Sign up to our newsletter
The latest security news direct to your inbox
I thought I’d blogged myself to a standstill over the weekend, but it seems there’s plenty of life left in the Tibet/China story, even if it’s only the East and the West exchanging accusations.
A China Daily headline claims that "Analysts dismiss ‘cyber spy’ claims", though in fact the quotes in the article talk about exaggeration rather than absolute denial. Most of China Daily’s readers (or at any rate those who’ve commented on the article) have written it off as "China-bashing", or as an attempt by the West to deflect attention from its economic problems.
Meanwhile, closer to home (well, my home…), the Times reports that a "confidential" memo (not any more it isn’t…) circulating in Whitehall expresses concern by the chairman of the Joint Intelligence Committee that BT’s buy-in of components for its new £10 billion network from the Chinese telecoms supplier Huawei would expose the UK’s communications to deliberate attack from China, though it concedes that ‘there is at present a “low” risk of China exploiting its capability’.
Nevertheless, the report points out the impact of such an attack would have a serious impact. I don’t have enough data to assess the seriousness of such an attack in practical terms, but it seems unfortunate that "government departments, the intelligence services and the military" are apparently committed to the use of the new BT network if that network cedes significant potential control, even at component level, to a nation that clearly isn’t trusted at high levels of government.
I have to wonder how many elements of the UK’s Critical National Infrastructure (CNI) are labelled "made in China". Not that I want to buy into the universal xenophobia that seems to dominate this story, but if you’re building or maintaining a CNI, don’t you try to keep it in-house, even if it costs more to buy from trusted sources?
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET