Huawei Poses Security Threat, Says UK Watchdog

Chinese vendor falls short of industry good practice and its lack of progress on addressing security concerns has been 'disappointing,' says a new report.

Iain Morris, International Editor

July 20, 2018

5 Min Read
Huawei Poses Security Threat, Says UK Watchdog

Cybersecurity experts have warned the British government in a new report that China's Huawei poses a threat to the security of UK telecom networks and described its lack of progress on addressing security concerns as "disappointing."

The Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 to monitor the Chinese equipment vendor and report back to government authorities, said it could provide "only limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated."

In one of its key findings, HCSEC said the "identification of shortcomings in Huawei's engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management."

The language used implies the security threat has grown in the last year, with earlier reports concluding any risks "had been mitigated."

Huawei Technologies Co. Ltd. is the world's largest supplier of network equipment and services to communications service providers. It sells products to most of Europe's biggest operators, several of which are active in the UK, and is currently helping BT-owned Openreach to build an all-fiber broadband network. (See Eurobites: Openreach Turns to Nokia, Huawei for 'Fibre First' Aid.)

Huawei's critics have expressed concern about its close ties to Chinese state authorities and say they are worried its products may be used for surveillance purposes by the Chinese government.

Such concern has effectively locked Huawei out of the US market since 2012, when a US government report warned the country's biggest telcos off using the Chinese vendor's equipment and services. A simmering trade dispute between the US and China has heightened tensions, with US critics also accusing the Chinese of intellectual property theft.

Huawei has also encountered a backlash in Australia, where political opponents want it blocked from selling next-generation 5G products to Australian operators. Huawei is already banned from dealing with Australia's National Broadband Network, a government-backed wholesale business, and Australian authorities recently took steps to prevent it from building a subsea cable to the Solomon Islands. (See Huawei Is Main Sponsor of Trips by Australian Politicians, Says Report.)

Responding to the findings in this week's HCSEC report, a Huawei spokesperson said: "The oversight board has identified some areas for improvement in our engineering processes. We are grateful for this feedback and are committed to addressing these issues. Cybersecurity remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems."

Shedding more light on its work, HCSEC said it had examined Huawei products and "solutions" used by four UK operators during its reporting period and uncovered "a significant number of point vulnerabilities and more strategic architectural and process issues."

Huawei was also criticized for its use of third-party software that is "not subject to sufficient control" and its failure to manage third-party components, including open source code, used in its products.

In particular, HCSEC notes that support for some third-party software will end in 2020, even though products using this software may remain in deployment. While security authorities are currently in discussions with Huawei about this issue, HCSEC said "there is a significant risk in the UK telecoms infrastructure if Huawei and the operators are unable to support these boards long-term."

Delivering its concluding assessment, HCSEC said: "Huawei's processes continue to fall short of industry good practice and make it difficult to provide long-term assurance. The lack of progress in remediating these is disappointing."

For all the latest news from the wireless networking and services sector, check out our dedicated mobile content channel here on Light Reading.

Huawei's opponents in other jurisdictions are likely to seize on those findings as they push for tougher sanctions against Huawei and smaller Chinese rival ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763).

US authorities have only just lifted a ban that stopped ZTE from buying any US components and had threatened the company's survival. ZTE was previously charged with selling equipment including US components to Iran and North Korea, in breach of US sanctions, and then of lying about the steps it had taken to make amends. (See ZTE Stock Rises After US Lifts Ban.)

The HCSEC report comes several months after the UK's National Cyber Security Centre, which collaborates with HCSEC, warned UK operators off using ZTE's products. (See ZTE Labeled Security Risk by UK Government.)

"NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated," said Ian Levy, the NCSC's technical director, in a statement issued at the time.

The government backlash against China's vendors could drive service providers to consider using alternative suppliers such as Ericsson AB (Nasdaq: ERIC) and Nokia Corp. (NYSE: NOK), both of which compete in international markets against Huawei and ZTE.

Italy's Wind Tre has already replaced ZTE with Ericsson on one of its network projects and other operators are understood to be weighing their options.

Börje Ekholm, Ericsson's CEO, said it was hard to speculate about the impact of sanctions against Chinese companies. "Of course the uncertainty that some of the operators have faced following sanctions raises the topic of how to deal it," he told analysts during an earnings call this week. "How that plays out is way too early to discuss. Yes, we did win a deal in Italy, but I think we did that based on our competitive product offering." (See Ericsson's R&D Workout Piles 5G Pressure Onto Rivals and Ericsson Back in Profit After Fierce Cuts & 5G Action.)

— Iain Morris, International Editor, Light Reading

Read more about:


About the Author(s)

Iain Morris

International Editor, Light Reading

Iain Morris joined Light Reading as News Editor at the start of 2015 -- and we mean, right at the start. His friends and family were still singing Auld Lang Syne as Iain started sourcing New Year's Eve UK mobile network congestion statistics. Prior to boosting Light Reading's UK-based editorial team numbers (he is based in London, south of the river), Iain was a successful freelance writer and editor who had been covering the telecoms sector for the past 15 years. His work has appeared in publications including The Economist (classy!) and The Observer, besides a variety of trade and business journals. He was previously the lead telecoms analyst for the Economist Intelligence Unit, and before that worked as a features editor at Telecommunications magazine. Iain started out in telecoms as an editor at consulting and market-research company Analysys (now Analysys Mason).

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like