Are Huawei the enemy within? GCHQ is tightening its supervision of the giant Chinese technology company’s UK testing centre


Cahal Milmo
Wednesday 18 December 2013 21:29
The epitome of big business, Huawei had revenues of £21bn in 2012
The epitome of big business, Huawei had revenues of £21bn in 2012

In a modern office block on the edge of Banbury protected by the sort of high security provided for sensitive government facilities, a team of computer experts each day painstakingly pulls apart circuit boards and computer code from equipment made by Chinese company Huawei.

The purpose of this building - known as “The Cell” - is to establish whether the products emerging from Huawei’s global supply chain contain flaws which might endanger Britain’s national security by allowing them to be used to spy on or disable the nation’s phone or data networks.

What is even more unusual about The Cell is that it is staffed and funded by Huawei employees who have in turn been subjected to Developed Vetting - the most stringent and intrusive level of UK government security clearance - and are overseen by a former director of GCHQ.

This extraordinary co-habitation is undertaken by the Chinese company as part of its attempts to overcome a tidal wave of mistrust which has seen it described in Washington as a threat to “core national security interests” and yet embraced in Britain as the epitome of globalised hi-tech.

The tentative nature of that embrace was underlined this week when it was announced that the Government is to enhance the oversight by GCHQ of The Cell - also known as the Cyber Security Evaluation Centre (HCSEC) - and let the intelligence agency direct all its senior appointments.

At the same time, the review by the Prime Minister’s national security adviser rejected a call by MPs to resolve any conflicts of interest at the centre by arranging for its staff of about 20 - who are already required to be UK nationals - to become direct employees of GCHQ.

In making his recommendations, Sir Kim Darroch said he was satisfied that HCSEC was operating “effectively”, adding that the unit was in fact a “model” for collaboration between government and the private sector.

Huawei and its Banbury nerve centre lie directly on the fault line between the desire for western countries to work with China’s best companies and the reticence generated by, on the one hand, concern at Beijing’s record for hacking and more febrile complaints of commercial expansionism fuelled by little more than sinophobia.

Huawei has consistently - and volubly - denied that its equipment can be used to launch attacks on critical infrastructure or indeed that it has links to the Chinese military or intelligence services.

In an attempt to bridge the gap between suspicion and mutually-advantageous profit, Huawei, founded by former People’s Liberation Army engineer Ren Zhengfei, set up HCSEC in 2010 on the back of an earlier deal to supply telecoms equipment to BT.

Amid concern that so-called “backdoors” had been built into equipment which could allow a third party to covertly intercept data or cripple communications at an unknown future date, rigorous tests have been carried out at The Cell ever since to allay such geo-political queasiness.

The centre scrutinises equipment from servers to transmitters supplied to British operators such as O2, Talk Talk and Everything Everywhere, looking first at its physical components from access points to hard drives before then scrutinising software for vulnerabilities. It is understood that the decision on what to examine is taken by the phone companies in consultation with GCHQ rather than Huawei.

In a sign of the extent to which the Chinese company, which now supplies in 140 countries and last year had global revenues of £21bn, wants to be seen to be transparent it has even installed a copy of its source code - the crown jewels of any technology giant - inside the Banbury facility - albeit in an ultra-secure room inside a security cage.

At the same time, it has poured resources into Britain, opening 15 offices and increasing its number of employees to 1,500 by 2017 - along with planned investment of £650m.

The result is what amounts to a relatively clean bill of Whitehall health for Huawei, whose executives are at pains to point out that it is a private company owned by its employees and spends some £2.4bn a year on components sourced from the United States.

After “some initial teething problems”, the company’s co-operation has been “exemplary”, according to Sir Kim, who added that vulnerabilities discovered by the Banbury team “could be explained as genuine design weaknesses or errors in coding practice”.

Experts point out that in the light of the revelations from NSA whistleblower Edward Snowden about the involvement of Britain and American in industrial-scale eavesdropping of telecommunications, it is rich for western governments to cast aspersions about Chinese actions.

Graeme Batsman, of cyber security company EncSec, said: “With most electronic products being made in China, there is the potential for anything to be spiked. But it is equally in the interests of others, say in the States, to seek to tarnish the reputation of Chinese brands.

“Huawei is used so much in the public sector it would be foolish to include back doors on purpose - everything gets tested. All hardware and software probably has design flaws. That is why you get companies like Microsoft or Java releasing frequent patches.”

The company’s shift in public perception from the jingoistic vanguard of a hi-tech “Red Menace” to the sort of cuddly global brand that puts its name on the shirts of premier football teams (it recently announced a sponsorship deal of AC Milan) nonetheless remains a work in progress.

It was earlier this year formally prevented by the Australian authorities from competing for a £24bn broadband network contract and The Cell is likely to remain in operation for some time to come.

Perhaps predictably, it is a situation upon which it is determined to put a brave face. A Huawei spokesman said: “We are pleased that the model of the UK government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products deployed in the UK.”

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments