A UK government report has found “serious vulnerabilities” in Huawei products and “significant technical issues” in its engineering process.
The Chinese telecoms provider and phone maker has faced repeated allegations of espionage, largely from the US, because of its ties to the Communist Party of China. No evidence has been provided to support these allegations and Huawei has strongly refuted them.
Similarly, today’s report on the Huawei security risk – issued by the National Cyber Security Centre (NCSC) – did not find any evidence of deliberate espionage. However, it strongly criticised the tech giant for poor practices that could result in unintended security risks.
Last month, the NCSC recommended that Huawei 5G technology should not be banned in the UK. The UK government is expected to decide whether or not to ban the Chinese telecoms equipment by early April.
Huawei security risk requires “ongoing management”
Huawei is seen as a crucial player in bringing 5G to the UK, largely because its technology is cheaper than that of its rivals.
In 2010, the NCSC – part of GCHQ – set up the Huawei Cyber Security Evaluation Centre (HCSEC) to run security checks on its hardware and software.
The centre, also known as ‘The Cell’, is located on the outskirts of Banbury, UK. It has drawn criticism in the past due to it being staffed largely by Huawei engineers.
In 2014 a board chaired by NCSC chief Ciaran Martin was set up to monitor The Cell, releasing a report each year on Huawei’s technology.
Today’s report is arguably the most important, with the US ramping up its rhetoric against the company in recent months and warning allies against installing Huawei tech.
Elsewhere in the 46-page document, the Oversight Board said it found that “no material progress has been made by Huawei in the remediation of the issues reported last year”.
Huawei’s approach to software development also brings “significantly increased risk to UK operators, which requires ongoing management and mitigation,” the report said.
As a result of these findings, the Oversight Board can only provide “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK”.
It added that it would be difficult to manage the risk of future products deployed in the UK until these “underlying defects” are remediated, and that it has not yet seen anything to instill confidence that it can address these issues.
A Huawei representative told the BBC that the firm understood the concerns over its software engineering capability and took them “very seriously”.
Read more: Is Huewai too big to ban?