UK government’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board just published its fifth annual report for the Cabinet Secretary.

The board, which is chaired by the head of GCHQ’s National Cyber Security Centre, has issued its harshest warning yet over the cyber security risks posed by Huawei and their involvement in future 5G networks.

US government effectively banned Huawei from the US market since a report from US Congress in 2012 labeled it a national security threat. Washington has been since pressuring its allies to join the ban. Some, like Australia followed the suit. Others, like Germany or UK, haven’t, seeking instead specific evidence of Huawei’s cybersecurity threat.

The UK report doesn’t offer any evidence of the gear having backdoors that would allow Chinese government to spy or disrupt communications – the specific claim that Washington is making – but it does raise concerns about Huawei’s cybersecurity practices that could lead to its gear being exploited by any malicious actor.

Few key points from the report:

  • Further significant technical issues have been identified in Huawei’s engineering processes, leading to new risks in the UK telecommunications networks;
  • No material progress has been made in the remediation of the issues reported last year;
  • It will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated;
  • The Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects;
  • Due to various build-related issues, it is hard to be confident that different deployments of similar Huawei equipment are broadly equivalently secure;
  • Analysis of wider software component lifecycle management revealed flaws that cause significant cyber security and availability risks;
  • HCSEC has continued to find serious vulnerabilities in the Huawei products examined.

Report findings could have global ramifications. Wireless carriers in UK and around the world are on the verge of transitioning to 5G. They are either testing the Huawei 5G gear, which is considered to be the most advanced, and/or integrate with older Huawei equipment that would be incompatible with competitor’s 5G equipment. Carriers are closely following the Huawei saga and many have issued warnings that a ban on Huawei equipment would set back the race to 5G and cost the industry hundreds of millions of dollars. UK’s advanced cybersecurity agencies and the dedicated Huawei Cyber Security Evaluation Centre are seen around the globe as one of the most reliable and objective arbiters of Huawei cybersecurity risks and this report will influence decisions globally.

Full report is available here: https://www.gov.uk/government/publications/huawei-cyber-security-evaluation-centre-oversight-board-annual-report-2019

For why this matter and why 5G is more than just faster movie downloads to a mobile, see this article: How 5G Will Transform the Global Economy and Societies

marin@5g.security | Website | Other articles

Marin Ivezic is a Partner at PwC (PricewaterhouseCoppers) specializing in risks of emerging technologies. He leads PwC’s global 5G cybersecurity efforts. He also leads cybersecurity for the Telecommunications, Media & Technology sector; and Industrial, IoT, Critical Infrastructure & Cyber-Kinetic security capabilities in the region. All these focus areas are being transformed with the emergence of 5G. Marin worked with critical infrastructure protection organizations in a dozen countries, 20+ of the top 100 telecom companies, and a number of technology companies on understanding the geopolitics of 5G; uncovering as-yet-unknown security and privacy risks of 5G, AI and IoT; and defining novel security and privacy approaches to address emerging technology risks.

luka@5g.security | Website | Other articles

Luka Ivezic is an independent consultant and author exploring geopolitical and socioeconomic implications of emerging technologies such as 5G, Artificial Intelligence (AI) and Internet of Things (IoT). To better observe policy discussions and societal attitudes towards early adoptions of emerging technologies, Luka spent last five years living between US, UK, Denmark, Singapore, Japan and Canada. This has given him a unique perspective on how emerging technologies shape different societies, and how different cultures determine technological development.