Shortcomings in products supplied by Huawei to the UK’s telecoms networks may pose a risk to national security, a government report has warned.
The Chinese multinational’s products reportedly present a number of technical issues, including point vulnerabilities and more strategic architectural and process problems.
“[We] can provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated,” states the report. “We are advising the National Security Adviser on this basis.”
The annual report was published last night by an oversight body tasked with keeping watch on the Huawei Cyber Security Evaluation Centre, a unit in Oxfordshire operated by Huawei to vet the use of its own products in the telecoms infrastructure. It found no evidence of compromise.
HCSEC is now aiming to address security issues found in Huawei’s source code by mid 2020. A Huawei spokesperson said: “Huawei welcomes the Oversight Board report. It confirms that the collaborative approach adopted by Huawei, the UK Government and operators is working as designed, meeting obligations and providing unique, world class network integrity assurance through ongoing risk management. The report concludes that HCSEC’s operational independence is both robust and effective.
“The Oversight Board has identified some areas for improvement in our engineering processes. We are grateful for this feedback and are committed to addressing these issues. Cyber security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems”.
Concerns about Huawei tech expose a bigger problem facing the UK
NS Tech analysis
While the US government has hardened its stance against Huawei in recent years, the British government has welcomed the Chinese telecoms giant with open arms. Huawei has pledged to spend billions of pounds in the UK, and has won major infrastructure contracts.
In this context, the report is likely to make uncomfortable reading for the company’s executives. Huawei’s work in the UK is an integral part of its international marketing strategy, and serves to convince other Western governments that its products can be trusted.
The board’s concerns have been passed on to the National Security Adviser, Mark Sedwill, who has the power to prohibit the use of the technology in critical infrastructure. But banning Huawei wouldn’t solve the key challenge facing government: how do you establish trust in critical infrastructure when you depend on foreign technology? While Britain excels in some areas of deep tech, the type of hardware that Huawei specialises in is not one of them. Telecoms operators have no choice but to look abroad for certain technologies.
Given that China’s investment in R&D is continuing to rise, it’s likely the UK will only become more reliant on Chinese hardware in the coming years, whether we like it or not.