A high-ranking GCHQ director has spoken out about his fears of cybersecurity standards at a Chinese tech firm, Huawei.
The companies security is “shoddy”, the technical director says, and well below cybersecurity standards of industry competition. The firm is coming under increasing global pressure following accusations that it facilitates espionage and surveillance on behalf of the Chinese government.
The US has been the most vocal in scepticism over Huawei’s technology, fearing that Beijing will take advantage of Huawei’s involvement in the development of 5G networks to develop its intelligence overseas.
Authorities in the UK have raised similar queries about the Chinese firm’s cybersecurity credentials, but GCHQ has said in the past that any risks can be managed and that there is little evidence that Huawei is used as a spying tool. Huawei itself has repeatedly denied any such activity.
According to The Guardian, Ian Levy, Technical Director of Britain’s National Cyber Security Centre, part of the GCHQ signals intelligence agency, said:
“Huawei as a company builds stuff very differently to their Western counterparts. Part of that is because of how quickly they’ve grown up, part of it could be cultural – who knows,”
“What we have learnt as a result of that, the security is objectively worse, and we need to cope with that,” he told a conference in London.
Describing how Huawei measures up against the cybersecurity standards of rivals, Levy said:
“Certainly nothing is perfect, certainly Huawei is shoddy, the others are less shoddy.”
Beyond banning Huawei in the US, the White House is attempting to stop the company from purchasing US goods. The US government has also said it will put restrictions on what it tells other nations who go ahead with implementing Huawei technology.
Here in the UK, the National Security Council took the decision to stop limit Huawei’s involvement in the development of 5G networks, leaving access open only to non-core elements.
Huawei has since said it will invest over $2bn in eradicating cybersecurity flaws, but that results could take around five years to appear.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.