THE UK GOVERNMENT has sounded the alarm bells over the use of Huawei kit for 5G networks, warning of "significant, concerning issues" in the Chinese firm's approach to software development.
In a damning 46-page report, the Huawei Cyber Security Evaluation Centre Oversight Board (HCSEC), which is run by the National Cyber Security Centre (NCSC) and examines how the company conducts its UK, issued its harshest warning to the company yet.
While the board stopped short of slapping the firm with a 5G ban, as Australia has done, it slammed Huawei over "underlying defects" in its software engineering and cybersecurity processes, which it claims pose a "significantly increased risk to UK operators."
While it found no evidence of Chinese state-backed espionage or so-called "backdoors" in Huawei's equipment, the HCSEC says it uncovered "future significant technical issues" in Huawei's engineering processes and criticised the firm for a lack of "end-to-end integrity of the products", meaning that a "true root cause analysis" of any issues was not possible.
The board also claims the firm had made "no material process" regarding similar issues it reported last year.
"The NCSC therefore remains concerned that Huawei's software engineering and cybersecurity competence and associated processes are failing to improve sufficiently," the board moaned, adding that it will be "difficult to appropriately risk-manage future products in the context of UK deployments until Huawei's software engineering and cybersecurity processes are remediated".
In a statement given to INQ, Huawei said it takes the board's findings "very seriously."
"The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year, Huawei's Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of $2bn.
"A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent.
"To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation." µ
Where there's a bill, there's a Huawei
No one has been able to demonstrate a Ryzen or EPYC MDS exploit yet