Spy chiefs have reportedly briefed ministers that Huawei hardware bought by BT could be hijacked by China to cripple the UK's communications infrastructure. At a meeting in January, Alex Allan, chairman of the Joint Intelligence Committee, told the Home Secretary that while BT had taken steps to secure its network, "we believe …
Typical cop out
" but ministers are reluctant to act, citing competition law"
Next they'll be quoting Data Protection and Health and Saftey as excuses.
Me thinks National Security trumps it..
The words cheapest and kickbacks spring to mind.
Sounds like WMDs and Marconi sympathisers.
"CHinkz could Destoizorzz our systemz in moments unless we Gets Brit Kit made in China."
That will learn 'em to buy dodgy gear.
Marconi and 21CN
Marconi lost three aspects of 21CN: the MSAN, the iNode and the optical transmission. In the case of the MSAN and iNode Marconi were the clear technical winners, but they were not able to meet BT's pricing terms. Ciena was technically the best for optical. Huawei was the cheapest for MSANs and optical, and Huaweu promised it would all work the way it was supposed to.
MSAN went to Huawei and Fujitsu. iNode went to Ericsson. Optical went to Huawei and Ciena.
So, once they got their products from the lowest bidders, BT now had the challenge of deploying this stuff. As we know, 21CN is now 2 years late on a schedule that already slipped.
Some of those delays are because the Huawei MSANs don't work the way Huawei said they would. So you'll find more Fujistsu gear being installed than Huawei.
The majority of the delays are being put down to iNode issues with the Ericsson softswitches. When Ericsson bought Marconi in 2005 I assumed they'd deploy the Marconi softswitch in 21CN, but for some bizarre reason Ericsson cancelled that product and laid off all the staff. Today, with the Ericsson home-grown softswitch still nto working, they are looking to deploy Sonus in 21CN. How screwed up is that?
So should Hewitt have intervened and saved Marconi? That's a tough one to answer because protectionism is always a bad thing. But the question arises as to why BT was so stupid as to buy lowest bidder products for a project as significant and challenging as 21CN. It was always going to be hard, but by buying cheap they just made it impossible.
Now we see these fears about security issues. Once again, BT should probably have thought a bit more strategically about this.
Penny wise, pound foolish I say. If BT had bought iNode and MSAN from Marconi, 21CN would be a lot less late. And if they's bought optical from Ciena/Marconi we wouldn't be facing these strategic security concerns.
By the way, in terms of a threat, it's hard to intercept traffic at the optical layer - but it does give the Chinese the ability to turn off the network from afar (like the Russians can switch off our gas).
But the MSANs are different. If they are compromised then theoretically the Chinese could intercept phone calls and internet traffic.
Of the two threats I think the "big remote off switch" is more worrying.
Yellow peril is sooo 19th century
Letting in the Chinese Through the Back Door
So basically we've compromised our national security for the sake of some cheap telecomms gear. Seems the meeting's just worried about government & military comms, nothing about the poor public. And also on top of having to worry about commercial companies like Phorm & the government's Interception Modernisation Programme spying us, we've got to contend with the Chinese as well! (Though they're probably not interested in my blatherings!).
Not the Chinese I'm worried about...
...it's ADSL2+ tech that's the problem.
RE: Marconi and 21CN
Quick Question Kevin: Do you work for BT Exact (or did you in 2005)? I seem to recall the name ... I was a placement student there at the time.... Gemini building, if I recall the name properly.
I agree across the board regarding the Marconi equipment being the better kit, a lot of the guys who were charged with testing kit were really surprised and dismayed when they chucked it out for being too expensive, the Marconi iNode actually worked unlike the Ericsson version at the time. Not getting part of the 21CN deal it was the effective signing of the death warrant for Marconi
Every time I see something like this, I am remind of "War with the Newts" by Karel Čapek. It is still quite a pertinent book more than seventy years after publication.
