Welcome to the Cell. All visitors must surrender their cellphones at the door. No cameras or filming equipment allowed.
In a deceptively humdrum office block on the outskirts of Banbury, Oxfordshire, a team of cybersecurity experts is working to combat the risk of surveillance and hacking attacks from China.
The Cell’s technicians have the highest level of security clearance, with their personal and financial histories combed by investigating officers. Their work is overseen by a board that includes directors from Britain’s Government Communications Headquarters (GCHQ), Cabinet Office and Home Office.
However, the Cell’s staff are not on the British government payroll. They are employed by Huawei, one of China’s largest technology companies.
A maker of broadband and mobile network equipment, its kit is installed all over the UK.
In Banbury, the task is to check Huawei hardware and software for faults and bugs that could be exploited for nefarious purposes. Circuit boards are dismantled and millions of lines of software code are analyzed.
The center was created as a compromise — between the security concerns of intelligence agencies and the private sector’s desire for cheap imported technology.
With former British chancellor of the exchequer George Osborne’s ejection from the Treasury, China has lost its main cheerleader in government. New British Prime Minister Theresa May is taking a more cautious approach. A decision on allowing the Beijing-backed Hinkley Point power station project to go ahead has been delayed at her request.
In a climate of cooling economic relations, could the Cell provide a model for managing the potential risks of Chinese involvement in critical national infrastructure?
Perhaps. Up and running for five years now, the Huawei Cyber Security Centre, to use its official name, is regarded as a success by the board of government officials that oversees its work.
In their second annual report, published this spring, they found the arrangements to ensure the Cell was independent from Huawei were operating “robustly and effectively,” and that any potential threats to national security “have been sufficiently mitigated.”
However, in 2013, the Banbury operation was heavily criticized by parliament’s Intelligence and Security Committee, then chaired by former British secretary of state for defence Malcolm Rifkind.
Lawmakers had decided to review its work after a US Senate report raised the alarm, urging US firms not to use the company’s equipment.
Attempts by Huawei to take over US technology companies had been blocked. In Australia, it was barred from bidding for the country’s multibillion-dollar project to connect every home to a superfast broadband service.
CONCERNS
Rifkind’s committee concluded that the Cell’s staff should not be Huawei employees. His report warned this amounted to Huawei “effectively policing themselves.” He recommended Banbury be staffed by GCHQ, and failing that, subject to much greater scrutiny by government officials.
And so, in 2014, security experts from the highest echelons of the civil service were brought together, along with representatives of Vodafone, Huawei and BT, to create the Cell’s oversight board. It is currently chaired by Ciaran Martin, director-general for cybersecurity at GCHQ.
Concerns persist. Ernst & Young, hired to evaluate whether the Cell is truly independent from Huawei headquarters, concluded that the ability of the company to set the bonus of Cell managing director David Pollington, hired from Microsoft last year, “provides a vector by which performance ... could be influenced.”
Ernst & Young said that “by withholding or awarding the bonus [irrespective of performance], which constitutes a significant element of the reward package, the bonus could be used as a tool to motivate certain behaviors from the MD [managing director].”
The risk was reconsidered, but “accepted as reasonable,” according to this year’s annual report.
A spokesman for the company points out that the Huawei and Hinkley scenarios are not quite comparable. The technology firm sells its equipment to other companies, which then own and manage it. At Hinkley, the proposal is to sell a stake to the Chinese state, and in return for the investment, allow it to build Chinese-designed reactors at a new nuclear power station in Bradwell, Essex.
So what kind of risk does Huawei’s equipment present?
The company makes everything from the routers and switches that steer traffic across the Internet, to BT’s green street cabinets, to the transmission equipment used in mobile phone masts.
Sending an e-mail from your home computer, making a mobile phone call from a street corner, or using a tablet to order a weekly shop — wherever you are in the UK, chances are your private communications will be carried over Huawei equipment.
CONNECTIONS
With customers in Europe, the Americas, Africa and of course China, it claims to connect one-third of the world’s population.
Founded by a former Chinese Workers’ and Peasants’ Red Army officer, Ren Zhengfei (任正非), the firm has no public list of shareholders, but it claims to be privately owned and independent from the state.
Its biggest UK customers are Vodafone and BT. Until recently, the only British-owned mobile network, Vodafone has carved out a niche as the largest supplier to government ministries and major corporations. The phone calls made by the prime minister and her Cabinet run over its network.
