United Kingdom

Auto Added by WPeMatico

Scalable, low-cost technologies needed to repair climate, Cambridge professor suggests

Cambridge University has proposed setting up a research center tasked with coming up with scalable technological fixes for climate change.

The proposed Center for Climate Repair is being coordinated by David King, an emeritus professor in physical chemistry at the university and also the U.K. government’s former chief scientific adviser.

Speaking to the BBC this morning, King suggested the scale of the challenge now facing humanity to end  greenhouse gas emissions is so pressing that radical options need to be considered and developed alongside efforts to shift societies to carbon neutral and shrink day to day emissions.

“What we do over the next 10 years will determine the future of humanity for the next 10,000 years. There is no major centre in the world that would be focused on this one big issue,” he told BBC News.

In an interview on the BBC Radio 4’s “Today” program, King said the center would need to focus on scalable, low-cost technologies that could be deployed to move the needle on the climate challenge.

Suggested ideas it could work to develop include geoengineering initiatives, such as spraying sea water into the air at the north and south poles to reflect sunlight away and refreeze them; using fertilizer to regreen portions of the deep ocean to promote plankton growth; and carbon capture and storage methods to suck up and sequester greenhouse gases so they can’t contribute to accelerating global warming.

On the issue of nuclear power, King said interesting work is being done to try to develop viable nuclear fusion technology — but also pointed to untapped capacity in renewable energy technologies, arguing there is an “ability to develop renewables far more than we thought before.”

If established, the Center for Climate Repair, would be attached to the university’s new Cambridge Carbon Neutral Futures Initiative, which is a research hub recently set up to link climate-related research work across the university — and “catalyse holistic, collaborative progress towards a sustainable future”, as it puts it.

“If [the Center for Climate Repair] goes forward, it will be part of the Carbon Neutral Futures Initiative, which is led by Dr Emily Shuckburgh,” a spokeswoman for the university confirmed.

“When considering how to tackle a problem as large, complex and urgent as climate change, we need to look at the widest possible range of ideas and to investigate radical innovations such as those proposed by Sir David,” said Shuckburgh, commenting on the proposal in a statement.

“In assessing such ideas we need to explore all aspects, including the technological advances required, the potential unintended consequences and side effects, the costs, the rules and regulations that would be needed, as well as the public acceptability.”

Powered by WPeMatico

Grocery startup BigBasket becomes India’s newest unicorn with new $150M investment

India has a new unicorn after BigBasket, a startup that delivers groceries and perishables across the country, raised $150 million for its fight against rivals Walmart’s Flipkart, Amazon and hyperlocal startups Swiggy and Dunzo.

The new financing round — a Series F — was led by Mirae Asset-Naver Asia Growth Fund, the U.K.’s CDC Group and Alibaba, BigBasket said on Monday. The closing of the round has officially helped the seven-year-old startup surpass $1 billion valuation, co-founder Vipul Parekh, who heads marketing and finances for the company, told TechCrunch in an interview. Chinese giant Alibaba, which also led the Series E round in BigBasket last year, is the largest investor in the company, with about 30% stake, a person familiar with the matter said.

The company, which offers more than 20,000 products from 1,000 brands in more than two dozen cities, will deploy the fresh capital into expanding its supply-chain network, adding more cold storage centers and distribution centers to serve customers faster, Parekh said. The company also plans to add about 3,000 vending machines that offer daily eatable items, such as vegetables, snacks and cold drinks in residential apartments and offices by next month, he added.

Infusion of $150 million for BigBasket, which raised $300 million last year, comes at a time when both Walmart’s Flipkart and Amazon are increasingly expanding their grocery businesses in India.

Amazon Retail India, which operates Amazon Pantry and Prime Now services and has a presence in mire than 100 cities, is reportedly planning to expand its business in India. Flipkart Group CEO Kalyan Krishnamurthy said in an interview with the Economic Times last month that the e-commerce giant may pilot a fresh foods business soon. Last week, Flipkart was said to be in talks to acquire grocery chain Namdhari’s Fresh.

Parekh largely brushed off the challenge his company faces from Flipkart and Amazon at this stage, saying that “it is a very large market, and it is unlikely to be dominated by one single company for the simple reason of its complex nature.” Flipkart and Amazon may eventually get serious about this space, but so far their play with groceries is mostly an additional differentiation checkpoint, he said.

