Cyber security centre warns against use of Huawei devices in critical state infrastructure

Photo: ČTK/AP/Andy Wong

The Czech Republic’s cyber security institution, NCISA, has released a warning that Huawei devices may be used to damage the country’s national interests. Following the warning’s release, many institutions including the Office of the Government and a number of ministries have reacted by banning Huawei phones. The new measures are likely to impact ongoing tenders as well.

Photo: ČTK/AP/Andy Wong
On Monday, the National Cyber and Information Security Agency (NCISA) released a warning that the use of devices developed by the Chinese companies Huawei and ZTE represent a security threat.

The warning, which also relies on information about Chinese espionage activity from the Security Information Service (BIS), is aimed at organisations and persons who fall under the state’s cyber security law.

NCISA spokesman, Radek Holý, explained what that means specifically.

“This warning concerns primarily state institutions and ministries. The same counts for private companies that have a role in the functioning of the state, such as energy, telecoms, etc. They need to create a new risk analysis, which takes this warning into account and, based on the results, they can either use the devices or not.”

Since the warning’s release many institutions, including the Ministry of Industry and Trade and the Ministry of Foreign Affairs, have announced they will cease using those Huawei devices, which could pose a security threat. Meanwhile the Ministry of Defence said it will take steps to remove any threat posed by Huawei phones to its employees and the armed forces.

Prime Minister Andrej Babiš has also reacted to the warning, ordering that Huawei mobile phones are to be removed from the Office of the Government.

However, he said he was not so happy with NCISA’s warning itself, which also says contracts between relevant institutions and suppliers providing communications and IT systems need to take the warning into account.

Andrej Babiš,  photo: ČTK/Kateřina Šulová
“I think that NCISA did not manage this situation well at all. We think that if it issues a warning of this kind, it should also supply a legal analysis. Now the word’s out and those ministries who are currently running tenders have to react to it.”

Speaking to Czech Television, information technology legal expert Vladimír Smejkal said that he expects NCISA to issue further information in January, which will offer guidelines on how to proceed.

Aleš Špidla from the Czech Institute of Cyber Security Managers (ČIMIB) recently told Czech Radio that the Huawei security threat is a consequence of the country’s current public tender law, which does not take security threats and warnings from intelligence services into consideration.

He says however, that even innocently built hardware provides enough opportunities for those able to take advantage of them.

“We are building a world where we rely upon very leaky hardware, whose vulnerability often does not even need to be intentional. Then we place software inside which has even more vulnerabilities and we put in applications, which have millions, even billions of weaknesses and now we are adding artificial intelligence in the mix, which will one day take advantage of these vulnerabilities and turn us off.”