(The moderatrix is possibly scratching her head over why this is relevent to China owning sensitive parts of the UK infrastructure. You would need to read the book to find out!)
Could have been worse...
...could have been made in Middle East.
what a nightmare
millions of £'s on core network kit....and you'll never be able to trust it???
that truly sucks.
Government should have got involved
@Kevin. Interesting analyses. A big remote switch off would indeed be crippling to our economy, government, military, everything. Plus it would bring fear and chaos - two powerful weopons that any potential enemy would want to deploy as soon as possible.
It would be like the Americans switching off their GPS satellites so only the US military can use them. Every military that relies on GPS will be crippled somewhat. That's part of the reason the EU are deploying their own system and I think the Chinese are too.
When planning big projects there should always be a contingency plan. I guess BT don't have one.
Another in the long line and a prime example of the problems that you get when you outsource control and end up buying on price alone instead of best for the job.
Doesn't do BT's reputation any good at all nor the government's.
The time and money that must be wasted doing it over again instead of right first time . . .
... Obvious & Bleeding, spring to mind!
Is it the badge or the manufacturer that matters?
Regardless of whose name is on the badge, surely what's inside it (and where it's made) is what matters?
If Marconi had survived (and I wish more of it/them had), how much of the kit would have been manufactured offshore anyway? How much of the kit that did win is manufactured in China anyway? Even if it's designed in the UK, who's checking that what's shipped to the end user is as designed?
If it matters (for security purposes) that it's made in China, we're onto a loser on a lot of fronts, regardless of whose name is on the box.
all your exchanges are belong to us
just wait for some pikey to nick em...
Truly priceless. What more is there to say?
Well that's why...
Whenever anything that is remotely sensitive that needs a WAN connection, no one in their right mind goes to BT. Have they won any new government network work recently, I get the impression that C & W and Global Crossing are reaping the benefits.
BTW, I had heard that Huawei only won because they were ridiculously cheap, when compared to anyone else. I still can fathom why BT had to go out to tender on this anyway, were I running a program like this, I'd only buy kit that I could see worked, by buying n units from each possible supplier, and trialling each device to see if it actually worked. Perhaps that's too simple.
So, what price Phorm when none of the exchanges works? That's what comes of being cheap, BT.
I must read the article again as I still do not know what specific vulnerability is being claimed, why they think it is there, or why they can't protect about it. Isn't just scare mongering is it ?
Unfortunately firms making judgements based on pie-in-the-sky promises and cheapest initial prices seems to be management strategy these days. Probably down to bean counters having too much influence before they move on.
@AC: RE: Marconi and 21CN
I'm afraid Kevin is my nom de plume :-) I wasn't at Exact.
Buy cheap. Pay twice.
RE: Well that's why...
"BTW, I had heard that Huawei only won because they were ridiculously cheap, when compared to anyone else. I still can fathom why BT had to go out to tender on this anyway, were I running a program like this, I'd only buy kit that I could see worked, by buying n units from each possible supplier, and trialling each device to see if it actually worked. Perhaps that's too simple."
They did do this, we had entire text labs dedicated to trialling the hardware and making sure they would work together nicely, the Marconi iNode was the only one I was aware of that ticked all the boxes needed (hell, one piece of the Ericsson (not the iNode if I recall) kit had a few outright dangerous vulnerabilities, one of which I discovered by accident, which they went on to use too). The decisions were made by bean-counters, not the guys trialling the kit, it annoyed a few trial customers in the area when one day their free broadband/voice lines disappeared with no warning (Marconi, quite rightfully got in a huff when they were told no and came and reclaimed all the kit it had loaned BT for a live (and working) trial)
ray of hope
if the chinese did hack their way in, they might be able to get BT's support business working.
Think about it another way....
...well be safe as India will hack back in an restart it all. They do need the support and banking call income!
<Paris because she does not like to be turned off!>
This is nothing.