“The success in this business requires having the ability to build and manage a very complex supply chain across multiple categories such as vegetables, meat and beauty products among others. Our focus has been on building the supply chain, and also ensuring that we are able to deliver a very large assortment of products to consumers,” he added. He said BigBasket today offers the largest catalog and fastest delivery among any of its rivals.

Besides, BigBasket, which is increasingly growing its subscription business to supply milk and other daily eatables, is also inching closer to becoming financially stronger. Parekh said BigBasket expects to become operationally profitable in six to eight months. “The idea is that business by itself does not consume cash. If we use cash, it will be for investment in new businesses or scaling of existing businesses,” he said.

India’s retail market, valued at mire than $900 billion, is increasingly attracting the attention of VC funds. Since 2014, online retailers alone have participated in more than 163 financing rounds, clocking over $1.38 billion, analytics firm Tracxn told TechCrunch. More than 882 players are operational in the market, the firm said.

The challenge for BigBasket remains fighting a growing army of rivals, including hyperlocal delivery startups including Grofers, which raised $60 million earlier this year, unicorn Swiggy and Google-backed Dunzo, which is increasingly becoming a verb in urban Indian cities.

Powered by WPeMatico

FutureLearn takes $65M from Seek Group for 50% stake in UK online degree platform

Edtech and recruitment continue to converge. London-based online degree platform, FutureLearn, is taking £50 million (~$64.6M) from Australian-based online job matching group, Seek, in exchange for a 50 per cent stake in the business — just days after the same group led a massive Series E in U.S. online learning giant Coursera.

U.K. distance learning veteran, the Open University — which had wholly owned the FutureLearn platform up til now — retains a 50 per cent stake in the business following the Seek Group investment.

In a press release announcing the news, FutureLearn said the investment values it at £100M ($129M) — some six years after the initiative was first announced, with the OU bringing together a consortium of U.K. universities to attack the MOOCs/online learning space which was then being rapidly expanded by U.S. edtech startups. 

“Our partnership with Seek and the investment in FutureLearn will take our unique mission to make education open for all into new parts of the world. Education improves lives, communities and economies and is a truly global product, with no tariffs on ideas,” said OU vice chancellor Mary Kellett in a statement on the investment.

The joint venture will have “contractual arrangements” to protect its academic independence, teaching methods and curriculum, the OU added — in an attempt to assuage concerns about an (overly) commercially minded takeover of its fledgling digital education platform.

The first FutureLearn courses launched in fall 2013. Since then a cumulative total of nine million+ people have signed up to learn via its platform — which now offers around 2,000 courses in all.

This includes short courses; postgraduate diplomas and certificates; all the way up to fully online degrees. (FutureLearn partners with six U.K. universities on the full degree courses at this stage.)

FutureLearn also has partnerships with management consultancy firm Accenture; the British Council; the Chartered Institute of Personnel and Development; learn-to-code foundation Raspberry Pi; and Health Education England (part of the UK’s National Health Service); and is involved in U.K. government-backed initiatives to address skills gaps — including The Institute of Coding and the National Centre for Computing Education.

Last fall the Financial Times reported that the OU was looking for a £40M capital injection for FutureLearn to fund more courses and better compete with the scale of U.S. edtech giants — like Coursera and Lynda.com.

It’s not clear how many more courses FutureLearn plans to add with its new partner on board; a spokesperson told us it is not able to provide a figure at this stage.

For a little comparative context, some 40M people have taken online classes via Coursera to date — with that platform currently offering some 3,200 courses, and partnering with the likes of Columbia University, Johns Hopkins and the University of Michigan. While Coursera’s $103M in Series E reportedly valued its business at well over a $1BN, with Seek coming on board as a strategic investor. 

The shared investor is an interesting but perhaps not surprising development given the different markets involved, and the challenge of monetizing free-to-access courses without having massive scale — suggesting the Seek group, which is already well established across Australia, New Zealand, China, South East Asia, Brazil and Mexico — sees more opportunities from strengthening regional online learning platform plays, in Europe and the U.S., to grow the overall online learning pipe and expand adjacent cross-marketing options in employment/job matching.

