UK criticises security of Huawei products
A UK
government report into Huawei's broadband and mobile infrastructure equipment
has concluded that it has "only limited assurance" that the kit poses
no threat to national security.
The
investigation revealed shortcomings in the Chinese firm's engineering
processes, which it said "have exposed new risks in UK telecoms
networks".
It added
that "significant work" was required to tackle the issues.
In response,
Huawei acknowledged there were "some areas for improvement".
A spokesman
for the firm added: "We are grateful for this feedback and are committed
to addressing these issues.
"Cyber-security
remains Huawei's top priority, and we will continue to actively improve our
engineering processes and risk management systems."
Huawei is
the world's biggest producer of telecoms equipment and is a major supplier of
broadband and mobile network gear in Britain.
The report
was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was
set up in 2010 in response to concerns that BT and others' use of the firm's
equipment could pose a threat.
The body is
overseen by UK security officials, including ones from spy agency GCHQ.
It said that
it was disappointed that there had been a "lack of progress" in
tackling previously identified shortcomings.
Furthermore,
it highlighted that a visit to Shenzhen in 2017 had revealed the company was
failing to keep proper watch over the use of third-party components.
"[It
was] identified that not all components are managed through this process and,
in particular, security critical third-party software used in a variety of
products was not subject to sufficient control," it said.
The news
comes as the US steps up efforts to ban Huawei's equipment from its country's
networks.
Australia is
also considering banning the firm from being involved in its planned 5G
network, over concerns that Beijing could force the firm to hand over sensitive
data.
This is the
UK's fourth annual report into Huawei. The previous three concluded that any
risks posed by the firm to the UK's national security "had been
mitigated".
Security
expert and former consultant to GCHQ Alan Woodward said: "It's difficult
not to conclude that Huawei appears to be falling short in doing what is
required to enable the UK government to confidently give the green light to use
its equipment in critical areas."
He added
that an earlier warning given by GCHQ's National Cyber Security Centre (NCSC)
about using equipment from another Chinese firm ZTE had highlighted that
Beijing had passed new laws giving it the right to interfere with its products.
"In
that context it is doubly important that this unit can be totally confident in
any equipment being sourced from Chinese companies," Mr Woodward said.
"If the
UK cannot be totally confident in the assuring the security of any equipment it
should not be placed in our critical infrastructure."
The NCSC has
responded saying that the Oversight Board behind the report "provided a
valuable role" in evaluating risks related to Huawei.
A UK
government report into Huawei's broadband and mobile infrastructure equipment
has concluded that it has "only limited assurance" that the kit poses
no threat to national security
The
investigation revealed shortcomings in the Chinese firm's engineering
processes, which it said "have exposed new risks in UK telecoms
networks".
It added
that "significant work" was required to tackle the issues.
In response,
Huawei acknowledged there were "some areas for improvement".
A spokesman
for the firm added: "We are grateful for this feedback and are committed
to addressing these issues.
"Cyber-security
remains Huawei's top priority, and we will continue to actively improve our
engineering processes and risk management systems."
Huawei is
the world's biggest producer of telecoms equipment and is a major supplier of
broadband and mobile network gear in Britain.
The report
was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was
set up in 2010 in response to concerns that BT and others' use of the firm's
equipment could pose a threat.
The body is
overseen by UK security officials, including ones from spy agency GCHQ.
It said that
it was disappointed that there had been a "lack of progress" in
tackling previously identified shortcomings.
Furthermore,
it highlighted that a visit to Shenzhen in 2017 had revealed the company was
failing to keep proper watch over the use of third-party components.
"[It
was] identified that not all components are managed through this process and,
in particular, security critical third-party software used in a variety of
products was not subject to sufficient control," it said.
The news
comes as the US steps up efforts to ban Huawei's equipment from its country's
networks.
Australia is
also considering banning the firm from being involved in its planned 5G
network, over concerns that Beijing could force the firm to hand over sensitive
data.
This is the
UK's fourth annual report into Huawei. The previous three concluded that any
risks posed by the firm to the UK's national security "had been
mitigated".
Security
expert and former consultant to GCHQ Alan Woodward said: "It's difficult
not to conclude that Huawei appears to be falling short in doing what is
required to enable the UK government to confidently give the green light to use
its equipment in critical areas."
He added
that an earlier warning given by GCHQ's National Cyber Security Centre (NCSC)
about using equipment from another Chinese firm ZTE had highlighted that
Beijing had passed new laws giving it the right to interfere with its products.
"In
that context it is doubly important that this unit can be totally confident in
any equipment being sourced from Chinese companies," Mr Woodward said.
"If the
UK cannot be totally confident in the assuring the security of any equipment it
should not be placed in our critical infrastructure."
The NCSC has
responded saying that the Oversight Board behind the report "provided a
valuable role" in evaluating risks related to Huawei.
Comments