UK security watchdog has warned of “repeated discovery of critical shortfalls” in Huawei’s engineering processes
Chinese telecommunications vendor Huawei – which is under assault from a range of western governments concerned its hardware could be used as a Trojan horse by Chinese intelligence services – has pledged $2 billion to transform how it approaches engineering its software and hardware, according to a new report from Bloomberg.
The report cites company sources as pledging to transform the way Huawei engineers software, “instead of merely applying one-off changes and workarounds in response to specific demands from companies and governments.” The proposal will reportedly be presented to the UK’s National Cyber Security Centre within days.
UK Pulls Huawei Equipment Apart – Sees “Critical Shortfalls”
The UK has a watchdog dedicated to pulling apart Huawei equipment and checking how robust its security is. The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board is chaired by NCSC CEO Ciaran Martin and in a July report warned it was increasingly unable to guarantee the security of the equipment.
“This is due to the repeated discovery of critical shortfalls, including but not limited to BEP and the third party component support issue, in the Huawei engineering practices and processes that will cause long term increased risk in the UK” it said.
Huawei makes everything from the routers and switches that direct traffic across the internet, to BT’s green street cabinets, to mobile transmission equipment used in masts.
Watchdog: “Limited Assurance” on Huawei Security
Cybersecurity experts told Computer Business Review at the time they believed an oversight board, however competent, has “very little chance of determining whether there are state sponsored vulnerabilities within extremely complex products.”
HCSEC added it can only offer “limited assurance [on the security of Huawei products] due to the lack of the required end-to-end traceability from source code examined by HCSEC through to executables use by the UK operators”.
The HCSEC board concluded: “Huawei’s processes continue to fall short of industry good practice and make it difficult to provide long term assurance. The lack of progress in remediating these is disappointing.”
Huawei: Not in Favour
Governments in the US, New Zealand and Australia have legislated to block the use of Huawei’s equipment in future 5G networks.
Earlier this week, meanwhile, the head of MI6 suggested the UK needed to decide if it was “comfortable” with Chinese ownership of the technology being used.
Intelligence hackles have been raised further by a legal basis that the Chinese government could use to mandate Huawei’s compliance with state security interests.
Article 7 of China’s National Intelligence Law (国家情报法), released in June 2017, declares: ‘All organizations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work, and guard the secrecy of national intelligence work they are aware of.”
It adds: “The state will protect individuals and organizations that support, cooperate with, and collaborate in national intelligence work.’”
Huawei officials will present the details of the software revamp to the British government’s NCSC in coming days before it presents it to the public, Bloomberg cited one source as saying.