“Don’t tell him Pike!”Captain Mainwaring
Welcome to the new, slightly slower AssessRep. We have decided to let events play out before commenting, giving time to climb to higher ground and to let the chatter subside so that we can extract the signals and patterns that matter. It has been an eventful month and a lot has happened since we last spoke. The Defence Secretary has been sacked and your telephone now works for China, plus America has got into a geopolitical ‘come at me bro’ tussle with Iran in the Gulf.
Gavin Williamson’s removal came after an inquiry into the leak of the National Security Council’s approval of Huawei being allowed to contribute to some of Britain’s 5G network (telephone networks work to the same principle of multiplication as razor blades). Leaks have become part of the daily news cycle, yet even in the mucky world of politics the National Security Council really should be tight-lipped. The Defence Secretary did phone the Telegraph after the council, who then published a story – the point is that Gavin Williamson insists that nothing was said in that call that constituted a leak. He has continued to vigorously deny the allegation even as the Prime Minister has, just as vigorously, attempted to sweep him under the carpet.
Huawei has long been a cause of uncertainty. Mainly because senior defence officials are unsure of how to say the company name. Combined with the tendency of British and American defence / defense personnel to settle on different ways of pronouncing things anyway – it is likely that right now there are trans-Atlantic conversations going ahead between GCHQ and NSA in which competing versions are battling it out. Once we’ve got the new wiring in from Beijing they can always just listen in and let us know. Rest assured, it is pronounced ‘huawei’, which sounds like ‘hwah-way’ – unless you speak Cantonese, then it’s just ‘wah-way’. Clear? Good. Puns Huawei.
What Huawei to carry on
Intelligence recommendations have been against further reliance on Huawei technology since 2013 in the UK, with the Americans starting earlier and being increasingly outspoken in their caution. There is no clear-cut resolution. Is Huawei owned by the state? No. Does that mean that Beijing has no influence over the world’s largest telecommunications equipment manufacturer? No. Does that mean that non-core parts of the telephone network in Britain could pose a risk to communications security? Well, only if something were deliberately and maliciously done beyond the core function of the equipment. It is a manageable risk, but manageable risks reduce trust, and trust is the foundation of the Five-Eyes inner circle. That is what this is mostly about.
Huawei to criticise?
All of this is high level. What does it matter to us, the lowly foot-soldiers of defence? Let’s see if we can draw a pattern here. Firstly, what we are talking about, when we talk about Huawei, is the spectre of espionage that spreads its wings over anything that China touches when it comes to cyber-security. Suspicions flared when Bloomberg reported in late 2018 that Chinese chips in servers used by Apple and Amazon had been maliciously compromised somewhere in the Chinese supply chain. Despite apparently significant anonymous sourcing, no hard evidence followed the report and the episode appears to have been a genuine journalistic mistake.
This sort of activity tends to get called cyber warfare or maybe even computer network operations. It is increasingly difficult to draw the line as to where such operations stop. Almost all of us are carrying a networked computer around in our pockets most of the time. We interact with this device constantly and it looks like our future as a species is to become non-digital nodes in a global network. Now, when our adversaries conduct computer network operations we call them Advanced Persistent Threats. When we do it we tend to call them something like the Joint Threat Research Information Group.
Go Huawei and shut up
Let’s pick an Advanced Persistent Threat group. APT-28 for instance, also known as Tsar Team or Fancy Bear. The group is probably linked to the GRU – the fearsome unit that has repeatedly had its cyber-pants pulled down by Bellingcat. So, it’s Russia. Bellingcat’s investigation was a highly successful information activity conducted by a group of investigative journalists. Yet again, where is British defence in this? Are we still lagging behind all of this exciting agency activity, silently moving our lips as we carefully type with one thumb into our unit’s new Twitter feed?
As with everything military, we become more useful when we are employed overseas, often to places that people who are better than us at adding up without using their fingers don’t want to go. This activity is precisely the sort of thing that 77X Brigade, now emerging into a true operational capability, is designed to enable. We are not going to be unleashing Stuxnet 2.0, but we have been engaging and will continue to engage in information activities. In reality, this means two things. One, harnessing and applying agency capabilities that are made available in support of lethal operations, as against Daesh in Iraq. Two, working with local forces, perhaps through private sector proxies, to develop non-lethal capabilities and resistance to adversary information. In an age of near-peer adversaries, it is precisely this kind of information activity that has come to the fore. As we take on Russia’s information activities, the front line is on Ukrainian soil. As America faces down Iran in the Middle East, the accompanying information contest is actively being fought in Iraq.
My way or the Huawei
The AssessRep would love to get to know your thoughts. To open the conversation – here is the question for this edition: “What do you think about the British military’s role as an agent of information activities – what is the reality behind the talk?” Please email firstname.lastname@example.org with your comments, thoughts, or carefully crafted abuse. Feel free to introduce yourself– all messages will be read personally by the AssessRep editor.