Archive

Tag Archives: Five Eyes


With Prof Peter Varnish OBE, Macdonald Laurier Institute, September 2021

The international environment is increasingly insecure. Under the leadership of Xi Jinping and Vladimir Putin, China and Russia are attempting to reshape the international system and constrain the liberal democratic West. State competition is changing, in a shift towards deniable, intrusive, and non-military threats against all sectors of society and, as a result, liberal democracies are increasingly looking for collective ways to respond. To meet this growing global challenge, Canada could do much more with the historic Five Eyes grouping that also includes the US, UK, Australia and New Zealand.

The Five Eyes began primarily as an intelligence-sharing and technology collaboration arrangement. But in a new joint publication between the Daniel K. Inouye Asia-Pacific Center for Security Studies and the Macdonald-Laurier Institute, authors John Hemmings and Peter Varnish argue that the Five Eyes grouping could be used by Canada and others to expand the ability to counter and deter China and Russia across multiple areas, including technology, information, military, and economics.

According to the report, titled “Evolving the Five Eyes: Opportunities and Challenges in the New Strategic Landscape,” the Five Eyes has many advantages, from its proven history of creating effective personal relationships across all five countries to its ad hoc, fluid informality which makes it an ideal vehicle for expanded security cooperation. The countries share a common language, democratic traditions and legal systems and they have largely compatible militaries and security practices.


Why Britain’s spooks are wrong to downplay the risks of Huawei

13CB7C90-E335-4BE6-A3FE-7858F4C14007

The Telegraph, 14 January, 2020

Sir Andrew Parker’s assertion that incorporating Huawei components in the next stage of the UK’s 5G network would be unlikely to disrupt intelligence relations with the US or its allies is alarming for a number of reasons. It would appear that the UK’s spymasters have decided – much like Britain’s telecommunications companies – on a policy of asking the right questions in order to guarantee the right answers.

The UK needs Huawei’s 5G tech at its laughably cheap prices. And so ignored is the geopolitical context of an increasingly authoritarian China, funding Huawei’s expansion across Europe. Ignored is the company’s role in Xinjiang. Ignored is China’s place as a leading source of global cyber espionage. Ignored is the 2017 National Intelligence Law which requires Chinese companies to cooperate with China’s intelligence agencies, at home and abroad. Ignored are China’s increasing influence operations inside Western democracies.

Instead, the decisive question in Britain’s 5G debate has become a comically narrow one: will Huawei’s inclusion into Britain’s 5G networks be a threat to the network’s integrity?

The UK’s National Cyber Security Centre (NCSC) argues that it can mitigate this risk by using multiple vendors – a mixture of Huawei, Ericsson, and Nokia – and by restricting Huawei’s components to the periphery or “non-intelligent” bits of the network.

According to the National Cyber Security Centre (NCSC), the telecoms network is structured around three functional parts. The transport layer, the physical nodes that transport data; the routing layer, which works out the best transport route for the data to use; and finally, the edge, where consumers – that’s you and me – interact with it.

Huawei, they tell us, will be kept out of the core, which is a functional name for all the bits that decide who you are, where your data needs to go, and so on. That means they’ll be restricted to antennas, routers, switches, and products at the consumer end such as WiFi boxes, and away from the intelligent bits that have more access to the data.

The NCSC seems to indicate that this has long been a deciding principle, but we know that BT began ripping out Huawei components from its 4G core as late as December 2018, meaning either the principle only dates from then, or the NCSC does not keep a close eye on the network. Neither is very reassuring.

The NCSC has also said that any code used in components in the network – such as antennas and routers – will be pre-checked for backdoors and vulnerabilities at its Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury, Oxfordshire. It sounds rather good, especially since Huawei has agreed to pay for it all.

The problem is that checking code will not work any better than the plan to keep Huawei out of the “core”.

5G will be a virtual network, in which components of the network are “white-boxed”, meaning that network administrators can upload patches for fixes and updates remotely. Think of 5G as something akin to your phone. When an app on your phone is updated, that is because someone in Silicon Valley pushed a button, sending updated code – a patch – to all phones with that app.

As one US cyber official recently stated, it’s what makes 5G so attractive to network administrators – site visits become increasingly unnecessary as more repairs to the network infrastructure can be done remotely. It also gives network administrators the ability to move functionality – including the intelligent bits – around the network to fit requirements.

