The oversight board responsible for mitigating the risk associated with Huawei products has released a new report which questions whether using equipment from the vendor is the best idea.
The Huawei Cyber Security Evaluation Centre (HCSEC) has released its annual audit which effectively gives a temperature reading on the appropriateness of Huawei kit for UK infrastructure. In the past it has brought up issues with the equipment, though Huawei has always been pretty sharp and compliant when addressing any concerns.
However, the HCSEC is now stating Huawei has not addressing underlying issues which were raised during the last report, and therefore Huawei’s role in the future communications infrastructure of the UK should be questioned. It has stopped short of calling for a ban on the equipment, but unless Huawei addresses the concerns very quickly, the recommendations will become a lot sterner.
“At present, the Oversight Board has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects,” the report states.
“The Board will require sustained evidence of better software engineering and cyber security quality verified by HCSEC and NCSC.”
Last years reports brought forward several software issues, though it was brought firmly to Huawei’s attention. This years’ report demonstrates frustration from the HCSEC in that the previously highlighted issues have not been addressed, suggesting Huawei might not be able to fix larger scale issues which might arise in the future. This is the first time HCSEC has questioned whether Huawei is fit for purpose.
For Huawei, this is a wake-up call. Europe has been quite understanding and tolerant of Huawei over the last couple of months, especially considering the lobby effort from the US, though it won’t take too much to sway the balance of opinion.
This report also comes at a critical time where Huawei will need to be on its best behaviour. With the European Commission outlining new security mechanisms to mitigate risk in the 5G era, each member state will have to perform at extensive security audit. If the UK is raising the red-flag of Huawei software, and 27 other countries forensically examining all potential security threats, any minor cracks will certainly be found.
Over the next couple of months, all the European Union member states will be submitting reports identifying any risks associated with communications infrastructure. These reports could lead to the ban of products, services and suppliers. This report from the HCSEC is not the best start for Huawei.