Huawei has failed to tackle security fears, says GCHQ
HUAWEI has failed to tackle national security fears raised by GCHQ, a report has revealed.
Britain’s cyber spies have warned they can have “no confidence” in the Chinese firm until significant shortcomings have been addressed.
The latest annual report from the Huawei Cyber Security Evaluation Centre says it is not possible to offer any degree of confidence that the problems i dentified in the past have been addressed by the technology firm. The
report makes clear there has been no significant improvement in the firm’s engineering practices and overall cyber security. “Unless and until a detailed and satisfactory plan has been provided, it is not possible to offer any degree of confidence that the identified problems can be addressed by Huawei,” the report states.
The UK’S National Cyber Security Centre (NCSC), the public-facing arm of Britain’s cyber spy agency GCHQ, advises the Government on national security risks associated with having Huawei equipment embedded throughout the country’s telecoms networks. Earlier this year the Government decided to remove Huawei kit from Britain’s 5G infrastructure by 2027 citing security fears. Some equipment manufactured by the Chinese firm still sits in existing 3G and 4G networks.
The oversight board that produced the report was established in 2010 following concerns around the use of Huawei’s technology in British phone networks and critical infrastructure.
One vulnerability in the technology was caused by “particularly poor code quality ... and the use of an old operating system,” the report states. “UK operators needed to take extraordinary action to mitigate the risk.”
Huawei has since fixed the specific vulnerabilities in the UK, but in doing so introduced an additional major issue into the product.
Despite promising to fix vulnerabilities and improve overall cyber security, the report makes clear there has been little action from the Chinese firm.
It says: “It will be difficult to appropriately risk-manage future products ... until the underlying defects in Huawei’s software engineering and cyber security processes are remediated.”
However, the report states the NCSC did not believe the defects identified were a result of Chinese state interference. Bob Seely, a member of the foreign affairs committee, said: “This is a poor state of affairs, especially as Huawei kit will remain in the network and even add to it, despite the ban.”
A Huawei spokesman said: “The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities.”