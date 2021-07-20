Sign In Register
5G
6G
The Core
The Edge
Open RAN
Private Networks
The Cloud
Security
AI/Automation
Cable Tech
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS/CX
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
Satellite
Video/Media
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Optical Networking Digital SymposiumEdge Computing Digital Symposium
Events Archives
Digital Event Archives Cable Next-Gen Europe Digital Symposium Asia Tech 2021 Digital Symposium 5G Orchestration & Service Assurance Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security

Huawei fails latest (pointless) UK security check-up

News Analysis Iain Morris, International Editor 7/20/2021
Comment (0)

A UK government report card on the security of Huawei's equipment would seem largely redundant. The Chinese vendor, after all, was hit with a 5G ban last year. All three operators that use Huawei – BT, Three and Vodafone – have identified alternative suppliers and are discarding their Chinese products like mouldy fortune cookies.

But the latest verdict from the Huawei Cyber Security Evaluation Centre (HCSEC) could have relevance simply because Huawei may be around in UK mobile until 2028, if operators work to the deadline set by the government. More importantly, a decision has still not been taken on Huawei's role in UK fixed. It remains one of the biggest suppliers of fiber access products to BT, the market incumbent.

UK watchdogs continue to find vulnerabilities in Huawei products. (Source: Pixabay)
UK watchdogs continue to find vulnerabilities in Huawei products.
(Source: Pixabay)

The headline judgement, then, is a concern for both Huawei and BT. After carrying out its inspections last year, HCSEC determined there had been "no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC [National Cyber Security Centre]." A government agency that reckons Huawei has not markedly improved is unlikely to recommend it be used in 5G, fiber or anywhere else.

Its finding comes after Huawei promised back in dim and distant 2018 to spend as much as $2 billion on rectifying the problems HCSEC had then identified. Earlier this year, the company made a big deal of its pivot to software, depicting a future in which Huawei is recognized more as a composer of code than a builder of boxes. "Overall software capabilities have seen remarkable progress and we will continue," said Eric Xu, one of Huawei's rotating bosses, during an analyst summit in April.

Some plus points

The HCSEC report is not entirely negative. It does, for instance, laud Huawei's efforts to address vulnerabilities caused by poor code quality in its fixed access portfolio – presumably including products sold to BT. After attention by Huawei, those vulnerabilities have now all been "remediated," said HCSEC.

One of its main issues previously was that Huawei had continued to use components the industry no longer supports, making them more vulnerable to exploitation. By the end of last year, Huawei and its customers had updated 52% of these equipment boards and another 17% had reached the end of their natural life. "Overall, Huawei and UK operators have made considerable progress at remediating the risk during 2020," said HCSEC, adding that any risks to the UK should fall to a manageable level this year.

Huawei, unsurprisingly, has seized on these more positive bullet points as evidence of progress. In a statement emailed to Light Reading, it noted that: "The report concludes Huawei has made 'sustained progress' in addressing issues highlighted in previous reports and has made 'considerable progress' in third-party component support."

Want to know more about 5G? Check out our dedicated 5G content channel here on Light Reading.

The problem for Huawei is that – even if wins unconditional praise next time round – it is highly unlikely to be allowed back into UK mobile. For one thing, operators are already partway through a costly swap-out. For another, the UK government has unsurprisingly sided with the democratic US against one-party China in the latest geopolitical clash. Huawei and other Chinese firms, it reckons, are not to be trusted because they are ultimately answerable to the Chinese government. No gold star for cyber security is going to change that position.

In this context, there is still a risk the government moves to ban Huawei from the fixed access market, too. Wary of this possibility, BT recently introduced a third vendor in the shape of Adtran, a US firm, alongside Huawei and Nokia. But a government directive forcing it to replace Huawei could drive up its costs. It might also delay BT's rollout of full-fiber networks at a time when fixed broadband access is more economically important than ever.

Curiously, the wider world has no idea whether products designed by Huawei's rivals are any safer. There has never been an Ericsson or Nokia Cyber Security Evaluation Centre, proving the campaign against Huawei is about geopolitics rather than the nitty gritty of coding vulnerabilities. A Nordic identity does not guarantee that products are flawless.

Related posts:

— Iain Morris, International Editor, Light Reading

COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Be the first to post a comment regarding this story.
EDUCATIONAL RESOURCES
FEATURED VIDEO
UPCOMING LIVE EVENTS
Optical Networking Digital Symposium
September 16, 2021, Digital Symposium
Edge Computing Digital Symposium
September 30, 2021, Digital Symposium
The Programmable Telco Digital Symposium
November 16-18, 2021, Two Day Digital Symposium
All Upcoming Live Events
UPCOMING WEBINARS
July 21, 2021 How Low-Latency DOCSIS Can Be a Game-Changer
July 21, 2021 Creating a Data-Driven CSP with TELUS and Google Cloud
July 22, 2021 The Journey to Virtualized RAN – Insights 2021
July 22, 2021 Unlocking Enterprise Growth with 5G
August 10, 2021 Step up to Wi-Fi 6 and maximize the performance of legacy networks
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
STC Academy Digital Transformation in Talent Development By
Huawei’s Bill Tang: Target Efforts to Protect Networks and Bring Warmth With Huawei Service By Huawei
China Mobile Partners With Huawei to Build the World's Largest IoT Support Platform By Huawei
It's Time to Be Proactive By Dean Stoneback, SCTE
3E-Architecture Helps Operators Towards a Value-Centric 5G Evolution By ZTE
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
The impact of the ever-shifting edge By Mark Myslinski, Broadcast Solutions Manager, Synamedia
The future of open networking and open RAN in the digital networking era By Chris Rice, CEO Access Solutions, STL
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE