An oversight board set up in the UK to monitor the use of Huawei’s equipment in critical telecoms infrastructure has identified ‘new risks’ to security.
While countries like the US and Australia have taken hardline stances against the use of Chinese telecoms equipment from the likes of Huawei in critical infrastructure, the UK has been more accommodating.
Chinese telecoms equipment manufacturers are some of the world’s most innovative. In fact, some experts believe companies like Huawei are at least a year ahead of some of their Western counterparts.
Back in 2010, the UK set up the Huawei Cyber Security Evaluation Centre (HCSEC) where UK intelligence experts from the GCHQ spy agency examine the company’s equipment for any potential security threats.
‘Exposed New Risks’
HCSEC’s oversight board has identified new risks arising from Huawei’s engineering process which exposes a risk to UK telecoms networks.
"Identification of shortcomings in Huawei's engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management," officials said in the report.
The oversight board releases annual reports and has identified some minor problems in the past.
Last year, for example, the audit identified one low-rated finding and two advisory issues, all relating to the retention of auditable information. Each issue had an agreed rectification plan.
However, for the first time, HCSEC’s board said:
“Due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the Oversight Board can provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated.”
The report highlights concerns about technical issues limiting security researchers' ability to check internal product code, and the sourcing of components from outside suppliers which are used in Huawei products.
Huawei welcomed the report, saying it showed the HCSEC is working.
"The report concludes that HCSEC's operational independence is both robust and effective. The Oversight Board has identified some areas for improvement in our engineering processes," a Huawei spokesman said.
"We are grateful for this feedback and are committed to addressing these issues. Cybersecurity remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems."
In countries where Huawei is finding it difficult to gain state approval for the use of its equipment in national infrastructure, the company has shown a willingness to set-up centres similar to HCSEC in the UK.
John Lord, Chairman of Huawei Australia, spoke of the UK arrangement saying: “That was the way to enter the market and be as open as possible, and that's what we are offering around the world. We believe that all telcos should be open, and equipment should be checked.”
Considering the Trump administration’s tough stance on China, it’s unlikely Huawei will be gaining much traction in the US anytime soon. Huawei appears to have accepted this.
"There are things we cannot change its course, and it’s better not to put it on top of your mind," said Eric Xu, Huawei's CEO during its analyst event in April. "In this way, we have more energy and time to serve our customers, and to build better products to meet the needs of our customers.”
“In some cases, just let it go and we’ll feel at ease."
What are your thoughts on the HCSEC board’s latest report? Let us know in the comments.