UK: Huawei equipment has major security flaws

From United Kingdom: The Huawei Cyber Security Evaluation Centre, which monitors the company’s activities in the UK, said it has identified another round of “significant technical issues” with Huawei’s engineering.

In its annual report, the watchdog said that the company has failed to address security issues raised last year, leading it to provide “only limited assurance” that risks from Huawei equipment already deployed in Britain can be managed.

The report states that it would be “difficult” to manage risks from future Huawei product deployments unless the company’s software engineering and cybersecurity processes are fixed.

The report, which includes input from UK intelligence agencies, could make it more difficult for Huawei to convince the UK government and mobile operators that its products should be used in new superfast 5G networks.

“We understand these concerns and take them very seriously,” a Huawei spokesperson said.

The UK watchdog said its report that the security issues raised are about “basic engineering competence” and “cybersecurity hygiene,” and could be exploited by any number of actors.

It said it does not believe the defects identified “are a result of Chinese state interference.”

It also said that Huawei must do more to resolve the issues. The watchdog said it “has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete” its transformation program.

Even more problematic for the Huawei is concerns raised by the UK watchdog over its commitment to security.

The panel cites security commitments first made by Huawei in 2012 — and later repeated — that it said the company has not followed through on.

“Strongly worded commitments from Huawei in the past have not brought about any discernible improvements,” the watchdog said.