Last week, when its strategic investment in Coursera was announced, the Seek group talked effusively about how edtech platforms enabling up-skilling and re-skilling are “aligned” with its employment-focused business mission. (Or “our purpose of helping people live fulfilling working lives”, as it put it.)

The FutureLearn partnership provides Seek with access to another pool of potential job seekers — including  actively engaged learners in the UK/Europe — to further grow the geographical reach of its recruitment platform.

Commenting on the investment in a statement, Seek co-founder and CEO Andrew Bassat said: “Technology is increasing the accessibility of quality education and can help millions of people up-skill and re-skill to adapt to rapidly changing labour markets. We see FutureLearn as a key enabler for education at scale.”

“FutureLearn’s reputation is strong and it has attracted leading education providers onto its platform. We are excited to come on as a partner with The Open University,” he added.

FutureLearn’s CEO Simon Nelson said the joint venture will allow the learning platform to extend its global reach and impact.

“This investment allows us to focus on developing more great courses and qualifications that both learners and employers will value,” he said in a statement. “This includes building a portfolio of micro-credentials and broadening our range of flexible, fully online degrees and being able to enhance support for our growing number of international partners to empower them to build credible digital strategies, and in doing so, transform access to education.”

Powered by WPeMatico

UK gives Huawei an amber light to supply 5G

The U.K. government will allow Huawei to be a supplier for some non-core parts of the country’s 5G networks, despite concerns that the involvement of the Chinese telecoms vendor could pose a risk to national security. But it will be excluded from core parts of the networks, according to reports in national press.

The news of prime minister Theresa May’s decision made during a meeting of the National Security Council yesterday was reported earlier by The Telegraph. The newspaper said multiple ministers raised concerns about her approach — including the Home Secretary, Foreign Secretary, Defence Secretary, International Trade Secretary and International Development Secretary.

The FT reports that heavy constraints on Huawei’s involvement in U.K. 5G networks reflect the level of concern raised by ministers.

May’s decision to give an amber light to Huawei’s involvement in building next-gen 5G networks comes a month after a damning report by a U.K. oversight body set up to evaluate the Chinese company’s approach to security.

The fifth annual report by the Huawei Cyber Security Evaluation Centre Oversight Board blasted “serious and systematic defects” in its software engineering and cyber security competence.

Though the oversight board stopped short of calling for an outright ban — despite saying it could provide “only limited assurance that all risks to U.K. national security from Huawei’s involvement in the U.K.’s critical networks can be sufficiently mitigated long-term.”

But speaking at a cybersecurity conference in Brussels in February, Ciaran Martin, the CEO of the U.K.’s National Cyber Security Centre (NCSC), expressed confidence U.K. authorities can mitigate any risk posed by Huawei.

The NCSC is part of the domestic GCHQ signals intelligence agency.

Dr. Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs at Oxford University, told TechCrunch he’s not surprised by the government’s decision to work with Huawei.

“It’s a message that was long-expected,” he said. “U.K. officials have been carefully sending signals in the previous months. In a sense, this makes us closer to the end of the 5G drama.”

“With proper management most risk can be mitigated. It all depends on the strategic planning,” he added.

“I believe the level of [security] responsibility at telecoms will remain similar to today’s. The main message expected by telecoms is clarity to enable them to move on with infrastructure.”

The heaviest international pressure to exclude the Chinese vendor from next-gen 5G networks has been coming from the U.S., where President Trump has been leaning on key intelligence-sharing allies to act on espionage fears and shut out Huawei — with some success.

Last year Australia and New Zealand both announced bans on Chinese kit vendors citing national security fears.

But in Europe governments appear to be leaning in another direction: toward managing and mitigating potential risks rather than shutting the door completely.

The European Commission has also eschewed pushing for a pan-EU ban — instead issuing recommendations encouraging member states to step up individual and collective attention on network security to mitigate potential risks.

It has warned too — and conversely — of the risk of fragmentation to its flagship “digital single market” project if member state governments decide to slam doors on their own. So, at the pan-EU level, security considerations are very clearly being weighed against strategic commercial imperatives and technology priorities.