 

But it is this flexibility that makes the trustworthiness of telecoms vendors so important when it comes to 5G. In a virtual network, an untrustworthy vendor can send the good as well as the bad.

In order to stop such malware, the NCSC would have to watch hundreds of thousands of antennae and components across an entire national network. As with terrorism, we’d have to be lucky every time, but a cyber hacker would have to be lucky only once.

In a report released last March, the HCSEC Oversight Board, tasked with overseeing the Huawei centre in Banbury, noted that it “continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators, which requires ongoing management and mitigation”.

The report continues that they can only give “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK”. Imagine if they were discussing airline safety instead of just critical national infrastructure.

Even more damning was a report by Finite State – a private tech consultancy – that sought to replicate HCSEC’s review of Huawei source code. However, instead of using code provided by Huawei, it used code found in Huawei products already on the market. Alarmingly, not only did it find significantly more vulnerabilities than other brands, it found efforts to disguise those vulnerabilities.

This past year, Chinese diplomats have threatened economic retaliation against Germany and Denmark if they exclude Huawei in their 5G networks. One wonders what type of pressure Beijing has exerted on the UK behind the scenes. Certainly, Liu Xiaoming, China’s Ambassador, has already openly said that future investment could be at risk.

However, Britain does not and should not do business at gunpoint. Before this Government makes a very costly mistake, it must thoroughly explain its technical mitigation measures, both to the public, and to its allies.

Anything less smacks of bowing to Chinese pressure. And that’s something we can’t mitigate against.


Australian Financial Review, Hans van Leeuwen, 9 May, 2019

The Five Eyes partnership is extremely robust but not entirely unbreakable, said John Hemmings, director of the Asia Studies Centre at the London-based Henry Jackson Society.

“If the technical vulnerabilities are such that they threaten US and Australian national interests or security then inevitably there will be a gradual degrading of what is shared, and that will be a tragedy for Britain and for the other four,” he said.


Forbes, Zak Doffman, 24 April, 2019

This was backed up by John Hemmings, Asia Center Director at the Henry Jackon Society, who described the move as “a huge mistake… critical to the well-being of the U.K.’s reliable critical infrastructure, critical to a secure liberal society, and critical to our Five Eyes alliance.” He dismissed the economic drivers behind the decision, saying that “cutting out Huawei from 5G network would cost Britain £7bn – How much will it cost to pull out in 10 years time?”


There’s no way we can trust the tech arm of the Chinese state to run our communications

TELEMMGLPICT000190726434_trans_NvBQzQNjv4BqpVlberWd9EgFPZtcLiMQfyf2A9a6I9YchsjMeADBa08.jpg

With Bob Seely, MP, The Telegraph, 24 April, 2019

The decision by the National Security Council to greenlight Huawei’s limited participation in the construction of Britain’s 5G network is incomprehensibly short-sighted. It is a cyber Trojan horse. 

The NSC approval of some sort of half-way measure – which will allow Huawei to participate while limiting it to the periphery away from the “core” of the network – sounds reassuring. However, behind all the techno-babble is the hubristic argument that the UK Government believes that it can contain Huawei-related risks by technical means. Not only is this wrong, it reveals an approach to risk-assessment that is so narrow it is basically useless.

There are two vital questions that the Government needs to ask: What is Huawei’s relationship to the People’s Republic of China? And what are the risks to the UK – economic, security, and political – of including Huawei in its digital infrastructure? As far as we are concerned, from months of research towards a report that will be published next month, these questions have not been adequately answered.

We still lack enough knowledge about 5G to ascertain whether concepts about layered defence will still hold with the new system. There are arguments for and against the Government’s position, but not even the technical community is unified in this understanding. Indeed, the idea of merely allowing Huawei to build the 5G antennae has serious flaws related to the re-purposing of subcircuits.

We have been reassured that US warnings about Huawei are overblown because it is a “private” company. Huawei even invited scores of Western journalists to its massive campus in Shenzhen to share its heart-warming tale of the brave little firm that could, rising up against all odds to become a global powerhouse as an employee-owned firm. But this is simply not true. It is, to all intents and purposes, part of the Chinese state.

We know from the CIA’s briefings to its Five Eyes allies that Huawei is known to have been funded by Chinese state intelligence. It’s Chairwoman, Sun Yafang, between 1999 and 2017, worked for state security before assuming her role at Huawei. 

