Unusually direct criticism of Chinese giant, with no confidence expressed in its ability to deal with “underlying defects”
Chinese networking giant Huawei Technologies has been dealt a serious blow after a British government report was scathing about its security failings.
The 40-plus page report was highly critical of Huawei, and expressed a lack of confidence in its ability to fix long-standing security flaws, some of which date back years.
The harsh criticism may have effectively scuppered any last remaining hopes the Chinese firm harboured for supply equipment for the UK’s forthcoming 5G networks.
The government report came from the UK’s National Cyber Security Centre (NCSC), which is part of GCHQ. Its remit is to provide government organisations and UK-based businesses with advice on how to defend against cyber threats.
A unit called the Huawei Cyber Security Evaluation Centre (HCSEC), which overseas the use of foreign products, created this week’s damming report.
It said that it had “continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation.”
“At present, the Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects,” the report bluntly stated.
“The Board will require sustained evidence of better software engineering and cyber security quality verified by HCSEC and NCSC,” it added.
“Overall, the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it concluded.
Essentially the report did not state that Huawei is deliberately developing backdoors or working to carry out espionage on behalf of the Chinese government.
But rather, the report slammed Huawei’s poor practices that create vulnerabilities that in turn pose security risks.
US secretary of state Mike Pompeo has previously told allies that “America may not be able to operate in certain environments if there is Huawei technology adjacent to that”.
Poland has recently banned Huawei equipment from its 5G network following the arrest of an alleged spy who had been employed by the Chinese company.
Meanwhile the UK’s official position on an outright Huawei ban has been mixed at best.
It should be remembered that since 2010 Huawei maintains a security centre in the UK where British national security officials can review its equipment for any possible issues.
That didn’t stop the British government last November warning telcos against using equipment makers such as Huawei when rolling out 5G networks.
BT subsequently pledged to remove Huawei equipment from the next-generation emergency services communication network it is developing for the government
It should also be noted that a number of British mobile operators are against an outright ban, with Vodafone and Three both warning that shutting out Huawei would delay the UK’s 5G deployment by months or years.
Do you know all about security? Try our quiz!