|
Britain rebukes Huawei over security
failings, discloses more flaws
Send a link to a friend
 [March 28, 2019]
By Jack Stubbs and Cassell Bryan-Low
LONDON (Reuters) - Britain publicly
chastised China's Huawei Technologies for failing to fix long-standing
security flaws in its mobile network equipment and revealed new
"significant technical issues," increasing pressure on the company as it
battles Western allegations that Beijing could use its gear for spying.
In a report published on Thursday, the government-led board that
oversees vetting of Huawei gear in Britain said continued problems with
the company's software development had brought "significantly increased
risk to UK operators."
The board – which includes officials from Britain's GCHQ communications
intelligence agency – said in the report that the company had made "no
material progress" addressing security flaws and it didn't have
confidence in Huawei's capacity to deliver on proposed measures to
address "underlying defects."
The unusually direct criticism is a fresh blow to the world's largest
maker of mobile network equipment, which has been under intense scrutiny
in recent months.
Officials in the United States and elsewhere have been increasingly
public in voicing concerns that Huawei's equipment could be used by
Beijing for spying or sabotage, particularly as operators move to the
next generation of mobile networks, known as 5G.
Shenzhen-based Huawei said in a statement it took the oversight board's
concerns "very seriously" and that the issues identified in the report
"provide vital input for the ongoing transformation of our software
engineering capabilities".
Huawei pledged last year to spend more than $2 billion as part of
efforts to address problems previously identified by Britain, but has
also warned it could take up to five years to see results.
British security officials previously said they believed any risks posed
by Huawei could be managed.
In the report, the government-led board said: "These findings are about
basic engineering competence and cyber security hygiene that give rise
to vulnerabilities that are capable of being exploited by a range of
actors."
"NCSC (National Cyber Security Centre) does not believe that the defects
identified are a result of state interference," it added.
The work of the oversight board and its findings will help inform future
government policy on network security, officials say, but the final
decision lies with ministers.
British officials now need to see evidence of significant change, the
report said, adding that Huawei had failed to follow through on security
commitments made as far back as 2012.
[to top of second column]
|
The Huawei logo is pictured outside its Huawei's factory campus in
Dongguan, Guangdong province, China March 25, 2019. Picture taken
March 25, 2019. REUTERS/Tyrone Siu
"The evidence of sustained change is especially important as similar
strongly worded commitments from Huawei in the past have not brought
about any discernible improvements," it said.
"MAJOR DEFECTS"
The 40-plus-page report identified several new technical issues with
Huawei equipment and revealed that the problems were at a greater
scale than previously publicly acknowledged.
These include concerns related to a product called eNodeB, which
provides a connection between the network and a user's mobile phone.
According to the report, the oversight board looked at updated
versions of software that were intended to incorporate security
improvements but found "the general software engineering and cyber
security quality of the product continues to demonstrate a
significant number of major defects."
The report also said the lab had reported to UK operators "several
hundred vulnerabilities and issues" during 2018.
The board added that overall, the problems reveal "serious and
systematic defects in Huawei's software engineering and cyber
security competence".
And, as a result, the board could still only provide limited
assurances that the security risks posed by Huawei equipment could
be managed long term.
It added: "The oversight board advises that it will be difficult to
appropriately risk manage future products in the context of UK
deployments, until the underlying defects in Huawei's software
engineering and cyber security processes are remediated."
The board first downgraded its level of assurance in its last
report, published in July 2018. In addition to top British
government officials, the board includes senior representatives from
British telecom operators and Huawei executives.
(Editing by Edmund Blair)
[© 2019 Thomson Reuters. All rights
reserved.]
Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
