Welcome to the Cell. All visitors must surrender their cellphones at the door. No cameras or filming equipment allowed.
In a deceptively humdrum office block on the outskirts of Banbury, Oxfordshire, a team of cybersecurity experts is working to combat the risk of surveillance and hacking attacks from China.
The Cell’s technicians have the highest level of security clearance, with their personal and financial histories combed by investigating officers. Their work is overseen by a board that includes directors from Britain’s Government Communications Headquarters (GCHQ), Cabinet Office and Home Office.
However, the Cell’s staff are not on the British government payroll. They are employed by Huawei, one of China’s largest technology companies.
A maker of broadband and mobile network equipment, its kit is installed all over the UK.
In Banbury, the task is to check Huawei hardware and software for faults and bugs that could be exploited for nefarious purposes. Circuit boards are dismantled and millions of lines of software code are analyzed.
The center was created as a compromise — between the security concerns of intelligence agencies and the private sector’s desire for cheap imported technology.
With former British chancellor of the exchequer George Osborne’s ejection from the Treasury, China has lost its main cheerleader in government. New British Prime Minister Theresa May is taking a more cautious approach. A decision on allowing the Beijing-backed Hinkley Point power station project to go ahead has been delayed at her request.
In a climate of cooling economic relations, could the Cell provide a model for managing the potential risks of Chinese involvement in critical national infrastructure?
Perhaps. Up and running for five years now, the Huawei Cyber Security Centre, to use its official name, is regarded as a success by the board of government officials that oversees its work.
In their second annual report, published this spring, they found the arrangements to ensure the Cell was independent from Huawei were operating “robustly and effectively,” and that any potential threats to national security “have been sufficiently mitigated.”
However, in 2013, the Banbury operation was heavily criticized by parliament’s Intelligence and Security Committee, then chaired by former British secretary of state for defence Malcolm Rifkind.
Lawmakers had decided to review its work after a US Senate report raised the alarm, urging US firms not to use the company’s equipment.
Attempts by Huawei to take over US technology companies had been blocked. In Australia, it was barred from bidding for the country’s multibillion-dollar project to connect every home to a superfast broadband service.
CONCERNS
Rifkind’s committee concluded that the Cell’s staff should not be Huawei employees. His report warned this amounted to Huawei “effectively policing themselves.” He recommended Banbury be staffed by GCHQ, and failing that, subject to much greater scrutiny by government officials.
And so, in 2014, security experts from the highest echelons of the civil service were brought together, along with representatives of Vodafone, Huawei and BT, to create the Cell’s oversight board. It is currently chaired by Ciaran Martin, director-general for cybersecurity at GCHQ.
Concerns persist. Ernst & Young, hired to evaluate whether the Cell is truly independent from Huawei headquarters, concluded that the ability of the company to set the bonus of Cell managing director David Pollington, hired from Microsoft last year, “provides a vector by which performance ... could be influenced.”
Ernst & Young said that “by withholding or awarding the bonus [irrespective of performance], which constitutes a significant element of the reward package, the bonus could be used as a tool to motivate certain behaviors from the MD [managing director].”
The risk was reconsidered, but “accepted as reasonable,” according to this year’s annual report.
A spokesman for the company points out that the Huawei and Hinkley scenarios are not quite comparable. The technology firm sells its equipment to other companies, which then own and manage it. At Hinkley, the proposal is to sell a stake to the Chinese state, and in return for the investment, allow it to build Chinese-designed reactors at a new nuclear power station in Bradwell, Essex.
So what kind of risk does Huawei’s equipment present?
The company makes everything from the routers and switches that steer traffic across the Internet, to BT’s green street cabinets, to the transmission equipment used in mobile phone masts.
Sending an e-mail from your home computer, making a mobile phone call from a street corner, or using a tablet to order a weekly shop — wherever you are in the UK, chances are your private communications will be carried over Huawei equipment.
CONNECTIONS
With customers in Europe, the Americas, Africa and of course China, it claims to connect one-third of the world’s population.
Founded by a former Chinese Workers’ and Peasants’ Red Army officer, Ren Zhengfei (任正非), the firm has no public list of shareholders, but it claims to be privately owned and independent from the state.
