NCSC Expert Calls Huawei Security ‘Very, Very Shoddy’

The technical director of the National Cyber Security Centre (NCSC) has criticised Huawei’s “very, very shoddy” security engineering and said this “poor engineering” could lead to the gear being banned from Westminster and other sensitive areas.

Dr. Ian Levy said Huawei’s engineering practices were more of a concern than any potential efforts by China to use the firm as a spying gateway into Western countries.

“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000,” Levy told the BBC’s Panorama programme.  “It’s very, very shoddy and leads to cyber security issues that we then have to manage long term. It’s just poor engineering.”

Levy said as a result ministers could consider “geographic restrictions” such as banning Huawei equipment from Westminster.

Dr Ian Levy, technical director of the NCSC. Image credit: NCSC


He added that the NCSC, which is operated by GCHQ, had seen nothing to give it confidence that Huawei’s promised transformation programme would “do what they say it’s going to do”.

Western governments have been under sustained pressure from the US in recent months to ban Huawei from their next-generation mobile networks, something UK network operators say could delay 5G launches by up to two years and cost the economy up to £6.8 billion.

The government has not yet clarified its plans on whether it will restrict or ban Huawei, and is expected to to so in May.

In the meantime British security officials have been increasingly vocal in their criticism of security defects in Huawei equipment, while maintaining that risks posed by the company can be managed and that they have found no evidence of malicious action on Huawei’s part.

In its fifth annual report, the Huawei Cyber Security Evaluation Centre (HCSEC), which works with the NCSC to oversee Huawei products destined for use in the UK, called attention to “major defects” in the quality of Huawei’s security and software engineering and “concerning issues in Huawei’s approach to software development”.

Fighting back

A Huawei spokesman said the company took such issues seriously and that they would be addressed by the previously announced $2bn (£1.52bn) transformation programme.

In recent months the company has been more vocal in fighting back against US allegations, and Ryan Ding, the executive director of Huawei’s carrier division, told Panorama that the US concerns were ill-informed.

“We have a country here that virtually uses no Huawei equipment and doesn’t even know whether our 5G equipment is square or round, and yet it has been incessantly expressing security concerns over Huawei,” Ding said.

Huawei’s UK chief executive, Jerry Wang, over the weekend condemned the US’ “relentless innuendo” against his firm, calling it “a sustained campaign of ill-informed accusations”.

Writing in The Telegraph, Wang at the same time said Huawei accepts the HCSEC’s findings and acknowledges “that there are issues that need to be put right”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

US Tells UK It Still Has ‘Significant Concerns’ Over Huawei

With a UK decision on Huawei expected by the end of the month, US officials maintain 'significant concerns' about the…

8 hours ago

Apple Fixed Tracking Flaws In Safari, But Google Director Disagrees

Google identified multiple privacy flaws in Apple's Safari browser, which the iPad maker said it has fixed, but a Google…

13 hours ago

Amazon Files Motion To Halt Microsoft Work On Pentagon JEDI Contract

Amazon has (as expected) filed a motion with US court to halt Microsoft's work on Pentagon JECI contract until appeal…

14 hours ago

Sonos Angers Owners Again With Update Cancellation

Speaker maker Sonos angers its customer base yet again, by confirming it will halt software updates for older equipment from…

16 hours ago

Microsoft Confirms Breach Of 250 Million Customer Service Records

My bad. 250 million customer service and support records have been exposed by Microsoft on unsecured cloud database during the…

18 hours ago

Did Saudi Arabia Hack Phone Of Amazon Boss Jeff Bezos?

Owner of the Washington Post allegedly had his phone hacked months before murder of Post journalist Jamal Khashoggi in Saudi…

1 day ago