Huawei could be banned from Westminster following "shoddy" security

(Image credit: Shutterstock) (Image credit: Shutterstock)

GCHQ has suggested that mobile operators could be banned from using Huawei equipment in and around Westminster due to concerns about the company’s software engineering practices.

All four major UK operators use Huawei’s radio equipment in their networks, but its use is subject to monitoring by a dedicated organisation set up by the National Cybersecurity Centre (NCSC).

The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board’s most recent report found "significant technical issues in Huawei's engineering processes" and that the company's approach to software development brings "significantly increased risk to UK operators".

Security concerns

Huawei has acknowledged the report and has pledged to invest $2 billion to remedy the concerns – a commitment reiterated to by the head of the company’s carrier business Ryan Ding. However, GCHQ’s Dr Ian Levy told the BBC' Panorama programme that the organisation was unconvinced.

"The security in Huawei is like nothing else - it's engineering like it's back in the year 2000 - it's very, very shoddy,” he is quoted as saying ahead of the programme airing later tonight. “We've seen nothing to give us any confidence that the transformation programme is going to do what they say it's going to do."

Several countries are scrutinising the use of Huawei equipment in their telecommunications infrastructure amid concerns it could be a threat to national security. Chief among these are the US which believes the company’s alleged links to the Chinese government mean there is a significant risk of backdoors that could be used to facilitate state-sponsored espionage.

Huawei has repeatedly denied the allegations, claiming the US has absolutely no evidence to support them. Despite this, Washington has urged its allies to ditch Huawei from their communications infrastructure.

In the UK, all four operators are Huawei customers but only use the company’s kit in their radio networks – not the core.

Espionage fears

The Department for Culture, Media and Sport (DCMS) is set to publish a review of the UK’s telecoms infrastructure next month. Any move to exclude Huawei from the UK market would be met with resistance from operators who fear costs would rise and innovation would decrease, but it is now thought that limits on the use of Huawei kit would be the most extreme outcome.

In practice, operators would be restricted to using equipment from the company across half of their infrastructure. The suggestion is that such a compromise would allow officials to manage any perceived risk while ensuring “diversity of supply.”

This would be a far more palatable outcome to operators, who oppose any outright ban, as they use a mixture of Huawei, Nokia and Ericsson equipment in their networks. A report from industry body Mobile UK has suggested that any ban could delay the rollout of 5G deployment by up to two years and cost the UK economy £6.8 billion.

Levy said that despite GCHQ’s concerns about Huawei’s engineering, it did not think that backdoors were a likely risk and that communications carried across the network were encrypted independently of the network.

Huawei response

“The 2019 [Oversight Board (OB)] report details some concerns about Huawei's software engineering capabilities,” a Huawei spokesperson told TechRadar Pro. “We understand these concerns and take them very seriously.

“The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year Huawei's Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2bn.

“A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.”

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.