A GOVERNMENT REPORT has warned that “critical” shortfalls by Huawei pose a potential security risk to the UK’s national infrastructure.
The report was put together by the Huawei Cyber Security Evaluation Centre (HCSEC), which was launched in November 2010 to help mitigate any potential risks in using Huawei technology in response concerns that BT and others’ use of the firm’s equipment could pose a threat.
The group, which reports to the National Cyber Security Centre (NCSC), has sounded the alarms over Huawei’s lack of the required end-to-end traceability from source code examined by HCSEC, and found issues in the company’s use of commercial and open source third-party components, with not all being managed through the agreed process.
“Due to areas of concern exposed through the proper functioning of the mitigation strategy and associated oversight mechanisms, the oversight board can provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated,” the report said.
“Until this work is completed, the oversight board can offer only limited assurance due to the lack of the required end-to-end traceability from source code examined by HCSEC through to executables use by the UK operators.”
In its report, which comes as the US steps up efforts to ban Huawei’s equipment from its country’s networks, the HCSEC also raised “medium-term concerns” for incoming technologies, including software-defined networking, network virtualisation, edge computing and 5G.
Still, despite these issues, the oversight board found Huawei to be performing its overall mitigation strategy “at scale and with high quality”, with no high or medium-priority findings.
In a statement to the BBC, Huawei acknowledged there were “some areas for improvement”.
“We are grateful for this feedback and are committed to addressing these issues,” a spokesperson said. “Cyber-security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”
A spokesperson for the NCSC added: “The NCSC is fully committed to the oversight arrangements set in place through the HCSEC Oversight Board.
“For the last four years, the Oversight Board has provided a valuable role relating to risks arising from Huawei’s involvement in the UK’s critical networks.”
The report arrives just months after the NCSC warned UK telcos not to use equipment from fellow Chinese firm ZTE, citing “national security concerns”. µ
Source : Inquirer