BT’s broadband grid stretches from Whitehall to remote rural areas and is still the largest in the UK, supplying much of the infrastructure used by rivals including TalkTalk and Sky to connect their customers.
The concern is that so-called “back doors,” hidden in the Huawei software, could be used to eavesdrop on sensitive government, military and business communications.
They could even be used to disrupt or shut down mobile networks in the event of a conflict.
“Bugs can be hidden in sloppy code,” said Graeme Batsman, a data security consultant and blogger at datasecurityexpert.co.uk. “China and others are known for spying, but I don’t think China is a terrorist state, which would make these devices explode one day. The UK and US are probably just as bad anyway.”
Indeed, the papers leaked from the US’ National Security Agency by Edward Snowden revealed that it had hacked into Huawei’s headquarters, obtaining technical information and monitoring the communications of its top executives. One of the reported aims was to try and uncover vulnerabilities in the products to use them for US surveillance operations.
The Cell has identified multiple vulnerabilities in Huawei products.
The latest annual report warned: “Code quality has shown signs of improvement, but remains below industry good practice.”
More than 100 concerns had been raised with Huawei’s research and development arm in China, last year’s report said.
Three issues identified that year resulted in interventions having to be made in equipment already deployed in telecoms networks.
On the plus side, using company staff to identify faults means they are more likely to be fixed quickly. And the cooperation has brought cash into the UK.
In 2012, Ren met with then-British prime minister David Cameron to promise £3 billion (US$3.9 billion at current exchange rates) of procurement and investment. The following year, after Rifkind’s inquiry, he confirmed the deal when Osborne visited Shenzhen, China.
For Huawei, the monitoring arrangement not only improves its products, but makes good business sense. Cooperating with the UK advertises its trustworthiness to other foreign governments.
Reassuring the prime minister is another matter.
Former British secretary of state for business, innovation and skills Vince Cable has revealed that while he was in government, May was “never completely satisfied about Huawei.”
The Cell’s recent efforts might have quelled those fears.
For now, it is business as usual in Banbury.
Saudi Arabian largesse is flooding Egypt’s cultural scene, but the reception is mixed. Some welcome new “cooperation” between two regional powerhouses, while others fear a hostile takeover by Riyadh. In Cairo, historically the cultural capital of the Arab world, Egyptian Minister of Culture Nevine al-Kilany recently hosted Saudi Arabian General Entertainment Authority chairman Turki al-Sheikh. The deep-pocketed al-Sheikh has emerged as a Medici-like patron for Egypt’s cultural elite, courted by Cairo’s top talent to produce a slew of forthcoming films. A new three-way agreement between al-Sheikh, Kilany and United Media Services — a multi-media conglomerate linked to state intelligence that owns much of
The US and other countries should take concrete steps to confront the threats from Beijing to avoid war, US Representative Mario Diaz-Balart said in an interview with Voice of America on March 13. The US should use “every diplomatic economic tool at our disposal to treat China as what it is... to avoid war,” Diaz-Balart said. Giving an example of what the US could do, he said that it has to be more aggressive in its military sales to Taiwan. Actions by cross-party US lawmakers in the past few years such as meeting with Taiwanese officials in Washington and Taipei, and
The Republic of China (ROC) on Taiwan has no official diplomatic allies in the EU. With the exception of the Vatican, it has no official allies in Europe at all. This does not prevent the ROC — Taiwan — from having close relations with EU member states and other European countries. The exact nature of the relationship does bear revisiting, if only to clarify what is a very complicated and sensitive idea, the details of which leave considerable room for misunderstanding, misrepresentation and disagreement. Only this week, President Tsai Ing-wen (蔡英文) received members of the European Parliament’s Delegation for Relations
Denmark’s “one China” policy more and more resembles Beijing’s “one China” principle. At least, this is how things appear. In recent interactions with the Danish state, such as applying for residency permits, a Taiwanese’s nationality would be listed as “China.” That designation occurs for a Taiwanese student coming to Denmark or a Danish citizen arriving in Denmark with, for example, their Taiwanese partner. Details of this were published on Sunday in an article in the Danish daily Berlingske written by Alexander Sjoberg and Tobias Reinwald. The pretext for this new practice is that Denmark does not recognize Taiwan as a state under