Why should all this matter? Because Huawei is to all intents and purposes a state-owned, state-directed, and state-funded entity. They do not operate on capitalist principles, often work in line with state strategic direction, and are unfairly subsidised, outcompeting the local firms. Huawei’s rise in Europe from 2.5 per cent market share to 25 per cent market share occurred at least in part because it had a credit line of £30 billion, allowing it to undercut European competitors by 18 percent. That’s not capitalism as we know it, that’s a state-funded monopoly. And it is a state-funded firm which is operating to China’s state agenda. 

Who controls communications will have great power over our societies in the future. Therefore, ownership of those communications structures, access to the information flows and the attitude toward human freedom, is paramount in shaping free societies in the 21 st Century and beyond. Huawei, whilst a private company, is the preeminent commercial communications firm of the Chinese state which, under Chinese law, must support the state’s intelligence work. By allowing Huawei to be a part of our hugely complex 5G networks, we take a risk with the future of free societies. How much risk is the question, not whether there is risk.

In all this, the risks are more varied and more concerning than simply network stability. They are economic as Huawei eats up Western 5G competitors; they are security-linked as Huawei maintains our networks, running our systems without transparency and without proper safeguards in place; and finally, they are social as Huawei enters Western society through our devices. 

Last year Australia blocked Chinese 5G providers. The US, Japan, and India appear to be doing the same. We need to be mindful of our alliances and security partnerships. In 2017, we learned that Western companies had misused user-data to impact a democratic election. These were companies staffed by people who were raised in Western liberal societies, who for the most part think that democracy is a plus. Huawei’s workers have grown up in an increasingly-authoritarian China that has planned a complex Orwellian techno-surveillance state for the past 10 years and is now on the cusp of rolling it out.

If we can’t trust our own high-tech firms, what’s to say that we can trust the corporate arm of the Chinese Party-State with our data, our security, and our values? The simple answer is that we can’t.


China now appears ready to use execution as a weapon of diplomacy

dalian-1400x788

CapX, 17 January, 2019

The recent decision by a Chinese court to sentence Canadian Robert Schellenberg to death has led many international observers to claim that the decision is a political one, part of Beijing’s ongoing diplomatic pressure campaign against Canada over its detention of Meng Hanzhou, a senior Huawei executive and daughter of the company’s founder.  Schellenberg’s sentencing comes after two other Canadians, Michael Kovrig and Michael Spavor, were arrested in December.

If this were true, it would add to the horrific realisation that the People’s Republic of China is fundamentally changing for the worse. It would – as Donald Clarke, a professor of Law at George Washington Law School has stated – indicate that “China views the holding of human hostages as an acceptable way to conduct diplomacy”. Now it appears that it is willing to sentence one to death.

According to his analysis, a number of features stand out that support the idea that the retrial of Schellenberg is related to Ms Meng. These include the original delay in trial and sentencing – he was arrested in 2016, after all – which might indicate that the evidence was weak, but that courts didn’t want to embarrass the police by throwing it out. Second, it is very rare for a retrial to find heavier punishment was merited (Schellenberg appealed after being handed 15 years in the first trial). Third, the retrial was rescheduled very hastily, with the punishment being handled down in only 20 minutes. Finally, it is odd that of all the individuals indicted in the original case of drug smuggling, Schellenberg had the smallest supposed role. It makes his sentencing particularly repugnant.

Naturally, China has used just enough legal cover to maintain the fiction that Schellenberg’s case is a legitimate example of the fair workings of its legal system, but few are convinced. Even those with strong links to the state have openly said China would take revenge.

Hu Xijin, editor of the virulently nationalist English-language propaganda outlet the Global Times recently published a video in which he warned that Canada should expect “far worse” retaliation from Beijing if it did not free Ms Meng. “Meng Wanzhou was released on bail, but Canada must do more to restore her freedom and put an end to this incident.” He stated. “Otherwise China will definitely take retaliatory measures against Canada.” Ms Meng is currently on bail, living in one of her luxury homes in British Columbia. The contrast with her situation and the three Canadians now in Chinese prisons could not be more stark.

To some extent, travel to China has always come with risks. Ten years ago, if someone working in government or business went to China, they tended to leave their electronic devices at home. There was a realisation that the state has a very aggressive attitude toward information, both proprietorial and strategic. According to cyber expert Peter Varnish, a visiting professor at the University of Coventry, Chinese police and security personnel are able to access the data of unwary travellers within hours of arriving in the country. Now, it seems that personal safety must be added to data security. One hopes that travel warnings will be added to the pages of Western diplomatic websites.

