5G Security News

UK government issues a warning of Huawei

UK government’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board just published its fifth annual report for the Cabinet Secretary.

The board, which is chaired by the head of GCHQ’s National Cyber Security Centre, has issued its harshest warning yet over the cyber security risks posed by Huawei and their involvement in future 5G networks.

US government effectively banned Huawei from the US market since a report from US Congress in 2012 labeled it a national security threat. Washington has been since pressuring its allies to join the ban. Some, like Australia followed the suit. Others, like Germany or UK, haven’t, seeking instead specific evidence of Huawei’s cybersecurity threat.

The UK report doesn’t offer any evidence of the gear having backdoors that would allow Chinese government to spy or disrupt communications – the specific claim that Washington is making – but it does raise concerns about Huawei’s cybersecurity practices that could lead to its gear being exploited by any malicious actor.

Few key points from the report:

  • Further significant technical issues have been identified in Huawei’s engineering processes, leading to new risks in the UK telecommunications networks;
  • No material progress has been made in the remediation of the issues reported last year;
  • It will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated;
  • The Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects;
  • Due to various build-related issues, it is hard to be confident that different deployments of similar Huawei equipment are broadly equivalently secure;
  • Analysis of wider software component lifecycle management revealed flaws that cause significant cyber security and availability risks;
  • HCSEC has continued to find serious vulnerabilities in the Huawei products examined.

Report findings could have global ramifications. Wireless carriers in UK and around the world are on the verge of transitioning to 5G. They are either testing the Huawei 5G gear, which is considered to be the most advanced, and/or integrate with older Huawei equipment that would be incompatible with competitor’s 5G equipment. Carriers are closely following the Huawei saga and many have issued warnings that a ban on Huawei equipment would set back the race to 5G and cost the industry hundreds of millions of dollars. UK’s advanced cybersecurity agencies and the dedicated Huawei Cyber Security Evaluation Centre are seen around the globe as one of the most reliable and objective arbiters of Huawei cybersecurity risks and this report will influence decisions globally.

Full report is available here: https://www.gov.uk/government/publications/huawei-cyber-security-evaluation-centre-oversight-board-annual-report-2019

For why this matter and why 5G is more than just faster movie downloads to a mobile, see this article: How 5G Will Transform the Global Economy and Societies

Avatar of Marin Ivezic
Marin Ivezic
Website | Other articles

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.

Related Articles

Back to top button
Share via
Copy link
Powered by Social Snap