By Alex Tarrant
Security issues have been raised in the process of awarding government contracts for the roll-out of ultra-fast broadband in New Zealand, Communications and Information Technology Minister Amy Adams says.
But Adams would not say whether these issues involved Chinese company Huawei, which this week was banned by the Australian government from its national broadband network roll-out due to security concerns.
When answering questions on why the Australian government had blocked Huawei, a spokesman for Australian Attorney-General Nicola Roxon said: ''as a strategic and significant government investment, we have a responsibility to do our utmost to protect [NBN's] integrity and that of the information carried on it."
Huawei is involved in contracts to help roll out the New Zealand government's ultra-fast broadband package in parts of New Zealand.
Speaking to media in Parliament Buildings this morning, Adams said she was aware of the Australian government's decision, but she would not comment on specific vendors in New Zealand or say what sort of due diligence was carried out on bidders.
"We take security of the network very seriously, but we’ve obviously responded to the threats that we’re aware of and put in place steps to deal with that, and we’re comfortable with where we’re at," Adams said.
“We have had security issues raised in the process of doing the contract, but I’m confident that we’ve responded to the matter quickly,” she said.
She would not go into specifics, or say who made them aware of potential threats. Adams said she was not aware whether any bidders were cut out because of concerns raised.
“We can be confident that we take good advice on security issues, that we treat them very seriously, and that we respond appropriately,” she said.
Adams had not asked Australian authorities why they took the move they did.
“I’ll discuss that with my colleagues in due course, but at this stage I haven’t asked that question. I’m aware of the action that they’ve taken and I’ll discuss that with my colleagues going forward. But I’m confident we have treated this matter seriously in New Zealand, and we’ve responded appropriately,” she said.
Greens want investigation
Meanwhile, the Green Party has requested Parliament's Intelligence and Security Committee investigate Huawei following the developments in Australia.
“Huawei has been blocked in both Australia and the United States over security concerns and it’s hard to believe our security agencies know something about Huawei that Australia and the United States don’t,” Green Party ICT spokesperson Gareth Hughes said.
“Cyber warfare is a major security concern and the Government needs to ensure that it is protecting the interests of New Zealanders and New Zealand Companies. The New Zealand taxpayer will be purchasing hundreds of millions of dollars worth of equipment and services off Huawei, and the Government needs to demonstrate that this doesn’t have any strings attached that will harm our cyber security," Hughes said.
“The Government needs to investigate, and it would not be in New Zealand’s national security interests to ignore these concerns for fear of offending the Chinese Government,” he said.
'Glad we used a US firm'
The Pacific Fibre, a New Zealand company looking to build an undersea fibre cable linking New Zealand, the US and Australia, said the developments highlighted the ongoing security concerns of US and Australian authorities with Chinese submarine cable technology suppliers.
"The United States has previously expressed concerns about Huawei and other Chinese submarine cable suppliers fearing security breaches (e.g. interception of sensitive data)," CEO Mark Rushworth said in a media statement.
"The issues raised by the US and Australian authorities’ concerns with Chinese suppliers further validate our decision last year to appoint TE SubCom, a US company and industry pioneer in undersea communications technology, to build the subsea portion of the Pacific Fibre cable," Rushworth said.
Having a US vendor on board reduced the risk of Pacific Fibre facing the same concerns from regulatory authorities in relation to security breaches on its cable system.
"Last month we announced the completion of our Californian and Australian landings desktop study and Californian permitting study in conjunction with TE SubCom. With initial approvals obtained from Californian permitting authorities, the project is now set to move forward with the marine route study," Rushworth said.
"We are confident that we will secure all permits and licences required to land the Pacific Fibre cable in the United States, Australia and New Zealand," he said.
"Where this leaves the proposed Huawei Marine built trans-Tasman cable, is another question."
'Govt needs to come clean'
Labour's ICT spokeswoman Clare Curran said the government's "stonewalling" on what it knew about Huawei’s involvement in the roll-out of New Zealand's ultra-fast broadband raised more questions about cyber security and the integrity of New Zealand’s network than it answered.
“The Government is refusing to explain why it has taken a different decision to the Australian Government when it comes to security matters relating to Huawei’s involvement in broadband projects," Curran said.
“While the Australian Government has banned Huawei from tendering for any contracts attached to its A$36 billion broadband scheme, our Prime Minister blithely says he is ‘comfortable with checks done’ over the security of the New Zealand network," she said.
“The Australians are considered to be a partner in terms of our security and intelligence relationships. If they are concerned enough to ban Huawei from bidding for the broadband contract, why has New Zealand allowed three taxpayer-funded contracts to go ahead without a more robust probe into the implications for the integrity of our network?
“How long have John Key and other ministers known about the extent of Australia’s security concerns and what are they going to do about it? Just saying trust us, it’ll be okay, isn’t good enough," Curran said.
