UK gov: Huawei hardware could pose national security risk

Oversight Board says the company has yet to adopt required engineering changes

Huawei building

Chinese firm Huawei has come under scrutiny from the UK government over concerns that its involvement in the country's critical telecoms networks could pose a risk to national security.

The warning follows similar probes in the US that have scuppered expansion attempts by Chinese manufacturers trying to gain commercial ground.

Advertisement - Article continues below

In April, the US Federal Communications Commission agreed to proceed with plans to block federally funded communications firms from using technology developed by the likes of Huawei and ZTE over fears that the companies operate too closely with the Chinese government and allow for backdoors to be established into US infrastructure.

The UK government's concerns were raised in the form of a report released by the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, which acts as an advisory panel for the UK government by monitoring Huawei's own security research group.

The Huawei-owned HCSEC itself acts as a middle-man security assessment organisation between Huawei and the government to "mitigate any perceived risks arising from the involvement of Huawei in parts of the UK's critical national infrastructure".

But the report from the Oversite Board highlighted that the "identification of shortcomings in Huawei's engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management".

"The Oversight Board can provide only limited assurance that any risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated," it said. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The report, which is the fourth in a series of annual publications by the body, stated that Huawei had failed to provide the technical assurance needed to satisfy government concerns.

Chief among these is the development of consistent binary code for products marketed to the UK, essentially to make it easier for security agencies to prevent potentially malicious code being released into national infrastructure.

"It is the NCSC intent that all products deployed in the UK will have repeatable builds and that HCSEC will be able to routinely show equivalence between the binary installed in UK networks and the binary that can be built from the source code held by HCSEC," the report stated.

However, the Oversight Board warned that the "engineering changes have not yet been integrated into the wider development process," and as such, it can only provide "limited assurance" that Huawei products are safe for rollout.

Huawei said it welcomed the Oversight Board report, in a statement to TechCrunch, adding that had "identified some areas for improvement in our engineering processes".

Advertisement - Article continues below

"We are grateful for this feedback and committed to addressing these issues. Cyber security remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems," the statement added.

Earlier this year the UK's NCSC expressed similar concerns over the use of products owned by the Moscow-based antivirus firm Kaspersky. Although Kaspersky's products have yet to be banned in UK government departments as they have in the US, advisories have urged companies to avoid using such software.

Image: Shutterstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020