Huawei criticised by UK for security flaws in its mobile network
The UK has criticised Chinese tech giant Huawei for failing to fix security flaws in its mobile network equipment and has revealed new technical issues, as the company fights suspicions that it could be a Trojan horse for China’s spies.
Read more: Trump: UK's 5G plans put national security at risk
In its report, released today, a government-led board overseeing Huawei's security said: “HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation.”
Last year Huawei said it would spend more than $2bn (£1.52bn) to address problems previously identified by the UK, but warned it could take up to five years to see results.
But the report warned: “No material progress has been made on the issues raised in the previous 2018 report.”
It said it was only able to provide “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK.”
It said it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects” and said it will “require sustained evidence of better software engineering and cyber security quality.”
“Overall, the oversight board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it said.
Huawei said in a statement: "The 2019 oversight board report details some concerns about Huawei's software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the oversight board report provide vital input for the ongoing transformation of our software engineering capabilities."
Read more: China backs Huawei's bid to sue United States
"A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation."