Chinese telecommunication equipment giant Huawei Technologies is putting UK national security at risk by failing to improve its devices and software, according to a report by its oversight body.
The annual report by the watchdog, which examines how the company conducts its UK operations and is funded by Huawei, concluded it has not seen anything to give it confidence in Huawei’s ability to improve defects in cyber security and software engineering.
The publication of the report, which echoed complaints made last year, comes as the UK is preparing to roll out fifth-generation mobile networks. Culture Secretary Jeremy Wright is currently considering the results of a review into the resilience of the telecom supply chain.
While Thursday’s report from Huawei’s oversight board makes clear it “has seen nothing to give confidence” that the company can fix its long-term security risk management, this is only one element Wright will examine before making recommendations to the National Security Council.
The report identified:
Further significant technical issues in Huawei’s engineering processes, leading to new risks in UK telecommunications networks
A Huawei spokesman said, "The oversight provided for in our mitigation strategy for Huawei’s presence in the UK is arguably the toughest and most rigorous in the world. This report does not, therefore, suggest that the UK networks are more vulnerable than last year."
The Huawei Cyber Security Evaluation Centre and its oversight board are funded by Huawei, and staffed by both Huawei employees and representatives from the UK’s National Cyber Security Centre. Based at Banbury in Oxfordshire, northwest of London, the center’s board is made up of around 35 UK-security approved cyber experts, and chaired by the head of the NCSC. It was established in 2010 to provide insight for the British government into the company’s strategies and products.
The center approved and employed one person who later failed vetting and had to be removed, Thursday’s report said. His or her clearance was equivalent to the government privileges required for “frequent, uncontrolled access to classified information and is mandatory for members of the intelligence services”, the report said.
The Chinese company has a significant presence in the UK. Huawei has signed contracts with all four UK mobile networks to test its 5G wireless equipment, deepening the Chinese vendor’s involvement in Britain’s telecom industry as officials weigh whether to ban the company over security concerns.
Although critical of Huawei, the UK is still no closer to putting in place any restrictions on the company. Taking a softer approach to Huawei could put the country at odds with some of its closest security counterparts, including in the so-called Five Eyes network, the pan-national intelligence sharing network which comprises the US, Canada, Australia, New Zealand and the UK.
Officials from the US have been warning allies over letting carriers work with Huawei. The head of the UK’s foreign intelligence agency MI6 Alex Younger has denied lobbying from the US.
"We believe the DCMS supply chain review will make the right choice, and we also believe that DCMS recommendations to the operators will enable them to build not only a secure telecoms infrastructure but also the most advanced 5G network," said David Wang, Huawei’s president of products and solutions, via a translator on a call with reporters Thursday.