Huawei security criticised in a new study

Chinese electronics manufacturer, Huawei, has once again had doubt cast over its privacy credentials following a report looking at the security of the company’s products in the UK.

The study made by the Huawei oversight board, which is chaired by GCHQ’s National Cyber Security Centre (NCSC) said:

“The oversight board currently has not seen anything to give it confidence in Huawei’s ability to bring about change via its transformation programme and will require sustained evidence of better software engineering and cyber security quality.”

Only “limited assurance” could be granted that “the long-term security risks can be managed in the Huawei equipment currently deployed in the UK,” the report added.

The words stem from building suspicion that the tech giant is not adequately addressing long-term security issues.

Huawei manufactures telecoms for UK-based communications companies, and this release arrives as officials prepare to decide whether Huawei networks can be trusted to help develop 5G technology in Britain.

Such a partnership has been openly frowned upon by the US, as Washington fears the Chinese firm poses significant risks to national security. There are no suggestions in the NSCS report that Huawei is an arm of the Communist regime in China.

Concerns are raised about software development practices, and potential vulnerabilities in the firm’s infrastructures which could prove dangerous. “Significant technical issues in Huawei’s engineering processes” are flagged up.

While some specialists claim risks can be managed, the report states that the current arrangement “can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term”.

Huawei technology is recognised as cost-efficient, but fears exist that a thorough approach to security has been sacrificed in the firm that has witnessed remarkable growth over the last ten years.

Since 2014, the Huawei oversight board has worked with Huawei to supervise and test the firm’s equipment in British networks. Mobile provider, EE uses some of this equipment, while Vodafone put a hold on implementing Huawei tools for its European 5G networks in January.

The board’s report has become a focal point of a now global discussion about the Chinese company’s part in developing telecom networks in Western countries.

Huawei has pledged to invest money into the problems raised over the next three to five years, but officials in the UK have not yet seen details about how these plans will materialise, and this has been a source of continued concern to the oversight board.

“It will be difficult to appropriately risk manage future products in the context of UK deployments, until Huawei’s software engineering and cyber-security processes are remediated,” the board said.

“The oversight board currently had not seen anything to give it confidence in Huawei’s ability to bring about change via its transformation programme,” it added.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/