Huawei hardware may be a UK security risk

null

Huawei says it is committed to addressing concerns raised by a new UK government report that its telecommunications network equipment poses a threat to national security.

The Banbury-based Huawei Cyber Security Evaluation Centre (HCSEC) is a specialist unit formed in 2010 to monitor the use of the equipment in the UK’s network infrastructure. It is overseen by UK security agencies, including GCHQ, and reports to the National Security Adviser.

Huawei has effectively been frozen out of several markets, most notably the US, due to concerns that the company has links with the Chinese government. However BT and a number of other British telcos are customers, while Huawei has pledged to spend billions in the UK.

For its part, Huawei has continually denied such allegations.

Huawei security

This latest annual report, the HCSEC’s fourth, found it could only offer “limited” assurance that Huawei equipment was safe to use. It said there had been a lack of progress in resolving previous concerns, while a visit to Huawei facilities in Shenzhen had identified a lack of scrutiny with third party components.

“Identification of shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management,” said the report.

“Due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the Oversight Board can provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated. We are advising the National Security Adviser on this basis.”

Huawei told TechRadar Pro that it acknowledged the report and that its concerns were evidence that the current structure was working.

“We are grateful for this feedback and committed to addressing these issues,” said a spokesperson. “Cyber security remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems.”

Earlier this year the UK’s National Cybersecurity Centre (NCSC) warned UK telcos that the use of equipment made by ZTE, Huawei’s domestic rival, would introduce security risks that could not be mitigated – partly because it would interfere with the monitoring of Huawei kit.