March 28, 2019

Huawei security risk: UK report finds “serious vulnerabilities” in 5G tech

By Robert Scammell

A UK government report has found “serious vulnerabilities” in Huawei products and “significant technical issues” in its engineering process.

The Chinese telecoms provider and phone maker has faced repeated allegations of espionage, largely from the US, because of its ties to the Communist Party of China. No evidence has been provided to support these allegations and Huawei has strongly refuted them.

Similarly, today’s report on the Huawei security risk – issued by the National Cyber Security Centre (NCSC) – did not find any evidence of deliberate espionage. However, it strongly criticised the tech giant for poor practices that could result in unintended security risks.

Last month, the NCSC recommended that Huawei 5G technology should not be banned in the UK. The UK government is expected to decide whether or not to ban the Chinese telecoms equipment by early April.

Huawei security risk requires “ongoing management”

Huawei is seen as a crucial player in bringing 5G to the UK, largely because its technology is cheaper than that of its rivals.

In 2010, the NCSC – part of GCHQ – set up the Huawei Cyber Security Evaluation Centre (HCSEC) to run security checks on its hardware and software.

The centre, also known as ‘The Cell’, is located on the outskirts of Banbury, UK. It has drawn criticism in the past due to it being staffed largely by Huawei engineers.

In 2014 a board chaired by NCSC chief Ciaran Martin was set up to monitor The Cell, releasing a report each year on Huawei’s technology.

Today’s report is arguably the most important, with the US ramping up its rhetoric against the company in recent months and warning allies against installing Huawei tech.

Elsewhere in the 46-page document, the Oversight Board said it found that “no material progress has been made by Huawei in the remediation of the issues reported last year”.

Huawei’s approach to software development also brings “significantly increased risk to UK operators, which requires ongoing management and mitigation,” the report said.

As a result of these findings, the Oversight Board can only provide “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK”.

It added that it would be difficult to manage the risk of future products deployed in the UK until these “underlying defects” are remediated, and that it has not yet seen anything to instill confidence that it can address these issues.

A Huawei representative told the BBC that the firm understood the concerns over its software engineering capability and took them “very seriously”.

Read more: Is Huewai too big to ban?


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: