The Times, Red Box, 9 October, 2018
Last week’s Bloomberg story that the Chinese military has been interfering in computer supply chains was like a bolt of lightning — and we are bound to hear the thunder rumble for some time yet. Around the world national security services will be scrambling to see if their own systems have been similarly compromised.
The fact that the infected parts made their way to CIA drones — presumably a highly-controlled procurement environment — means that the vulnerabilities were extremely well-hidden. Since they also allegedly went to online shopping firm, Amazon, China’s tiny chips are a giant Trojan horse wheeled directly into the international community’s trading gates and let loose. It is yet another example of how Beijing and Moscow are approaching the new Cold War against the west.
The question for governments like Britain that depend on Chinese-manufactured goods – is have they also been penetrated? Certainly, the prime minister’s concerns over letting China gain access to our nuclear sector in 2016 now seem justified. But what of our dependence on Chinese supply chains? All of our iPhones are made in China, and while the company’s press release sought to reassure us that none of their systems were compromised, it’s too soon to know for sure. All we know is that this is the beginning of a long investigation of Chinese-manufactured electronics. After all, If they could pull one over on the CIA . . .The story is not exactly new for the UK. In 2013, a report from the parliamentary intelligence and security committee warned that Chinese electronic giant Huawei’s provision of digital hardware to BT presented clear risks to British security. The report noted that while a compromise had been found while checking Huawei components at a centre in Oxfordshire, the amount of code involved would make it impossible to verify every bit of software. Now it seems the company might be in the running to help build Britain’s 5G network, despite having been blocked from providing digital infrastructure in the US, Australia, and India.
For those who don’t know, 5G entails a faster, tighter bundling of data that will massively improve the capabilities of the mobile internet, and in turn the use of artificial intelligence in transport, health, education, not to mention the development of “smart” cities. One reason that Huawei has been so instrumental in developing the technology is their championing of a Turkish code developer.Since 2008, when Dr Erdal Arikan invented polar codes, a number of countries have raced to develop the infrastructure indigenously. Not all are confident about the state’s role in rolling out this new technology: In the US, for example, the Trump administration rejected proposals for a “national effort” to develop 5G.
In many ways, this has been an “I told you so, moment” for many security and tech experts. Chinese-owned technology has long been viewed with scepticism amid concerns over its close links with the state. George Osborne’s “golden era” of Chinese investment into the British economy — and the inclusion of its companies in sensitive parts of the UK infrastructure — is truly at an end. As Bloomberg reports, the US counterintelligence operation has found the Chinese government directly culpable, with individuals and two factories in China identified.
The next step in this saga is for the US intelligence community to share its findings with its closest intelligence allies. This primarily means Australia, Canada, New Zealand, and the UK; but also NATO allies in Europe and treaty allies in the Indo-Pacific like Japan, South Korea, and the Philippines. Washington should also share the technical data with non-ally security partners like India, Singapore, and Vietnam.
The most difficult part will be setting up mechanisms to screen electronic parts coming into the UK – after all, what isn’t made in China these days? What is now up for discussion — no matter how improbable — is the exclusion of certain Chinese firms from the UK and a search for other partners to develop the next generation of digital infrastructure. To do otherwise and to bury one’s head in the sand would jeopardise our national security, our personal data, and, ultimately, our intelligence partnerships.