Wait until someone finds what easter eggs the French have built into British warships, or what the Americans have put into the fighter planes that the UK buys from them.
Stupid doesn't even begin to describe it...
@ Stu Reeves
You left out the word "stupid" to complement "cheapest and kickbacks".
Ok .... who's Supplying the Narrative .... and Making a Pig's Ear of IT ...
...and a Silk Purse and Extracting the Urine?*
"Intelligence officials reportedly said they could not offer specifics on a potential Chinese strike, as they had "only limited understanding of our adversaries' attack capability"."
Now that must be an all time classic Intelligence line/dilemma/conundrum. :-) .... although it does expose their lack of Intelligence.
Is MI5/MI6 just a Sinecure/Quango/Idiots Retreat at the top? Scaremongers with Nothing of Value to Offer Man or Beast?
And don't answer that in the Negative please for it is a purely rhetorical question, requiring no out of the ordinary brain activity at all.
*And Three Strikes and your Out is the Golden Rule for Walking.
@AC what are the threats?
Just to clarify there are two distinct issues:
- Because Huawei is providing the MSANs for (theoretically) 50% of the 5,500 telephone exchanges in 21CN then these devices could be used to intercept phone calls or internet traffic.
- Because Huawei is providing optical transmission for 21CN, then China could simply "switch off" (or threaten to switch off) these devices in the event of some conflict. I suppose also that Huawei could introduce "bugs" or other issues to these devices so that it wasn't immediately obvious that this was a deliberate attack.
The security service report says that while these events are unlikely, the impact if they were to happen is highly significant.
As other people have pointed out, various aspects of UK communications and defence are now provided by foreign suppliers. Even items we might think of as Made in Britain use components or software created abroad.
I'm really not sure how credible these threats are. But in terms of conflict with China, we've certainly has our spats in the not too distant past (Tibet, for example). You have to think that using the "Huawei off switch" is only going to be possible once - so our disagreement would have to be pretty significant :-)
Since when has Patricia Hewitt been on the BT board? What hope is there of government action against PHORM when they are actually involved in introducing it? Is it a route to internet surveillance on all of us under the cover of a commercial operation?
This is f**king retarded!
I mean come on! We're constantly tieing ourselves up in litigation. Are we really going to allow our national infrastructure to be potentially compromised by dodgy hardware? Even if the possibility exists, this is a risk that can be managed. Lets look at it from an economic perspective. Short term savings through cheaper service provider/hardware Vs potential long term compromise of InfoSec and commercial/military/political information. Yes, it's true that encryption can provide some defence, but you can get more information from traffic analysis sometimes than from the packets themselves. For god sake DTI, wake up and act decisively!
"while these events are unlikely, the impact if they were to happen is highly significant."
That's putting it very politely indeed.
At one time the authorities (at least in public) considered it very unlikely that civil aircraft would be used as terrorist weapons. The nuclear power folks still choose to largely ignore the same possibility, or to fiddle their aircraft impact results.
Of course once it's happened, the rules change, but it is too late at that point, there are no prizes for saying "I told you so".
Meanwhile, airport "security by theater" lives on far beyond its alleged usefulness. Why?
What's gone wrong here?
All those tut-tutting at BT using Huawei gear should try to get a gander in their local exchange, an awful lot of the other companys providing voice/data services have invested heavily in Huawei kit. But of course they are not BT so that ok.....
Not to pile on the China bashing train, but...
Anybody recall a that loads of counterfit Cisco kit that wound up on various US military installations a year or so ago? Apparently it was good enough to fool most everybody, including Cisco TAC... If it weren't for some buggier than normal code and no matching serial numbers in Cisco's manufacturing database, maybe nobody would have caught it. But it doesn't pay to speculate, especially when the keys to the kingdom are at stake, does it?
You mean shadowy and unknown people will be secretly plugged into my internets intercepting all my stuff and snooping on me? Stone me I never thought that would happen.
