Huawei bosses should put the champagne on ice
UPDATED Jeremy Fleming opened the third CyberUK conference in Glasgow today with a promise to share more threat intelligence with UK businesses.
Fleming, the director of UK spy agency GCHQ, said there would be an initial focus on telcos and cloud and managed security providers.
“We intend to do more to take the burden of cybersecurity away from the individual,” Fleming said. “In particular, we will work closely with device manufacturers and online platform providers to build security into their products and services at the design stage."
“We will share intelligence with banks to enable them to alert customers to threats in close to real time,” he added.
In practice, this means an expansion on the National Cyber Security Centre’s (NCSC) Active Cyber Defence programme, an automation approach to block phishing and malware attacks at scale.
UK-hosted share of global phishing fell below 2% for the first time at the end of March this year, compared to 5.4% in 2016 – around the time the NCSC was established.
Reaching out to businesses will also involve sharing not just so-called indications of compromise but the modus operandi of attackers, NCSC director of operation Paul Chichester later clarified during a Q&A session.
During his speech, Fleming added: “In the last year we have made it simple for our analysts to share time-critical, secret information in a matter of seconds. With just one click, this information is being shared and action taken.”
Not everything is going to be shared – as befits an intel agency – but businesses, particularly at the top of the food chain, are going to be granted access to more information.
“We will continue to scale this capability so whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals, or credit cards being sold on the dark web, we will declassify this information and get it back to those who can act on it,” Fleming concluded.
Leaked reports that Prime Minister Theresa May has approved the use of telecoms kit from Chinese tech manufacturer Huawei in some non-core parts of Britain’s 5G data network may be premature.
An NCSC spokesman clarified that no announcement has been made, and when there is an announcement it will be made through the Department for Digital, Culture, Media & Sport in Parliament. The technical evaluation has been completed.
A cross-government statement on the debate about approved vendors for the UK’s 5G rollout expanded on this point and added a reference to a GCHQ-led evaluation of Huawei’s kit.
“National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.
“The security and resilience of the UK's telecoms networks is of paramount importance.
“As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence-based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.”
Malcolm Taylor, former senior British intelligence officer and current director of Cyber Advisory at ITC Secure, said: “It’s always dangerous to comment on a leak – and it’s an interesting thought that the NCSC doesn’t usually leak; this issue is becoming politicised in a way which many of the NCSC’s decisions do not.
“If correct, I judge this to be simply further evidence that the UK is taking a pragmatic, risk-based approach to 5G and Huawei.
“GCHQ and the NCSC, in the guise of the Huawei cell, have apparently considered the risks and concluded that ‘controlled integration’ of Huawei into non-core elements of the network will provide the best outcome for telcos and end users, whilst engaging Chinese technology which works well and is cost effective.”
“I find it very hard to argue with that approach,” he concluded.
Updated to add UK government statement