Equally, individual European governments appear to have little appetite to throw a spanner in the 5G works, given the risk of being left lagging as cellular connectivity evolves and transforms — an upgrade that’s expected to fuel and underpin developments in artificial intelligence and big data analysis, among other myriad and much-hyped benefits.

In the U.K.’s case, national security concerns have been repeatedly brandished as justification for driving through domestic surveillance legislation so draconian that parts of it have later been unpicked by both U.K. and EU courts. Even if the same security concerns are here, where 5G networks are concerned, being deemed “manageable” — rather than grounds for a similarly draconian approach to technology procurement.

It’s not clear at this stage how extensively Huawei will be involved in supplying and building U.K. 5G networks.

The NCSC sent us the following statement in response to questions:

National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.

The security and resilience of the UK’s telecoms networks is of paramount importance.

As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.

“How ‘non-core’ will be defined is anyone’s guess but it would have to be clearly defined and publicly communicated,” Olejnik also told us. “I would assume this refers to government and military networks, but what about safety communication or industrial systems, such as that of power plants or railroad? That’s why we should expect more clarity.”

Powered by WPeMatico

Roblox hits milestone of 90M monthly active users

Kids gaming platform Roblox, most recently valued at over $2.5 billion, has reached a new milestone of 90 million monthly active users, the company said on Sunday. That’s up from the 70 million monthly actives it claimed at its last funding round — a $150 million Series F announced last fall. The sizable increase in users is credited to Roblox’s international expansion efforts, and particularly its more recent support for the French and German languages.

The top 150 games that run on the Roblox platform are now available in both languages, along with community moderation, customer support and parental resources.

The gaming company also has been steadily growing as more kids join after hearing about it from friends or seeing its games played on YouTube, for example. Like Fortnite, it has become a place that kids go to “hang out” online even when not actively playing.

The games themselves are built by third-party creators, while Roblox gets a share of the revenue the games generate from the sale of virtual goods. In 2017, Roblox paid out $30 million to its creator community, and later said that number would more than double in 2018. It says that players and creators now spend more than a billion hours per month on its platform.

Roblox’s growth has not been without its challenges, however. Bad actors last year subverted the game’s protections to assault a child’s in-game avatar — a serious problem for a game aimed at kids, and a PR crisis, as well. But the company addressed the problem by quickly securing its platform to prevent future hacks of this kind, apologized to parents, banned the hackers and soon after launched a “digital civility initiative” as part of its broader push for online safety.

Months later, Roblox was still surging.

International expansion was part of the plan when Roblox chose to raise additional funding, despite already being cash-flow positive.

As CEO David Baszucki explained last fall, the idea was to create “a war chest, to have a buffer, to have the opportunity to do acquisitions,” and “to have a strong balance sheet as we grow internationally.”

The company soon made good on its to-do list, making its first acquisition in October 2018 when it picked up the app performance startup, PacketZoom. It also followed Minecraft’s footsteps into the education market, and has since been working to make its service available to a global base of users.

On that front, Roblox says Europe has played a key role, with millions of users and hundreds of thousands of game creators — like those behind the Roblox games “Ski Resort” (Germany), “Crash Course” (France) and “Heists 2 (U.K.).

In addition to French and German, Roblox is available in English, Portuguese and Spanish, and plans to support more languages in the coming months, it says.

But the company doesn’t want to face another incident or PR crisis as it moves into new countries.

On that front, Roblox is working with digital safety leaders in both France and Germany, as part of its Digital Civility Initiative. In France, it’s working with e-Enfance; and in Germany, it’s working with Unterhaltungssoftware Selbstkontrolle (USK). Roblox also added USK’s managing director, Elisabeth Secker, to the company’s Trust & Safety Advisory Board.

“We are excited to welcome Roblox as a new member to the USK and I’m honored to join the company’s Trust & Safety Advisory Board,” said Elisabeth Secker, Managing Director of the Entertainment Software Self-Regulation Body (USK), in a statement. “We are happy to support Roblox in their efforts to make their platform not only safe, but also to empower kids, teens, and parents with the skills they need to create positive online experiences.”

Powered by WPeMatico

Snap is channeling Asia’s messaging giants with its move into gaming

Snap is taking a leaf out of the Asian messaging app playbook as its social messaging service enters a new era.

