercial risk or even liabilities for the taxpayer were GCHQ, in effect, to impose themselves between Huawei and the UK telecommunications market.”

Read the rest of this post --->
Share on Google Plus

About Doru Somcutean

Hello, my name is Somcutean Doru and I'm from Romania.

I really like to read reviews and see what's new about technology, on D-BLOG I share with you articles/reviews that I find interesting. I also write some reviews in romanian...

My second blog is D-NEWS , here are some movie reviews , my favorite songs or clips that I more like a personal please don't get in because you'll get really bored.

I hope you like it!

0 comentarii:

Post a Comment