Monday, 26 October 2020

GCHQ reports “serious and systematic defects” in Huawei software and security

by Harry Baldock, Total Telecom
Thursday 01 October 20

A report from the Huawei Cyber Security Evaluation Centre (HCSEC), a branch of GCHQ, warned of an alarming number of defects identified within Huawei equipment

 An oversight report today published by HCSEC has been critical of Huawei’s approach to network equipment technology, finding numerous flaws during its investigations, including one vulnerability deemed “nationally significant” last year.   The report makes it explicitly clear that the security bodies do not believe the “defects identified are as a result of Chinese state interference” or have been exploited…

 An oversight report today published by HCSEC has been critical of Huawei’s approach to network equipment technology, finding numerous flaws during its investigations, including one vulnerability deemed “nationally significant” last year.

 

The report makes it explicitly clear that the security bodies do not believe the “defects identified are as a result of Chinese state interference” or have been exploited, instead blaming the defects on “poor software engineering and cyber security processes”.

 

The identification of security vulnerabilities within network software and hardware is fairly commonplace for the industry and is certainly not limited to Huawei, but the report here is particularly critical of the Chinese vendors ongoing commitment to maintaining network security.

 

HCSEC said it “continues to reveal serious and systematic defects in Huawei's software engineering and cyber security competence,” adding that the security body had “no confidence that Huawei will effectively maintain components within its products."

 

Huawei has responded by noting that it had responded to and corrected these defects when notified, arguing that they were fully in support of the review process which would allow them to improve the security of their equipment.

 

A spokesperson for Huawei said they were committed to a “process that guarantees openness and transparency, and demonstrates HCSEC has been an effective way to mitigate cyber security risks in the UK," noting that “the report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities.”

 

However, it did note that it faced unprecedented scrutiny that was not equally applied to its competitors.

 

"We believe this mechanism can benefit the entire industry and Huawei calls for all vendors to be evaluated against an equally robust benchmark, to improve security standards for everyone," said the spokesperson.

 

Huawei continues to be hammered by US sanctions, with the latest US move requiring companies to apply for a licence in order to work with China’s largest semiconductor manufacture, SMIC, at the end of last month. It was these supply chain disruptions that ultimately forced the UK government’s hand earlier in the year; with Huawei forced to work with less-known entities to create equipment, the UK government felt unable to vouch for their network security, ultimately ordering Huawei equipment to be phased out of UK networks by 2027.

 

Meanwhile, similar discussions have been taking place elsewhere in Europe, with Italy and Germany both in the news this week related to their stance on Huawei. Reports yesterday suggested that Germany was about to introduce stricter security laws – a move which would not ban Huawei outright but would ultimately have the same outcome, according to sources. Meanwhile, Italy is currently being visited by US Secretary of State Mike Pompeo, with Italian Foreign Minister Luigi Di Maio saying that the security of the country’s 5G networks is an “absolute priority”.

 

It seems that Huawei’s path in Europe is quickly becoming a minefield.

 

Also in the news:
Today's headlines from The 5G Daily
BT and Toshiba partner for UK’s first quantum-secure industrial network
O2 matches 5G with satellite connectivity in new connected car project

Since you're here...

...the Telecoms industry is characterised by constant change and evolution. That's why it's crucial for telecoms professionals to keep up-to-date with what is happening. Join 35,000+ of your peers and sign up to our free newsletter service today, to be in the know about what is going on. PLUS, as a member you can submit your own press releases!

See all membership options

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry