News Hub

Huawei-built Papua New Guinea data centre riddled with security flaws

Written by Wed 12 Aug 2020

Report also claims software licenses expired and degraded batteries left unreplaced

A data centre built by beleaguered Chinese tech giant Huawei for Papua New Guinea (PNG) in 2018 is plagued with cybersecurity issues, exposing PNG Government data to hackers.

A report commissioned by the Australia-funded PNG National Cyber Security Centre and authored by a security expert hired by the Australian Government claimed old encryption software employed by Huawei exposed data to threat actors.

The report also claimed firewalls deployed by Huawei failed to meet data centre security requirements for government data archives.

Specifically, the lack of switches behind the firewalls meant system security settings could not detect remote access.

The firewalls were allegedly out-of-date as far back as 2016, two years before the data centre opened its doors.

The data centre, financed through a $53 million loan from China’s Exim Bank, is also in dire need of funds to improve maintenances and operations, the report claimed.

Critical software licenses have expired and degraded batteries used to ensure uptime have not been replaced.

The report said the facility may require a full rebuild and the PNG Government is allegedly seeking financial assistance from Australia for an upgrade, according to Australian Financial Review.

The report’s findings deal another blow to Huawei, which has faced intense scrutiny in the West over its connections to the Chinese Government, ultimately ending the company’s involvement in 5G infrastructure projects in US, Britain, Australia and France.

China has been gaining a foothold in developing countries in the Pacific and elsewhere by providing cut-price loans for infrastructure projects.

The data centre, located in PNG capital Port Morseby, was developed as part of a wider $147 million deal to build a national broadband network.

In 2016 Huawei won the tender to be the main supplier of the project, but in 2018 Western countries tabled a last-minute counteroffer which the country declined. The Pacific nation cited contractual obligations and dismissed claims the tech giant’s infrastructure posed a security risk.

Questions will now be raised about the security of the 3390-mile submarine cable network, which when constructed will link 14 coastal towns in the country and provide 8Tbps capacity.

Written by Wed 12 Aug 2020


Send us a correction Send us a news tip