The fact is that the world is going through a major overhaul of its thinking on China. Much of this has been accelerated by the leadership of Xi Jinping, under whom party control and influence have grown, and authoritarian policies and traits have flourished – including the suppression of human rights groups, religious minorities, and free media. The use of diplomatic hostages now adds China to a list of countries such as Iran, Iraq, and, most recently, NATO ally Turkey, which took an American pastor hostage. Unfortunately, China’s turn toward authoritarianism also comes as it arrives on the global stage as a preponderant power, one capable of re-shaping the global order.

We can no longer treat China as a country just like any other. Its leadership has decided that the party must be protected at all costs, and this requires a super-nationalistic approach toward domestic and foreign policy. “Face” is more important than law. It is this desperate need for status and rank that is beginning to drive its relations with the Uighurs, driven to detention camps in the millions, and with the West, driven by the party mantra of historic humiliations. Its concentration camps and its take-over of large parts of the South China Sea are reminiscent of the rise of other authoritarian powers in the 20th century.

It is this same desperate need for face which could see China execute Robert Schellenberg, a 36-year-old Canadian citizen, a man who still protests his innocence, a man whose biggest mistake may have been to travel to a country in the midst of change.


To ban or to Banbury?

142A98DD-93F4-4A3A-B26C-68D7EB9A41F6.jpeg

RUSI Commentary, 7 December, 2018

The surprising announcement that Meng Wanzhou, deputy chair of Huawei’s board and daughter of company founder Ren Zhengfei, was detained in Canada on an extradition request from the US over allegations that the Chinese telecommunications giant may have exported US–licenced technology to Iran in contravention of US sanctions has come at a tumultuous time for the company. Earlier in the week, British Telecom stated that it intends to strip out Huawei components from the core of its 4G network. And this comes on the heels of a speech by Alex Younger, Chief of the Secret Intelligence Service, who warned against the use of the Chinese telecommunications firm in the development of Britain’s 5G network. Given the ongoing review being undertaken by the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) seeking to ensure that Britain’s ‘critical national infrastructure remains resilient and secure’, it is clear that there has been a significant shift in both global and UK stances towards the company.

The perception that Huawei might be too close to the Chinese government – and its military signals department – has been there from the very beginnings of the company. It is partly a legacy, perhaps, of founder Ren Zhengfei’s prior career as a military technologist in the PLA’s Information Technology research unit. According to Philippe Le Corre, an expert based at the Harvard Kennedy School, Chinese state banks have been extremely generous to the company as it expanded its operations across key sectors of the European telecommunications market.

However, Huawei is perhaps also the victim of the past reputational damage caused by the first wave of Chinese companies and their international behaviour. Concerns about how private Chinese companies moved hand-in-hand with the Chinese state first arose in the late 1990s, when a US Congressional study – the so-called Cox Report – revealed how the Chinese state used family ties, social connections and party membership to get Chinese corporations to carry out industrial espionage across the US defence and information technology sectors. Unlike the Soviet model, which gave primacy to the official intelligence organs, the Chinese model preferred a widely dispersed approach, using front companies, non-intelligence agencies and individuals, educational research exchanges, and friendly Chinese companies.

It is only a small leap for those same companies to be pressed from carrying out industrial espionage to transferring data – especially when their business model is handling data. Indeed, Huawei was accused of hacking the African Union (AU) IT system it helped build – including computing, data storage, and WiFi. Servers were transferring data from inside the AU’s Addis Ababa headquarters to servers in Shanghai every night between 12 midnight and 2am. The fact that such practice has been codified in Chinese law, whereby Chinese companies are obliged to assist the nation’s intelligence agencies, puts paid to the idea that Huawei could resist pressure from Beijing.

This very concern was uppermost in the mind of Malcolm Rifkind when he oversaw the publication of an Intelligence and Security Committee report in 2013, Foreign Involvement in the Critical National Infrastructure: The Implications for National Security. This report and one published the year before by the US Congress Permanent Select Committee on Intelligence identified a number of systemic risks in allowing Huawei or ZTE – another Chinese telecommunications giant – to insert technology into the national network. First, it would allow the entity to modify or steal data from the government, private citizens, and corporations. While one might argue that China could simply hack those entities, the 2013 report quotes the Joint Intelligence Committee’s argument that network access ‘would be very difficult to detect or prevent and could enable the Chinese to intercept covertly or disrupt traffic’. Second, insertion of backdoor code or malicious hardware could allow an entity to shut down or degrade critical national security systems in a time of crisis or war. When one thinks of the importance of data on the UK financial network, one realises what a capable weapon this network access would be. Nor would this be a one-time risk, when 5G infrastructure is being laid down. Huawei also offers a service known as systems maintenance. This provides technicians with authorised access in the form of software updates and patches to glitches. Such access offers additional avenues for inserting malicious code.