The company unveiled a series of new strategies that are aimed at breathing fresh life into the service that has been ruthlessly cloned by Facebook across Instagram, WhatsApp and even its primary social network. The result? Snap has consistently lost users since going public in 2017. It managed to stop the rot with a flat Q4, but resting on its laurels isn’t going to bring back the good times.

Snap has taken a three-pronged approach: extending its stories feature (and ads) into third-party apps and building out its camera play with an AR platform, but it is the launch of social games that is the most intriguing. The other moves are logical, and they fall in line with existing Snap strategies, but games is an entirely new category for the company.

It isn’t hard to see where Snap found inspiration for social games — Asian messaging companies have long twinned games and chat — but the U.S. company is applying its own twist to the genre.

Powered by WPeMatico

India’s OYO enters Japan in partnership with SoftBank

Fresh from closing a notable investment from Airbnb, India’s OYO has expanded its footprint into Japan. The move comes through a joint venture with investor SoftBank — which led OYO’s $1 billion round last year through its Vision Fund — which will cover hotel-based accommodation and home rentals.

Financial details around the joint venture were not disclosed. An OYO representative declined to go into details when asked.

OYO started in India, where it initially aggregated budget hotels; it has since expanded into China, Malaysia, Nepal, the U.K., the UAE, Indonesia, the Philippines and — now — Japan. China, in particular, has shown promise, with OYO’s room inventory there reportedly double what it is in India.

The evolution has not just been a geographical one. Its business has moved from a laser focus on the long-tail of budget hotels to a broader “hospitality” play. It now includes managed private homes and, in India, wedding venues, holiday packages and co-working — while its hotel supply is a mixture of franchised and leased. It has also advanced its focus from budget-minded consumers to cover business travelers, too.

The Japanese JV will be led by Prasun Choudhary, whom OYO describes as a founding member of its team. Like OYO business elsewhere in the world, the company is appealing to small and medium hotel franchises and owners. On the consumer side, its prime segment is domestic and international travelers who seek “budget to mid-segment hospitality,” to use part of a statement from OYO founder and CEO Ritesh Agarwal, who is pictured in the image at the top of this post.

Agarwal is a Thiel fellow who started the company in 2011 when aged just 18. His original business, called Oravel, was an Airbnb clone that pivoted to become OYO. Today, that company is valued at $5 billion after raising more than $1.5 billion from investors.

SoftBank has previously struck joint ventures to bring other Vision Fund companies to Japan. Those include WeWork, Chinese ride-hailing firm Didi Chuxing and India’s Paytm, which launched a payment service in the country.

Powered by WPeMatico

Focaldata thinks it has some answers for campaigners in the age of Trump and Brexit

Political parties, campaigns and brands can’t get an accurate and cost-effective understanding of opinion in small geographic areas, like the constituencies of lawmakers. This is a big problem in political campaigning. And all political campaigning now has a huge online element, as we know. We also know political turbulence is one of the defining themes of our age.

But one thing is clear: All the players want faster, cheaper, more accurate and a more granular understanding of consumers and voters. In the age of AI, survey predictions are influenced as much as so many other machine-learning technology products.

Focaldata is a U.K. startup that thinks it has some of the answers to these quandaries. Their integrated consumer analytics and survey workflow application claims to give customers a more accurate and granular picture of consumers than traditional polling using machine learning. At the same time, they say their workflow software cuts down on the cost and time that market research takes.

The idea is that they employ a new machine learning-based technique (MRP) to generate survey “results.” This new methodology can use more information (such as old survey data or public statistics) than conventional methods, which lets them get accurate predictions in small geographic areas from the same sample sizes.

Founder Justin Ibbett had done MRP manually on his laptop a few times for some existing market research firms and realized how fiddly it was. “I felt a dedicated software application would reduce the complexity whilst making the results more accessible and useful — our early incarnations just delivered a spreadsheet!” he told me.

Much of Focaldata’s business has been in politics. They have worked with the pro-Remain group Best for Britain and the anti-Racism charity Hope not Hate on combating Far Right sentiment. However, most demand is now from large brand owners, such as ABInBev, a recent client.

They now have more than 10 paying clients, including big brands like M&C Saatchi.

Competitors include YouGov, Survation, Dalia Research (a Balderton-backed company) and standard market research agencies like Kantar and Ipsos Mori.

But against traditional agencies, Ibbett says their ML-based data processing engine sets them apart, allowing them to go very granular and get more accurate over time.

The market research market is £5 billion in the U.K. alone (PwC report, 2016) and global market research is a $40 billion market.

The startup has raised a £1.1 million seed round from notable U.K. angels, including Alex Chesterman, founder of Zoopla and Martin Bolland, founder of Alchemy Partners. Previously they raised a small pre-seed round from three other angels, including Xen Lategan (backer of Magic Pony and ex-Google, former CTO of News International).

CTO and co-founder Calvin Dudek was at Google for five years as a product manager, and ran Data Science Innovation at the DWP. Chief Data Scientist Takao Noguchi is a cognitive scientist.

Powered by WPeMatico

UK report blasts Huawei for network security incompetence

The latest report by a UK oversight body set up to evaluation Chinese networking giant Huawei’s approach to security has dialled up pressure on the company, giving a damning assessment of what it describes as “serious and systematic defects” in its software engineering and cyber security competence.

Although the report falls short of calling for an outright ban on Huawei equipment in domestic networks — an option U.S. president Trump continues dangling across the pond.

The report, prepared for the National Security Advisor of the UK by the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, also identifies new “significant technical issues” which it says lead to new risks for UK telecommunications networks using Huawei kit.

The HCSEC was set up by Huawei in 2010, under what the oversight board couches as “a set of arrangements with the UK government”, to provide information to state agencies on its products and strategies in order that security risks could be evaluated.

And last year, under pressure from UK security agencies concerned about technical deficiencies in its products, Huawei pledged to spend $2BN to try to address long-running concerns about its products in the country.

But the report throws doubt on its ability to address UK concerns — with the board writing that it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects”.

So it sounds like $2BN isn’t going to be nearly enough to fix Huawei’s security problem in just one European country.

The board also writes that it will require “sustained evidence” of better software engineering and cyber security “quality”, verified by HCSEC and the UK’s National Cyber Security Centre (NCSC), if there’s to be any possibility of it reaching a different assessment of the company’s ability to reboot its security credentials.

While another damning assessment contained in the report is that Huawei has made “no material progress” on issues raised by last year’s report.

All the issues identified by the security evaluation process relate to “basic engineering competence and cyber security hygiene”, which the board notes gives rise to vulnerabilities capable of being exploited by “a range of actors”.

It adds that the NCSC does not believe the defects found are a result of Chinese state interference.

This year’s report is the fifth the oversight board has produced since it was established in 2014, and it comes at a time of acute scrutiny for Huawei, as 5G network rollouts are ramping up globally — pushing governments to address head on suspicions attached to the Chinese giant and consider whether to trust it with critical next-gen infrastructure.

“The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated,” the report warns in one of several key conclusions that make very uncomfortable reading for Huawei.

“Overall, the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it adds in summary.

Reached for its response to the report, a Huawei UK spokesperson sent us a statement in which it describes the $2BN earmarked for security improvements related to UK products as an “initial budget”.

It writes:

The 2019 OB [oversight board] report details some concerns about Huawei’s software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year Huawei’s Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2BN.

A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.

Seeking to find something positive to salvage from the report’s savaging, Huawei suggests it demonstrates the continued effectiveness of the HCSEC as a structure to evaluate and mitigate security risk — flagging a description where the board writes that it’s “arguably the toughest and most rigorous in the world”, and which Huawei claims shows at least there hasn’t been any increase in vulnerability of UK networks since the last report.

Though the report does identify new issues that open up fresh problems — albeit the underlying issues were presumably there last year too, just laying undiscovered.

The board’s withering assessment certainly amps up the pressure on Huawei which has been aggressively battling U.S.-led suspicion of its kit — claiming in a telecoms conference speech last month that “the U.S. security accusation of our 5G has no evidence”, for instance.

At the same time it has been appealing for the industry to work together to come up with collective processes for evaluating the security and trustworthiness of network kit.

And earlier this month it opened another cyber security transparency center — this time at the heart of Europe in Brussels, where the company has been lobbying policymakers to help establish security standards to foster collective trust. Though there’s little doubt that’s a long game.

