Despite concerns last month over plans to finance and build a new nuclear power plant at Hinkley Point with foreign tech and finance, today the Prime Minister approved the deal with the Chinese and French to go ahead.
Concerns surrounding the construction and operation of the plant included the security of nuclear material and the integrity of computer networks and industrial control systems within the highly sophisticated plant.
Prime Minister Theresa May and one of her joint chiefs of staff, Nick Timothy, were known to be concerned about the involvement of the Chinese. Timothy wrote in a blog that the Chinese could “build weaknesses into computer systems which will allow them to shut down Britain’s energy production at will”.
Concerns were heightened when an employee of one of the Chinese firms that will be involved in Hinkley, CGN, was charged by US authorities with “conspiracy to unlawfully engage and participate in the production and development of special nuclear material outside the United States”.
However, cyber-security experts told SCMagazineUK.com that fears about Chinese involvement were misdirected, citing concerns about the cyber-security of critical national infrastructure projects in general.
In particular they expressed concerns about internal versus external threats, security updates and the security of the plant’s industrial control systems and SCADA.
The global supply chain, with many products coming from China, is almost impossible to avoid and the assumption that software and hardware is secure because it is produced by one’s own country is a fallacy, said one commentator.
Alan Woodward, professor of information security at Surrey University, told SCMagazineUK.com that he is not concerned about Chinese involvement in the project. “Any concerns about overseas involvement in the design can be addressed by ensuring that the UK government is given full visibility of everything that is installed, and an opportunity to dissect it to look for problems,” he said.
Similar concerns about the involvement of Chinese telecoms company Huawei in BT’s 21st Century Network project have been allayed by the establishment of a dedicated testing facility, the Huawei Cyber Security Evaluation Centre in Banbury. Known as Cell, the facility dissects Huawei hardware and software, looking for software bugs and security vulnerabilities before certifying them for use by BT.
Despite early concerns about the unit’s independence and the quality of Huawei’s software, recent parliamentary reports have given it the thumbs up.
Woodward said: “Again there is an established process in place with Huawei who are supplying equipment into the main BT infrastructure: a purpose-built unit that has sight of everything and can pull it to pieces to convince themselves that there is nothing nasty hiding in there. Personally, I think a direct analogue of what was done with Huawei would be the answer.”
Meanwhile, Joe Sturonas, CTO at PKWARE, told SC that the involvement of the Chinese was almost a secondary consideration: “Hinkley Point and the data security concerns it has raised in regards to national security has illuminated issues regardless of foreign contractors being involved in the construction or not. Data security and protection of national infrastructure should be protected from both outside and inside vectors. You should always assume bad actors are inside the perimeter, and data security protections should be designed as if bad actors are already inside the network, regardless of who built the facilities.”
On balance it would appear that the government concluded that the security concerns could be managed and it wasn’t worth disrupting relations with the Chinese. As Norman Shaw, CEO, ExactTrak Ltd said, “This is no surprise. [Both] Brexit and canning Hinkley would have caused horrible international problems.”
This article originally appeared on - SC Magazine UK