Until this year, the British answer to such concerns was the creation of a Huawei Cyber Security Evaluation Centre (CSEC) at Banbury, which was staffed by employees and technicians from GCHQ who checked over all code and hardware used by Huawei in the United Kingdom. This has sought to mitigate risk and identify threat somewhat successfully for over eight years – until this past summer. This July, just prior to the announcement of the DCMS/NCSC review, the evaluation centre at Banbury issued a report which found that ‘shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management’. Whether this means that Huawei will be banned from developing 5G in the UK – as it has in the US, India, Australia and New Zealand – is unclear. It might well be that the UK mitigation model can adjust to the more severe levels of scrutiny required by 5G code. If we were to read into Younger’s speech this week, it would appear that the intelligence agencies have – for the moment, anyway – come to their own conclusions about the future viability of the CSEC system.

While there are no easy answers to the debate over Huawei, it is important to note that in asking for Meng Wanzhou’s detention and extradition, the US is sending its allies a strong signal about doing business with the company. Whether or not those reasons are fully substantiated remains to be proven. However, the conclusions of the 2013 Intelligence and Security Committee report are worth bearing in mind: ‘The Government’s duty to protect the safety and security of its citizens should not be compromised by fears of financial consequences’. While the chances might be low, the consequences of malicious infiltration by the Chinese state into our network would be disastrous.

Jeremy S. Maxie

Energy & Political Risk Consultant

southseaconversations 讨论南海

China comments on the South (China) Sea disputes

Christopher Phillips

Academic, Writer, Commentator

tokyocooney

(does america)

Philosophical Politics

political philosophy of current events

Minh Thi's blog

pieces of me

North Korea Leadership Watch

Research and Analysis on the DPRK Leadership

TIME

Current & Breaking News | National & World Updates

Moscow-on-Thames

Sam Greene - London & Moscow

kirstyevidence

Musings on research, international development and other stuff

The Rights Angle

Francesca Pizzutelli's blog on human rights and human beings

Bayard & Holmes

If you're in a fair fight, you're using poor tactics

Grand Blog Tarkin

A roundtable of strategists from across all space and time.

Sky Dancing

a place to discuss real issues

mkseparatistreport

A Blog Focused on Bringing Policy and Chinese language Translations Relating to Separatists and Terrorism

playwithlifeorg

4 out of 5 dentists recommend this WordPress.com site

Variety is the Spice of Life

A palette of general thoughts & travel stories from all around the world

 KURT BRINDLEY

novels. poetry. screenplays. endless musings...

Top 10 of Anything and Everything - The Fun Top Ten Blog

Animals, Gift Ideas, Travel, Books, Recycling Ideas and Many, Many More

Eleanor Yamaguchi

Associate Professor at Kyoto Prefectural University and Specialist in Japanese History and Culture and UK-Japan Relations 京都府立大学文学部准教授(国際文化交流)山口 エレノア

ABDALLAH ATTALLAH

Futurist | Disruptor | Coach | Reformer

Small House Bliss

Small house designs with big impact

Europe Asia Security Forum

European perspectives on Asian security, and vice-versa

Shashank Joshi

The Economist

secretaryclinton.wordpress.com/

A PRIVATE BLOG DEVOTED TO FOREIGN POLICY & THE SECRETARY OF STATE

Adventures in (Post) Gradland

Thoughts on life after the PhD

springdaycomedy

Just another WordPress.com site

James Strong

Junior academic working on British foreign policy

Justice in Conflict

On the challenges of pursuing justice

Sino-NK

Sino-NK is a research website for Sinologists and Koreanists.

Iconic Photos

Famous, Infamous and Iconic Photos

China News

News and Feature Articles About China

The Strategist

Analysis of top regional issues from the research team at the Near East South Asia Center for Strategic Studies. Please note that the views expressed on this blog do not represent the official policy or position of the National Defense University, the Department of Defense, or the U.S. government.