NCSC Expert Calls Huawei Security ‘Very, Very Shoddy’

The technical director of the National Cyber Security Centre (NCSC) has criticised Huawei’s “very, very shoddy” security engineering and said this “poor engineering” could lead to the gear being banned from Westminster and other sensitive areas.

Dr. Ian Levy said Huawei’s engineering practices were more of a concern than any potential efforts by China to use the firm as a spying gateway into Western countries.

“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000,” Levy told the BBC’s Panorama programme.  “It’s very, very shoddy and leads to cyber security issues that we then have to manage long term. It’s just poor engineering.”

Levy said as a result ministers could consider “geographic restrictions” such as banning Huawei equipment from Westminster.

Dr Ian Levy, technical director of the NCSC. Image credit: NCSC


He added that the NCSC, which is operated by GCHQ, had seen nothing to give it confidence that Huawei’s promised transformation programme would “do what they say it’s going to do”.

Western governments have been under sustained pressure from the US in recent months to ban Huawei from their next-generation mobile networks, something UK network operators say could delay 5G launches by up to two years and cost the economy up to £6.8 billion.

The government has not yet clarified its plans on whether it will restrict or ban Huawei, and is expected to to so in May.

In the meantime British security officials have been increasingly vocal in their criticism of security defects in Huawei equipment, while maintaining that risks posed by the company can be managed and that they have found no evidence of malicious action on Huawei’s part.

In its fifth annual report, the Huawei Cyber Security Evaluation Centre (HCSEC), which works with the NCSC to oversee Huawei products destined for use in the UK, called attention to “major defects” in the quality of Huawei’s security and software engineering and “concerning issues in Huawei’s approach to software development”.

Fighting back

A Huawei spokesman said the company took such issues seriously and that they would be addressed by the previously announced $2bn (£1.52bn) transformation programme.

In recent months the company has been more vocal in fighting back against US allegations, and Ryan Ding, the executive director of Huawei’s carrier division, told Panorama that the US concerns were ill-informed.

“We have a country here that virtually uses no Huawei equipment and doesn’t even know whether our 5G equipment is square or round, and yet it has been incessantly expressing security concerns over Huawei,” Ding said.

Huawei’s UK chief executive, Jerry Wang, over the weekend condemned the US’ “relentless innuendo” against his firm, calling it “a sustained campaign of ill-informed accusations”.

Writing in The Telegraph, Wang at the same time said Huawei accepts the HCSEC’s findings and acknowledges “that there are issues that need to be put right”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

3 days ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

3 days ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

3 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

4 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

4 days ago