Huawei data centre built to spy on PNG
Chinese telecommunications giant Huawei built a data centre in Papua New Guinea, which exposed secret government files to being stolen, according to a report that catalogues Beijing's efforts to spy on the Pacific nation.
The report, provided to the Australian government, noted outdated
encryption software was deployed by Huawei, while firewall settings were
insufficient for a centre designed to store the entire data archive of the PNG
government.
"It is assessed with high confidence that data flows
could be easily intercepted," said the 2019 report on PNG's National Data
Centre.
"Remote access would not be detected by security
settings."
The assessment will heap further pressure on Huawei as it
fights to remain as part of the 5G networks in Germany, following bans in
Britain, France, the US and Australia.
The US and its allies, including Australia, have become
increasingly wary of China seeking to extend its influence among developing
nations in the Pacific by extending cheap loans for major projects.
The report on Huawei is the first to document its complicity
in Beijing's cyber espionage activities, after more than a decade of rumours
and pointed remarks from security agencies.
The Port Moresby data centre was funded through a $US53 million
development loan from China's Exim Bank and became operational in 2018, before
PNG hosted that year's APEC leaders meeting.
Litany of flaws
The report noted the layout of the data centre did not match
the intended design, opening up major security gaps.
"Core switches are not behind firewalls. This means
remote access would not be detected by security settings within the
appliances," it said.
In a statement, Huawei said: “This project complies with
appropriate industry standards and the requirements of the customer.”
The report was commissioned by the National Cyber Security
Centre of PNG, which is funded by the Australian Department of Foreign Affairs
and Trade.
It was written by a cyber security contractor hired by DFAT
and the report was then handed to the Australian government.
DFAT declined to comment.
In cataloguing major security flaws, the report, which ran
to 65 pages in its original form, said the algorithm used for encrypting
communications was considered "openly broken" by cyber security
experts two years before being installed in Port Moresby.
The Huawei firewalls in the data centre reached their
"end of life" in 2016, two years before the facility was opened.
While the report suggests a deliberate effort by Huawei to
deploy lax cyber security, it noted this plan was partially thwarted by the
centre quickly falling into disrepair, as insufficient money was set aside for
maintenance and operations.
This resulted in many PNG government departments not moving
their data into the centre as planned.
The lack of an operating budget meant basic functions such
as software licences had expired, while batteries had degraded and were not
replaced.
To get the data centre up and running again, Port Moresby
sought financial assistance from the Australian government, a request that
resulted in the report being commissioned.
Canberra has so far declined to provide funding to upgrade
the centre and the report noted that a "full rebuild" would be
required to modernise the facility.
This has left PNG with a $US53 million debt to the Chinese
government, via Exim Bank, and a data centre that is barely operational.
Lack of funding
China's support for a data centre in PNG, using Huawei
technology, was first mooted in 2009 during a visit to Beijing by former prime
minister Sir Michael Somare.
The following year, Exim Bank, which is charged with
implementing Beijing's trade and strategic objectives, agreed to provide the
loan.
But it would take until 2014 for then prime minister Peter
O'Neill to launch the project at a ceremony in Port Moresby, where he thanked
China and praised Huawei.
"Let me take this opportunity to thank the government
of China in making available the concessional facility of $US53 million through
the Exim Bank," he said.
The data centre was part of a so-called Integrated
Government Information System (IGIS), which planned to link 57 sites in Port
Moresby and five regional centres.
As part of the project, the chief secretary of each PNG
government department was instructed to move all data into the new centre.
A lack of funding meant only a handful of government
agencies moved data into the facility and by early this year PNG was calling
the project a failure.
A report completed this year by think tank The Australian
Strategic Policy Institute found China had provided $US147 million for digital
projects in PNG including the national data centre, the national broadband
network and a biometric identity card.
Australia remained the largest donor in the 12 years to 2019
with $262 million provided for digital projects in PNG.
Comments
Post a Comment