The Bulls are AIRunning ...... A Virtual Proclivity and/or a Lien
..........on NEUKlearer HyperRadioProActivity. ......and AnglodDutch Shell IPEnergy if the Truth be Told too.
Err, excuse me, but you are living/surviving/dying in a Capitalist Society Model which is in Meltdown because, if anyone else were Copy it would the Establishment announce it is a Global Criminal Enterprise of Phoney Honourable Gentlemen trying their Darnedest to Control Humanity for their Own Personal Enrichment for Artificial Power Advantage with the Creation and Transfer of Queasy Credit and Creative Accounting Methodologies for the Streaming of Notional National Currencies/IOUs/Slip of Magic Paper bearing the Perception of Wealth which can be Virtually Realised and used as Legal Tender/Fool's Gold, and you are worried about what the Chinese may or may not be able/enabled to do with Technology and Networks InterNetworking because of their Ingenuity and Industry and Intelligence with Components which Capitalism Conspired/Contracted with them to Provide for them at Slave Labour Prices?
Methinks a) any Change which they may or may not Provide would be Beneficial, for there is no Advantage in IT being Malicious b) any harm inflicted upon the Western System by Reason of its own Stupidity would be richly deserved, as it is long overdue, with its Top Boards Management WipeOut for Novel Virtual Replacement being one of Life's Little Bare Necessities/Bear Market Big Realities c) it is Inevitable and any Delay will Focus Attention even more Accurately at the Real Source Meltdown Drivers ..... the Present Past Owners of the Corrupt System in Place and Burying its Heads in the Sand/Looking for a Foxhole.
Hell, we all know what happened to the last Heroic Idiot who tried that ... "We Got him" ... http://www.time.com/time/world/article/0,8599,561468,00.html
Nowadays, and for All of the ForeSeeable Future, is IT HiTime everyone starts to Realise, that there is No Place to Run and No Place to Hide, for Any and All into Gross Public Misdeamours Privatised for Personalised Gains.
Or would El Regers wish to disagree and Defend the System with that Old Rotten Chestnut/Stinking Red Herring of it being too Big to Fail and thus Identify themselves as a Champion for its Subversive Slavery and Inequitable Perverse Reward System ...... whenever it is Patently Far Too Far Gone and Rotten to the Core to Survive.
And if you were China and received this, which is just part of a longer communication ..... "Good Morning.
Please can you provide an e-mail address to which I could send some further information outlining and expanding upon a Civil CyberSpace Control Program for Responsible Government Global Use for the Better Welfare of Populations and the Greater Creative Use of Media, IT and Global Resources/Universal Wealth ....... and which is being Transparently Shared in a Novel Virtualised Operating System exploring with ITs C42 Quantum Control Systems ... Virtual Power Systems which Create with CyberSpace the Control of Commands for Computers and Communications for AI Betas and the Better Programming of Human Perceptions Management .... Networks InterNetworking Javan Applications ...... " ...... can you Imagine the Response, and can you Imagine the Home Team's Answer too?
Go on have a Guess. Use your Intelligence to see if it matches up to the Standards Displayed/Shared/Required for the Worlds of Tomorrow Today.
I Kid U Not, El Reg........ And after that Spike, what are wwwe gonna do now .... ? Anything Novel and Imaginative and IntelAIgent for a Change? :-) A Dumb Rhetorical Question, I know, but it is only Fair and Reasonable to Ask it for Analysis of Feedback for Production of Future Virtualisation Input42Output Systemically. ....... for Dynamic Automatic ProgramMING Projects Energising Realities without Autonomic Difficulties/Binary Conflicts.
Here in India...
When BSNL, the govt telecoms company, rolled out what it called "Broadband" (256K) in 2005, it gave us these cheap modems made by some company that nobody had ever heard of.
Now, it seems, Huawei owns the whole telecoms world!
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA
- 166 days later: Space Station astronauts return to Earth
- What did you see, Elder Galaxies? What made you age so quickly?