Professor of Cyber Security Shujun Li from the School of Computing says the government’s decision to approve the use of Huawei equipment in the construction of new 5G networks is to be welcomed.
‘As a cyber-security researcher, I welcome the UK government’s decision on Huawei’s involvement in building future 5G networks in the UK. I urge the governmental officials, politicians and the general public to look at the Huawei “risks” from a technical angle, not a political one.
‘Technically speaking, banning any particular vendor will never work as a real solution to cyber security as the supply chain is very complicated and there are simply too many potential risks one has to consider. I would therefore argue that if the UK’s national security depends on a single company (Huawei or any other firm) always doing the “right” thing,then we have failed the cybersecurity assurance in the first place.
‘What should be looked at more is how a technical solution or product can be scrutinised and verified by independent experts and automated tools, which can detect not only risks from a particular vendor like Huawei but also those caused by any malicious parties in the supply chain.
‘In addition, in the cyber security research community, the widely-accepted Kerckhoffs’s principle and Shannon’s maxim tell us that the security of a system should not depend on hiding details of how the system works (as the attacker will learn the system) but other things (e.g., a secret password chosen by the user). Applying these rules to the Huawei case, it would be strange if Huawei were to base their system’s security on hiding details of how it operates (and therefore not being detected doing something it should not).’
The University’s Press Office provides the media with expert comments in response to topical news events. Colleagues who would like to learn more about how to contribute their expertise or how the service works should contact the Press Office on 3985 or firstname.lastname@example.org