British Report Highlights Security Issues in Huawei Networking Gear

Posted on March 28, 2019 by Paul Thurrott in Cloud with 10 Comments

While the country still doesn’t recommend a ban, Britain this week publicly complained about the security risk of Huawei’s networking gear, citing years-long quality problems and Huawei’s inability to fix them.

“These findings are about basic engineering competence and cyber security hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors,” a National Cyber Security Centre (NCSC) report notes, adding that Huawei will need to dramatically improve its response to issues. “The evidence of sustained change is especially important as strongly-worded commitments from Huawei in the past have not brought about any discernible improvements.”

The report describes “significant” flaws in Huawei’s existing networking hardware, which has been present in the UK’s infrastructure for over 15 years. This report is notable because the United States is calling, mostly unsuccessfully, for its allies to ban Huawei as they build out next-generation 5G networks. It has never provided any evidence that backs up its fears of the company and other Chinese-based technology giants.

The NCSC previously reported that Huawei hardware is not used in any governmental or otherwise sensitive networks. As it does with all governmental technology providers, Huawei is subject to strict and ongoing security reviews in the country, and none have ever led to any suspicions.

On that note, the UK-based security agency’s report stopped short of recommending a ban, noting that past problems with Huawei networking gear were just design flaws, not backdoors for the Chinese government. The problem, put simply, is a lack of quality and follow-through when problems are identified.

“NCSC does not believe that the defects identified are a result of state interference,” the report explains.

Huawei has already pledged to spend $2 billion over the next five years to improve the quality of its software and security processes. And it says it will address the NCSC complaints.

“The report details some concerns about Huawei’s software engineering capabilities,” a corporate statement reads. “We understand these concerns and take them very seriously.”

Tagged with

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register