The report notes, “The evidence of sustained change is especially important as similar strongly worded commitments from Huawei in the past have not brought about any discernible improvements”.
On Thursday, in a significant development, Britain has publicly chastised Huawei Technologies for failing to fix long-standing security flaws in its mobile network equipment and revealed new “significant technical issues,” thus increasing the pressure on the Chinese company which faces very serious allegations of spying.
In a report that published today, a British government-led board that oversees the vetting of Huawei gear in Britain disclosed, Huawei’s equipment faces continued problems and its software development had “significantly increased risk to UK operators.”
The British government board, which includes officials from Britain’s GCHQ communications intelligence agency stated, Huawei had made “no material progress” towards addressing these security flaws. The board does not have confidence in Huawei’s capacity to deliver on proposed measures to address “underlying defects.”
The report comes at a time when Huawei faces allegations of being a front for Chinese intelligence. Its operations have been under intense scrutiny in recent months.
Officials from several countries around the globe, including in the United States, have been increasingly vocal in voicing concerns that Huawei’s equipment could be used by Beijing for spying or sabotage, especially in the next generation of mobile networks, known as 5G.
In a statement, Huawei stated, it took the oversight board’s concerns “very seriously” and that the issues identified in the report “provide vital input for the ongoing transformation of our software engineering capabilities”.
In 2017, the Chinese company had pledged to spend more than $2 billion, as part of an effort, to address these systemic issues. It has warned that it could take up to 5 years to see the results.
The board’s report states, “These findings are about basic engineering competence and cyber security hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors. NCSC (National Cyber Security Centre) does not believe that the defects identified are a result of state interference”.
The report of the oversight board will help form future government policy on network security, say officials. The final decision however will be with ministers.
According to British officials, Huawei had failed to follow through on security commitments it had made as far back as 2012, more than 5 years ago.
“The evidence of sustained change is especially important as similar strongly worded commitments from Huawei in the past have not brought about any discernible improvements,” said the report.
The 40-plus-page report has pointed out several new technical issues that are specific to Huawei equipment and revealed that the problems were at a greater scale than was previously publicly acknowledged.
The board also stated, there were “serious and systematic defects in Huawei’s software engineering and cyber security competence”.
“The oversight board advises that it will be difficult to appropriately risk manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated.”