Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huawei Admits To Needing 5 Years, $2 Billion To Fix Security Issues (theguardian.com)

Posted by BeauHD on from the time-is-money dept.

Bruce66423 writes: In a remarkable piece of honest self assessment, Huawei has produced a letter to a House of Commons committee member in response to security concerns raised by the UK Huawei Cyber Security Evaluation Centre (HCSEC) in its annual report, a body that includes Huawei, UK operators and UK government officials. The firm pledged to spend about $2 billion over five years to resolve these issues. However they also claim that: "Huawei has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence. We would not do this in any country" -- a claim in sharp contrast to the ability of the Communist Party of China to suborn anyone into doing so. Good to see that Chinese firms still have a sense of humor. As The Economist puts it: "And China's leaders are tightening their grip on business, including firms such as Huawei in which the state has no stake. This influence has been formalized in the National Intelligence Law of 2017, which requires firms to work with China's one-party state."

4 of 58 comments (clear)

  1. Five years may as well be forever by lordlod · · Score: 4, Insightful

    Fascinating strategy. Acknowledge that there are security concerns, promise to fix them but not for years.

    In the mean time they continue to aggressively sell their infrastructure into countries, countries which are now reassured on the security front, or at least have a story they can tell to deflect the criticism.

    And in five years it doesn't matter what happens. All the 5G infrastructure will already have rolled out or be committed to. If Huawei doesn't come through nobody is going to tear all the infrastructure out, the cost would be staggering.

    I don't think concerned countries will fall for it. It does show that the security concerns are seriously impacting their business though.

    1. Re:Five years may as well be forever by AmiMoJo · · Score: 3, Insightful

      We have hard proof that the US has backdoors into hardware designed and made in the US. That's a fact, we know it with absolute certainty.

      So far we have no evidence that Huawei puts government backdoors in anything. Zero. None have been found.

      Of course that's not a reason to assume that there are none, but if you are concerned about such things whose hardware are you going to buy?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re:Sounds like oz by bickerdyke · · Score: 4, Insightful

    Or the US with the National Security Letters.

    And the UK has never had any problems either of locking people up to coerce them into compliance with their "security laws"

    The joke is on whoever thought that this was Chinese humor.

    --
    bickerdyke
  3. A letter can not overcome the technology by drnb · · Score: 4, Insightful

    Or the US with the National Security Letters.

    Its not quite the same. In the US a company currently can't be compelled to install a backdoor into their hardware, or otherwise degrade the security of their hardware. They can design a secure boot system, a secure encrypted communications channel, a system with no company based key escrows, etc. Then when they get a National Security Letter they can tell the judge we would love to comply with this order but it is technologically impossible, or we do not have the key requested, etc.

    For example Apple is quite free to increase the security of the phones at each iteration no matter how pissed off the FBI gets.