LONDON—Chinese telecom company Huawei has been strongly criticized in the United Kingdom for its security failings.
The board overseeing Huawei equipment in the UK, which is linked to the Government Communications Headquarters (GCHQ) security service, said Huawei had failed to fix long-standing security issues.
Since that time, Huawei has made “no material progress” to correct security flaws in its equipment, which underpins the UK’s communications networks, according to the report.
The board also said it no longer had confidence in Huawei’s ability to address “underlying defects,” despite the company’s pledge to spend more than $2 billion fixing them.
Previously, the board claimed any risks from the Chinese company could be “sufficiently mitigated.”
The report said that Huawei had not followed through on promises to rectify security problems going back as far as 2012.
'Serious and Systematic Defects'However, the report stopped short of saying the company had deliberately introduced backdoors in its equipment or was spying for the Chinese regime.
Instead, it said the company had been negligent in the way it operated, leaving security holes in its products, revealing "serious and systematic defects in Huawei's software engineering and cyber security competence."
The report pointed out “significant technical issues in Huawei's engineering processes," including concerns about a product that enables a connection between someone’s cell phone and the network.
Huawei had updated its software in order to improve its security, but "the general software engineering and cyber security quality of the product continues to demonstrate a significant number of major defects," the report noted.
Anthony Glees, professor of security at the University of Buckingham, said that the political risk of working with Huawei was too great.
“There's a technical software risk which is that the security of Huawei stuff is not as good as it should be,” Glees said.
“It might be because they're sloppy but it might be because you can't get a cigarette paper between Huawei, Chinese government, the People's Liberation Army, and the Chinese Communist Party.”
Oversight BoardThe Huawei Cyber Security Evaluation Center was founded in 2010 in response to British government concerns about possible security threats to national infrastructure by Huawei. British security officials from agencies including GCHQ sit on its oversight board and report annually on its work.
The center is funded and ran by Huawei, with one of its staff members, David Francis, serving as managing director. However, it is monitored by an oversight board, which reports on its activities once a year.
Huawei has said it is a private company not under the control of the Chinese regime and not subject to Chinese security laws overseas.
However, it is well documented that Chinese companies are tightly linked to the communist regime. Many are required by law to establish Communist Party branches that can take part in decision-making to ensure the company’s activities are in line with the Communist Party’s goals.
The report said, "The oversight board advises that it will be difficult to appropriately risk manage future products in the context of UK deployments, until the underlying defects in Huawei's software engineering and cyber security processes are remediated."