The government-led watchdog set up to vet Huawei products has given a damning report on the cybersecurity risks posed by the Chinese companyâs involvement in the British telecommunications industry.
The annual report published by the Huawei oversight board, which is chaired by the head of GCHQâs National Cyber Security Centre, said it has found further âsignificant technical issues in Huaweiâs engineering processes leading to new risks in the UK telecommunications networksâ.
The 46-page report did not call for a ban on Huaweiâs equipment being used in the roll-out of next-generation 5G networks, which critics say could be exploited to allow Beijing to spy on communications in the UK. Huawei denies the accusations.
The watchdog said Huawei had made âno material progressâ in addressing security flaws identified in last yearâs report and raised serious doubts about the Chinese companyâs ability to deliver a $2bn (ÂŁ1.5bn) programme to address concerns previously raised by the UK watchdog.
âAt present, the oversight board has not yet seen anything to give it confidence in Huaweiâs capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects,â the report said. â[Our] work has continued to identify concerning issues in Huaweiâs approach to software development bringing significantly increased risk to UK operators.â
The report casts doubt on whether UK operators should be involved with Huawei over the future roll-out of telecommunications networks.
âIt will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huaweiâs software engineering and cyber security processes are remediated,â the report said.
The US has put increasing pressure on the UK and other countries to stop Huawei from being involved in the roll-out of future 5G networks. Countries including New Zealand and Australia have stopped Huawei from being involved, citing national security concerns.
The report said that last year âseveral hundred vulnerabilities and issuesâ were reported to UK operators to inform the risk management of their networks. The report said the National Cyber Security Centre did not believe the defects identified in Huawei equipment âare the result of Chinese state interferenceâ.
An NCSC spokesman said: âHuaweiâs presence in the UK is subject to detailed, formal oversight. This report illustrates above all the need for improved cybersecurity in the UK telecoms networks.â
The annual report does not suggest the UK networks are more vulnerable than in 2017.
âThe report details some concerns about Huaweiâs software engineering capabilities,â a spokesman for Huawei said. âWe understand these concerns and take them very seriously. The issues identified in the report provide vital input for the ongoing transformation of our software engineering capabilities.â
A final decision on Huaweiâs involvement in the roll-out of the UKâs 5G networks is likely to be part of a government review of the telecoms market and infrastructure, which is due to be published in coming weeks.
Gloss