Britain slams Huawei for failing to address security risks
By Bloomberg | 28 Mar 2019 at 19:52hrs
Chinese telecommunication equipment giant Huawei Technologies Co. is putting U.K. national security at risk by failing to improve its devices and software, according to a report by its oversight body.
The annual report by the watchdog, which examines how the company conducts its U.K. operations and is funded by Huawei, concluded it has not seen anything to give it confidence in Huawei's ability to improve defects in cyber security and software engineering.
The publication of the report, which echoed complaints made last year, comes as the U.K. is preparing to roll out fifth-generation mobile networks. Culture Secretary Jeremy Wright is currently considering the results of a review into the resilience of the telecom supply chain.
While Thursday's report from Huawei's oversight board makes clear it "has seen nothing to give confidence" that the company can fix its long-term security risk management, this is only one element Wright will examine before making recommendations to the National Security Council.
The report identified:
Further significant technical issues in Huawei's engineering processes, leading to new risks in U.K. telecommunications networks No material progress has been made by Huawei regarding issues reported last year "Significant, concerning issues" in its approach to software development, "bringing significantly increased risk" to U.K. operators U.K. networks are not more vulnerable than last year because the technical insight provided to British operators allows them to plan more effective defenses.
A Huawei spokesman said: "The oversight provided for in our mitigation strategy for Huawei's presence in the U.K. is arguably the toughest and most rigorous in the world. This report does not, therefore, suggest that the U.K. networks are more vulnerable than last year."
The Huawei Cyber Security Evaluation Centre and its oversight board are funded by Huawei, and staffed by both Huawei employees and representatives from the U.K.'s National Cyber Security Centre. Based at Banbury in Oxfordshire, northwest of London, the center's board is made up of around 35 U.K.-security approved cyber experts, and chaired by the head of the NCSC. It was established in 2010 to provide insight for the British government into the company's strategies and products.
The center approved and employed one person who later failed vetting and had to be removed. Thursday's report said. His or her clearance was equivalent to the government privileges required for "frequent, uncontrolled access to classified information and is mandatory for members of the intelligence services", the report said.
The Chinese company has a significant presence in the U.K. Huawei has signed contracts with all four U.K. mobile networks to test its 5G wireless equipment, deepening the Chinese vendor's involvement in Britain's telecom industry as officials weigh whether to ban the company over security concerns.
Although critical of Huawei, the U.K. is still no closer to putting in place any restrictions on the company. Taking a softer approach to Huawei could put the country at odds with some of its closest security counterparts, including in the so-called Five Eyes network, the pan-national intelligence sharing network which comprises the U.S., Canada, Australia, New Zealand and the U.K.
Officials from the U.S. have been warning allies over letting carriers work with Huawei. The head of the U.K.'s foreign intelligence agency MI6 Alex Younger has denied lobbying from the U.S.
"We believe the DCMS supply chain review will make the right choice, and we also believe that DCMS recommendations to the operators will enable them to build not only a secure telecoms infrastructure but also the most advanced 5G network," said David Wang, Huawei's president of products and solutions, via a translator on a call with reporters Thursday.