Meanwhile, critics of Huawei can now point to impatience rising in the U.K., despite comments by the head of the NCSC, Ciaran Martin, last month — who said then that security agencies believe the risk of using Huawei kit can be managed, suggesting the government won’t push for an outright ban.

The report does not literally overturn that view but it does blast out a very loud and alarming warning about the difficulty for UK operators to “appropriately” risk-manage what’s branded defective and vulnerable Huawei kit. Including flagging the risk of future products — which the board suggests will be increasingly complex to manage. All of which could well just push operators to seek alternatives.

On the mitigation front, the board writes that — “in extremis” — the NCSC could order Huawei to carry out specific fixes for equipment currently installed in the UK. Though it also warns that such a step would be difficult, and could for example require hardware replacement which may not mesh with operators “natural” asset management and upgrades cycles, emphasizing it does not offer a sustainable solution to the underlying technical issues.

“Given both the shortfalls in good software engineering and cyber security practice and the currently unknown trajectory of Huawei’s R&D processes through their announced transformation plan, it is highly likely that security risk management of products that are new to the UK or new major releases of software for products currently in the UK will be more difficult,” the board writes in a concluding section discussing the UK national security risk.

“On the basis of the work already carried out by HCSEC, the NCSC considers it highly likely that there would be new software engineering and cyber security issues in products HCSEC has not yet examined.”

It also describes the number and severity of vulnerabilities plus architectural and build issues discovered by a relatively small team in the HCSEC as “a particular concern”.

“If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly,” it warns. “Other impacts could include being able to access user traffic or reconfiguration of the network elements.”

In another section on mitigating risks of using Huawei kit, the board notes that “architectural controls” in place in most UK operators can limit the ability of attackers to exploit any vulnerable network elements not explicitly exposed to the public Internet — adding that such controls, combined with good opsec generally, will “remain critically important in the coming years to manage the residual risks caused by the engineering defects identified”.

In other highlights from the report the board does have some positive things to say, writing that an NCSC technical review of its capabilities showed improvements in 2018, while another independent audit of HCSEC’s ability to operate independently of Huawei HQ once again found “no high or medium priority findings”.

“The audit report identified one low-rated finding, relating to delivery of information and equipment within agreed Service Level Agreements. Ernst & Young concluded that there were no major concerns and the Oversight Board is satisfied that HCSEC is operating in line with the 2010 arrangements between HMG and the company,” it further notes.

Last month the European Commissioner said it was preparing to step in to ensure a “common approach” across the European Union where 5G network security is concerned — warning of the risk of fragmentation across the single market. Though it has so far steered clear of any bans.

Earlier this week it issued a set of recommendations for Member States, combining legislative and policy measures to assess 5G network security risks and help strengthen preventive measures.

Among the operational measures it suggests Member States take is to complete a national risk assessment of 5G network infrastructures by the end of June 2019, and follow that by updating existing security requirements for network providers — including conditions for ensuring the security of public networks.

“These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks,” it recommends. “The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.”  

At an EU level the Commission said Member States should share information on network security, saying this “coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level” — leaving the door open for further action.

While the EU’s executive body has not pushed for a pan-EU ban on any 5G vendors it did restate Member States’ right to exclude companies from their markets for national security reasons if they fail to comply with their own standards and legal framework.

Powered by WPeMatico

Europe is prepared to rule over 5G cybersecurity

The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to Chinese network equipment makers.

The Commission is considering a defacto ban on kit made by Chinese companies including Huawei in the face of security and espionage concerns, per Reuters.

Appearing on stage at the Mobile World Congress tradeshow in Barcelona today, Mariya Gabriel, European commissioner for digital economy and society, flagged network “cybersecurity” during her scheduled keynote, warning delegates it’s stating the obvious for her to say that “when 5G services become mission critical 5G networks need to be secure”.

Geopolitical concerns between the West and China are being accelerated and pushed to the fore as the era of 5G network upgrades approach, as well as by ongoing tensions between the U.S. and China over trade.

“I’m well away of the unrest among all of you key actors in the telecoms sectors caused by the ongoing discussions around the cybersecurity of 5G,” Gabriel continued, fleshing out the Commission’s current thinking. “Let me reassure you: The Commission takes your view very seriously. Because you need to run these systems everyday. Nobody is helped by premature decisions based on partial analysis of the facts.

