Huawei network gear again fails to meet cybersecurity quality
Some of Huawei’s telecom equipment has again failed to meet the cybersecurity quality standards of a United Kingdom agency that examines potential risks of the company’s products in telecom networks.
There was “no overall improvement over the course of 2020 to
meet the product software engineering and cybersecurity quality” expected by
the U.K.’s National Cyber Security Centre (NCSC), according to the annual
report released Tuesday by the Huawei Cyber Security Evaluation Centre’s
Oversight Board.
Huawei network gear again fails to meet cybersecurity
quality, says UK board
The report doesn’t say whether backdoors have been found in
the software code, but previous reports have said the problems are in code
quality not malicious activity.
However, it also says the engineering and cybersecurity
quality issues are part of long-term, systemic defects in Huawei’s software
engineering and cybersecurity competence.
The proposed U.K. Telecommunications (Security) Bill, now
close to Parliamentary approval, should provide a framework for addressing the
strategic risks in Huawei and other manufacturers’ products differently, the
report says. Briefly, the bill would give the government new powers to boost
the security standards of the U.K.’s telecommunication networks, including
banning risky equipment suppliers and setting technical standards to be met.
The NCSC anticipates that the new security obligations in
the bill will result in improvements in the security of all vendor equipment,
the report adds.
Last year the U.K. banned telecom companies there from
installing Huawei equipment on their 5G wireless networks.
Meanwhile Canada still has made no decision on whether it
will allow carriers here to use Huawei equipment in their 5G wireless networks.
It is assumed Ottawa’s decision is complicated by the detention of two
Canadians in China while a Vancouver hearing on an extradition request from the
U.S. for Huawei chief financial officer Meng Wanzhou continues.
In the meantime, Canadian carriers have decided to buy
wireless network gear from other vendors.
The U.K. report admits there was “sustained progress” last
year on remediating problems found in previous reports. That includes
considerable progress on rectification of motherboards with an old and
out-of-mainstream-support component, and progress on binary equivalence, fixed
access issues, and vulnerability management.
One problem is Huawei uses an old version of a third-party
realtime operating system in some products, the report says. This component
went out-of-mainstream support last year, although some products using those
motherboards are still in U.K. telecom networks. They are steadily being
remediated, but about 25 per cent of the Huawei gear in U.K. telecom networks
still to be fixed.
All vulnerabilities in “particularly poor code” identified in
fixed network wireless products in 2019 have been fixed. During 2020, Huawei
effectively remediated all vulnerabilities discovered and reported by the
centre in line with expectations, the report adds.
The Huawei Cyber Security Evaluation Centre was set up 10
years ago in the U.K., allowing government scrutiny of fixed and wireless
networks products amid concerns about security. It is owned indirectly by
Huawei Technologies. The oversight board’s job is to ensure it is independent
from the company, and that the centre’s testing methodologies are sound. The
NCSC chooses the equipment to be tested.
The oversight board is chaired by the NCSC’s chief
executive. A senior Huawei executive is the deputy chair. Other members of the
board include representatives from the U.K. government and the
telecommunications sector.
According to the Globe and Mail, Canada has a similar centre
here. However, the government doesn’t issue reports on its work.
The news site Light Reading notes that the U.K. doesn’t test
network equipment from Ericsson or Nokia.
In its report for 2019, delivered last year, the oversight
board said it “has not yet seen anything to give it confidence in Huawei’s
capacity to successfully complete the elements of the [software development]
transformation program that it has proposed as a means of addressing these
underlying defects.”
The U.S. and the U.K. have worried for years that Huawei is
too close to the Chinese government to trust its equipment. In 2019 the U.S.
consul in Toronto warned Canada against allowing wireless network carriers here
to buy 5G equipment from Chinese manufacturers.
Comments
Post a Comment