“Acting Prime Minister Gerry Brownlee is refusing to say whether John Key has been briefed on the reasons for the Australian government’s ban on Huawei for the broadband contracts. He’s also refusing to offer any guarantees about the security of our new broadband network," she said.
“Essentially our government is looking the other way and refusing to take a second look at the contracts that have been given to Huawei despite the intense public interest in this matter. The Prime Minister must reassure New Zealanders he is taking this matter seriously. Our international reputation is at stake.”
24 Comments
The answer is, possibly. For example Carrier IQ* software a sophisticated key-logger is installed on some 150 million phones worldwide, particularly in the US. Apparently it hasn't be released on NZ phones. Big Brother really is watching, yet few realise this.
http://en.wikipedia.org/wiki/Carrier_IQ
Getting back to the original article, it has been the concern of the US authorities for some time that the hardware used in their computers is made in China. When something is made off-shore they lose control over the design and it becomes increasingly possible for the off-shore manufacturer to include code that could be used for mischief.
Australia is just like the US, just a few years behind.
For something that is now critical to our way of life, it makes sense that you want it built 'in-house'. The same way you might want your military gear made in your own country. You don't want to rely on a potential enemy for your military supplies!
New Zealand hasn't thought about this, or doesn't think it's a threat. Incidentally I believe we out-source production of our military uniforms to... China.
Incidentally, the 'security' issues they are talking about are possibly not what you would think. It's not about how many bugs there are in the systems (there are always bugs), but it's whether there are back doors in that can be used to eavesdrop.
The US in this regard need talk, though their monitoring is aimed more at their own populace. The presently being built Utah data centre (spy base) is going to have hooks into more US communications than ever before. Along with more computing grunt than ever before. They're recording conversations today, even encrypted ones. With computing power increasing exponentially it's possible to crack last decade's top secret communications today, or today's top secret communications at some time in the future. think about that.
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
* Incidentally, if you have a phone with this software installed I'd be interested in buying it.
Let's see, everything is made in China... my Nokia phone is made in China, my Belkin modem is made in China, my Toshiba laptop is made in china, my ipad2 is made in China.. If they wanted to plant a listening device they would have done it by now...don't know what the issue is????
You're OK with listening devices and hardware with back-doors then? Surely not.
This has ALREADY happened on a large scale - refer Carrier IQ software in my post above, though admittedly this is American software not Chinese. Carrier IQ is jsut one example where they were caught. By putting the monitoring in hardware as opposed to software it becomes even more difficult to find. So how do you feel about the integrity of your hardware now?
What a mess we get when politics meets security.
Zillion dollar metal scanners that can't tell the difference between a belt buckle and a gun.
Millions of people taking their shoes off at the airport.
And I don't think we should be taking our lead from a country that thought security meant making some poor guard stand on the Sydney Harbour bridge the whole day with his magical hi-vis vest on.
It might be theatrical and entertaining - but it is absolutely not security.
My ipad,iphone, Toshiba laptop,TV , network modem are all made in china. I had no choice. I can't wait for New Zealand to make them (assuming they ever make them). Fortunately I'm a nobody, just an ordinary PAYE Kiwi which no foreign country would ever have an interest in. So no worries that foreign agents would bother listening to my conversations or read my texts or sniff my Internet traffic.
Frankly, there are hackers that can hack into anything. So the chinese don't need to have built our network in order to have access to information. Just need to get hackers to hack away. So all the phobia about Huawei is just scaremongering by the ignorant.
Honestly, I don't know what they're worried about. You can intercept unencrypted communications, but the general assumption about public networks is that all traffic is being intercepted.
Any traffic requiring security should be encrypted, and nobody can snoop that, even if they do have clandestine control of some box in our fibre network. The same technology that makes it safe for you to do online banking over a public Wi-Fi network is what will stop any bad guys from snooping on you.
The only real thing I can think of that they'd be able to do is put in a 'kill switch', and be able to disable the network at a time of their choosing. But any vendor could do that...
I dont know if such encryption is truely unbreakable but in essence the amount of CPU and RAM you would have to throw at it to do it means that you would have to target what you wanted....and not get it in anywhere near real time.....this isnt something I see as general industrial spying .....NSA only sort of thing...
So someone somewhere installs a kill switch.....I wonder how long it would be before such a switch if it existed was found by a 3rd party and sold/used, months? Even if it was a few years the company in question would be finished financially I suspect...and I dont understand how jail time would be avoided.....and then there is more than 1 vendor selling.....
regards
I have heard that the level of encryption used for https for example can be brute force cracked in around a month of computing time. Public key encryption has to be less secure than shared key encryption of course, and I don't find that alarming. It does mean that internet bank transactions should probably all be done using a security dongle however.
I think the horse has already bolted...
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.