NCSC Expert Calls Huawei Security ‘Very, Very Shoddy’

The technical director of the National Cyber Security Centre (NCSC) has criticised Huawei’s “very, very shoddy” security engineering and said this “poor engineering” could lead to the gear being banned from Westminster and other sensitive areas.

Dr. Ian Levy said Huawei’s engineering practices were more of a concern than any potential efforts by China to use the firm as a spying gateway into Western countries.

“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000,” Levy told the BBC’s Panorama programme.  “It’s very, very shoddy and leads to cyber security issues that we then have to manage long term. It’s just poor engineering.”

Levy said as a result ministers could consider “geographic restrictions” such as banning Huawei equipment from Westminster.

Restrictions

He added that the NCSC, which is operated by GCHQ, had seen nothing to give it confidence that Huawei’s promised transformation programme would “do what they say it’s going to do”.

Western governments have been under sustained pressure from the US in recent months to ban Huawei from their next-generation mobile networks, something UK network operators say could delay 5G launches by up to two years and cost the economy up to £6.8 billion.

The government has not yet clarified its plans on whether it will restrict or ban Huawei, and is expected to to so in May.

In the meantime British security officials have been increasingly vocal in their criticism of security defects in Huawei equipment, while maintaining that risks posed by the company can be managed and that they have found no evidence of malicious action on Huawei’s part.

In its fifth annual report, the Huawei Cyber Security Evaluation Centre (HCSEC), which works with the NCSC to oversee Huawei products destined for use in the UK, called attention to “major defects” in the quality of Huawei’s security and software engineering and “concerning issues in Huawei’s approach to software development”.

Fighting back

A Huawei spokesman said the company took such issues seriously and that they would be addressed by the previously announced $2bn (£1.52bn) transformation programme.

In recent months the company has been more vocal in fighting back against US allegations, and Ryan Ding, the executive director of Huawei’s carrier division, told Panorama that the US concerns were ill-informed.

“We have a country here that virtually uses no Huawei equipment and doesn’t even know whether our 5G equipment is square or round, and yet it has been incessantly expressing security concerns over Huawei,” Ding said.

Huawei’s UK chief executive, Jerry Wang, over the weekend condemned the US’ “relentless innuendo” against his firm, calling it “a sustained campaign of ill-informed accusations”.

Writing in The Telegraph, Wang at the same time said Huawei accepts the HCSEC’s findings and acknowledges “that there are issues that need to be put right”.