Huawei says no inspection has ever found any backdoor vulnerabilities in its equipment.
Technical and supply-chain issues with equipment made by Chinese firm Huawei have exposed Britain’s telecom networks to new security risks, a government report said on July 19.
The assessment, made in a report signed off by Britain’s spy agency, will intensify the espionage debate around Huawei Technologies, which has come under increasing fire in the United States and Australia over concerns it could facilitate Chinese government spying.
The report was released after sources told Reuters that senior British security officials say they can now give only limited assurances that Huawei’s UK operations pose no threat to national security, downgrading their previous position.
“Identification of shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management,” officials said in the report.
Huawei, the world’s biggest producer of telecoms equipment, said that it welcomed the thrust of the report by the Huawei Cyber Security Evaluation Centre oversight board, which it said showed supervision by British authorities was working well.
“The report concludes that HCSEC’s operational independence is both robust and effective. The Oversight Board has identified some areas for improvement in our engineering processes,” a Huawei spokesman said.
“We are grateful for this feedback and are committed to addressing these issues. Cyber security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”
Huawei says no inspection has ever found any backdoor vulnerabilities in its equipment. It says it is a private company not under Chinese government control and not subject to Chinese security laws overseas.
Huawei is a major supplier of broadband gear and mobile networks in Britain, meaning its products are used in critical national infrastructure which could be targeted by foreign adversaries.
London says it effectively addresses security issues by having all Huawei products reviewed by staff at a special company laboratory overseen by British government and intelligence officials.
The laboratory, known as HCSEC, was set up by Huawei in 2010 in response to British government concerns about possible security threats to national infrastructure. British security officials, including from GCHQ, sit on its oversight board and report annually on its work.
But for the first time, Thursday’s report by the oversight board reduced the level of security assurance it said was provided by HCSEC.
Officials said HCSEC provided “unique, world-class cyber security expertise and technical assurance,” but also that they had identified technical issues which limited security researchers’ ability to check internal product code.
There were also concerns about the security of components from outside suppliers which are used in Huawei products, the report said.
A spokesman for Britain’s National Cyber Security Centre, which is part of Government Communications Headquarters (GCHQ), said a program to resolve the code issue was underway and should be completed by mid-2020.
HCSEC is discussing questions about the use of third-party software with Huawei, he added, with the aim of finding a “strategic fix” for the problem.”
“This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks,” he said.