“However it is also clear that Europe has to have a common approach to this challenge. And we need to bring it on the table soon. Otherwise there is a risk that fragmentation rises because of diverging decisions taken by Member States trying to protect themselves.”

“We all know that this fragmentation damages the digital single market. So therefore we are working on this important matter with priority. And to the Commission we will take steps soon,” she added.

The theme of this year’s show is “intelligent connectivity”; the notion that the incoming 5G networks will not only create links between people and (many, many more) things but understand the connections they’re making at a greater depth and resolution than has been possible before, leveraging the big data generated by many more connections to power automated decision-making in near real time, with low latency another touted 5G benefit (as well as many more connections per cell).

Futuristic scenarios being floated include connected cars neatly pulling to the sides of the road ahead of an ambulance rushing a patient to hospital — or indeed medical operations being aided and even directed remotely in real-time via 5G networks supporting high resolution real-time video streaming.

But for every touted benefit there are easy to envisage risks to network technology that’s being designed to connect everything all of the time — thereby creating a new and more powerful layer of critical infrastructure society will be relying upon.

Last fall the Australia government issued new security guidelines for 5G networks that essential block Chinese companies such as Huawei and ZTE from providing equipment to operators — justifying the move by saying that differences in the way 5G operates compared to previous network generations introduces new risks to national security.

New Zealand followed suit shortly after, saying kit from the Chinese companies posed a significant risk to national security.

While in the U.S. President Trump has made 5G network security a national security priority since 2017, and a bill was passed last fall banning Chinese companies from supplying certain components and services to government agencies.

The ban is due to take effect over two years but lawmakers have been pressuring to local carriers to drop 5G collaborations with companies such as Huawei.

In Europe the picture is so far more mixed. A UK government report last summer investigating Huawei’s broadband and mobile infrastructure raised further doubts, and last month Germany was reported to be mulling a 5G ban on the Chinese kit maker.

But more recently the two EU Member States have been reported to no longer be leaning towards a total ban — apparently believing any risk can be managed and mitigated by oversight and/or partial restrictions.

It remains to be seen how the Commission could step in to try to harmonize security actions taken by Member States around nascent 5G networks. But it appears prepared to set rules.

That said, Gabriel gave no hint of its thinking today, beyond repeating the Commission’s preferred position of less fragmentation, more harmonization to avoid collateral damage to its overarching Digital Single Market initiative — i.e. if Member States start fragmenting into a patchwork based on varying security concerns.

We’ve reached out to the Commission for further comment and will update this story with any additional context.

During the keynote she was careful to talk up the transformative potential of 5G connectivity while also saying innovation must work in lock-step with European “values”.

“Europe has to keep pace with other regions and early movers while making sure that its citizens and businesses benefit swiftly from the new infrastructures and the many applications that will be built on top of them,” she said.

“Digital is helping us and we need to reap its opportunities, mitigate its risks and make sure it is respectful of our values as much as driven by innovation. Innovation and values. Two key words. That is the vision we have delivered in terms of the defence for our citizens in Europe. Together we have decided to construct a Digital Single Market that reflects the values and principles upon which the European Union has been built.”

Her speech also focused on AI, with the commissioner highlighting various EC initiatives to invest in and support private sector investment in artificial intelligence — saying it’s targeting €20BN in “AI-directed investment” across the private and public sector by 2020, with the goal for the next decade being “to reach the same amount as an annual average” — and calling on the private sector to “contribute to ensure that Europe reaches the level of investment needed for it to become a world stage leader also in AI”.

But again she stressed the need for technology developments to be thoughtfully managed so they reflect the underlying society rather than negatively disrupting it. The goal should be what she dubbed “human-centric AI”.

“When we talk about AI and new technologies development for us Europeans it is not only about investing. It is mainly about shaping AI in a way that reflects our European values and principles. An ethical approach to AI is key to enable competitiveness — it will generate user trust and help facilitate its uptake,” she said.

“Trust is the key word. There is no other way. It is only by ensuring trustworthiness that Europe will position itself as a leader in cutting edge, secure and ethical AI. And that European citizens will enjoy AI’s benefits.”

Powered by WPeMatico