UK finds more Huawei risks to telecoms networks
Cyber security body identifies ‘further significant technical issues’ in Chinese mobile giant's engineering processes
London — Britain has identified “significant” issues in Huawei’s engineering processes that pose “new risks” for the nation’s telecommunications, a government report found on Thursday amid lingering global suspicion over the Chinese technology giant.
“Further significant technical issues ‘have been identified in Huawei’s engineering processes, leading to new risks in the UK telecommunications networks,” read annual findings from the Huawei Cyber Security Evaluation Centre oversight board.
Huawei is the leading manufacturer of equipment for next-generation 5G mobile networks with almost instantaneous data transfer that will become the nervous system of Europe’s economy, in strategic sectors like energy, transport, banking and health care.
However, some Western nations have barred it amid fears Beijing could gain access to sensitive communications and critical infrastructure.
A Huawei spokesman on Thursday said it was taking the British concerns “very seriously” and they would be used as part of its “ongoing” process to improve its capabilities.
The Huawei Cyber Security Evaluation Centre stressed that in the report that it “does not believe that the defects identified are a result of Chinese state interference”. The board added, however, that “no material progress has been made by Huawei in the remediation of the issues reported last year”.
It concluded: “Overall, the oversight board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term.”
The Huawei Cyber Security Evaluation Centre was formed in 2010 to mitigate perceived risks arising from the involvement of Huawei in critical national infrastructure.
The government-led board includes officials from Britain’s GCHQ cybersecurity agency as well as a senior Huawei executive and representatives from the UK telecommunications sector.
Thursday’s report “details some concerns about Huawei’s software-engineering capabilities”, the Huawei spokesman added. “We understand these concerns and take them very seriously. The issues identified provide vital input for the ongoing transformation of our software engineering capabilities,” he said.
The spokesman noted that Huawei’s board of directors had in 2018 launched a company-wide $2bn (€1.8bn) transformation plan to enhance those capabilities.
“The mechanism of collaboration between Huawei and the UK government continues to work properly — the identification of the issues in the report is an indication of the Huawei Cyber Security Evaluation Centre model working properly,” he insisted.
Thursday’s report was published two days after the European Commission presented its plan to ensure the secure introduction of 5G telecoms networks.
The commission has not yet urged European countries to follow the example of the US, Australia or Japan in banning or restricting deals with the firm. However, it will now take steps to determine the extent of the risk and encourage EU members to share information. The plan calls for member states to report back on any security threats to their national network infrastructure by June 30.
After that, the European Agency for Cybersecurity will be given until October 1 to produce a report evaluating the risks at a European level. Then member states will debate what if any measures to take, with a decision before the end of 2019.
Huawei stands accused by the US of posing a security risk to western networks, because of its alleged ties to Chinese intelligence. Nevertheless, some European countries are in negotiations with Huawei to deploy its advanced technology to power the faster wireless networks of the future.
Washington has banned Huawei’s 5G technology from its territory and has urged its allies to follow suit or face losing some of their own access to American intelligence.
The New York-based Soufan Group, which compiles security assessments, warned that the use of Huawei technology could have “repercussions” for member nations in the Five Eyes intelligence-sharing collective. All five members — Australia, Britain, Canada, New Zealand and the US — have taken at least some steps toward limiting Huawei’s role in sensitive infrastructure.
“The US and many others fear using Huawei is essentially allowing the Chinese government to access sensitive or vital systems and infrastructure,” said the Soufan Group in a commentary. “Some of the Five Eyes are still considering using Huawei in some fashion, a choice that could have enormous repercussions for the entire group.”