Its biggest UK customers are Vodafone and BT. Until recently, the only British-owned mobile network, Vodafone has carved out a niche as the largest supplier to government ministries and major corporations. The phone calls made by the prime minister and her Cabinet run over its network.
BT’s broadband grid stretches from Whitehall to remote rural areas and is still the largest in the UK, supplying much of the infrastructure used by rivals including TalkTalk and Sky to connect their customers.
The concern is that so-called “back doors,” hidden in the Huawei software, could be used to eavesdrop on sensitive government, military and business communications.
They could even be used to disrupt or shut down mobile networks in the event of a conflict.
“Bugs can be hidden in sloppy code,” said Graeme Batsman, a data security consultant and blogger at datasecurityexpert.co.uk. “China and others are known for spying, but I don’t think China is a terrorist state, which would make these devices explode one day. The UK and US are probably just as bad anyway.”
Indeed, the papers leaked from the US’ National Security Agency by Edward Snowden revealed that it had hacked into Huawei’s headquarters, obtaining technical information and monitoring the communications of its top executives. One of the reported aims was to try and uncover vulnerabilities in the products to use them for US surveillance operations.
The Cell has identified multiple vulnerabilities in Huawei products.
The latest annual report warned: “Code quality has shown signs of improvement, but remains below industry good practice.”
More than 100 concerns had been raised with Huawei’s research and development arm in China, last year’s report said.
Three issues identified that year resulted in interventions having to be made in equipment already deployed in telecoms networks.
On the plus side, using company staff to identify faults means they are more likely to be fixed quickly. And the cooperation has brought cash into the UK.
In 2012, Ren met with then-British prime minister David Cameron to promise £3 billion (US$3.9 billion at current exchange rates) of procurement and investment. The following year, after Rifkind’s inquiry, he confirmed the deal when Osborne visited Shenzhen, China.
For Huawei, the monitoring arrangement not only improves its products, but makes good business sense. Cooperating with the UK advertises its trustworthiness to other foreign governments.
Reassuring the prime minister is another matter.
Former British secretary of state for business, innovation and skills Vince Cable has revealed that while he was in government, May was “never completely satisfied about Huawei.”
The Cell’s recent efforts might have quelled those fears.
For now, it is business as usual in Banbury.
When US budget carrier Southwest Airlines last week announced a new partnership with China Airlines, Southwest’s social media were filled with comments from travelers excited by the new opportunity to visit China. Of course, China Airlines is not based in China, but in Taiwan, and the new partnership connects Taiwan Taoyuan International Airport with 30 cities across the US. At a time when China is increasing efforts on all fronts to falsely label Taiwan as “China” in all arenas, Taiwan does itself no favors by having its flagship carrier named China Airlines. The Ministry of Foreign Affairs is eager to jump at
The muting of the line “I’m from Taiwan” (我台灣來欸), sung in Hoklo (commonly known as Taiwanese), during a performance at the closing ceremony of the World Masters Games in New Taipei City on May 31 has sparked a public outcry. The lyric from the well-known song All Eyes on Me (世界都看見) — originally written and performed by Taiwanese hip-hop group Nine One One (玖壹壹) — was muted twice, while the subtitles on the screen showed an alternate line, “we come here together” (阮作伙來欸), which was not sung. The song, performed at the ceremony by a cheerleading group, was the theme
Secretary of State Marco Rubio raised eyebrows recently when he declared the era of American unipolarity over. He described America’s unrivaled dominance of the international system as an anomaly that was created by the collapse of the Soviet Union at the end of the Cold War. Now, he observed, the United States was returning to a more multipolar world where there are great powers in different parts of the planet. He pointed to China and Russia, as well as “rogue states like Iran and North Korea” as examples of countries the United States must contend with. This all begs the question:
In China, competition is fierce, and in many cases suppliers do not get paid on time. Rather than improving, the situation appears to be deteriorating. BYD Co, the world’s largest electric vehicle manufacturer by production volume, has gained notoriety for its harsh treatment of suppliers, raising concerns about the long-term sustainability. The case also highlights the decline of China’s business environment, and the growing risk of a cascading wave of corporate failures. BYD generally does not follow China’s Negotiable Instruments Law when settling payments with suppliers. Instead the company has created its own proprietary supply chain finance system called the “D-chain,” through which
RSS