Business Insider Edition

The UK's top cyber officials have warned that Huawei has poor cybersecurity and that its processes are opaque, even as it's greenlit for 5G

Shona Ghosh , Business Insider US
 Jan 30, 2020, 07:47 AM
Boris Johnson uses a mobile phone as he walks through buildings inside the Houses of Parliament
JUSTIN TALLIS/AFP via Getty Images
  • UK prime minister Boris Johnson has defied US president Trump to permit Huawei to provide equipment for the country's 5G networks.
  • Even as the UK allows Huawei into "non-core" parts of the 5G network, its cybersecurity service warned that Huawei is a high-risk vendor who could be at the behest of the Chinese government.
  • The UK's National Cyber Security Centre wrote: "Our experience has shown that Huawei's cybersecurity and engineering quality is low and its processes opaque."
  • Huawei is banned from supplying equipment for sensitive parts of the network, and its presence in the "non-core" part is capped at 35%.
  • For more stories, visit Business Insider South Africa.

The UK's top cybersecurity organisation has slammed Huawei's cybersecurity as "low" even as Prime Minister Boris Johnson greenlights the Chinese firm's presence in the UK's 5G networks.

The National Cyber Security Centre (NCSC) is the cybersecurity arm of the UK's GCHQ intelligence agency.

In advice published on Tuesday, the NCSC described Huawei as a "high-risk vendor" and said: "Our experience has shown that Huawei's cybersecurity and engineering quality is low and its processes opaque."

The NCSC added that Huawei could be forced by Chinese law to hand over information on the UK in a way that harms British interests. Huawei has always denied spying on behalf of the Chinese government.

The NCSC's comments come as Boris Johnson defies US lobbying to ban Huawei from the UK's 5G networks. On Tuesday, the UK government announced that Huawei would be permitted to supply equipment for "non-core" parts of the 5G network, but would be banned from more sensitive areas.

Its presence in the non-core part will be capped at 35% - potentially meaning telecoms operators such as Vodafone will need to roll back Huawei's presence in their networks.

The NCSC has been highly critical of Huawei's security practices, saying in 2019 that its equipment had "major defects."

Huawei has a long and complex history with the UK's mobile networks, and has already supplied equipment to the country's mobile operators.

It is a cheap, popular telecoms equipment supplier, and dominates the market globally.

But its suspected close ties to the Chinese government, and worries about its engineering led the UK to set up the Huawei Cyber Security Evaluation Centre in 2010 to analyze its equipment for security flaws. That centre is overseen by British spies and reports into an oversight board, but is run by Huawei employees.

The centre has never publicly reported finding backdoors in Huawei's equipment, although it has criticised the firm for sloppy engineering. It has also said the security risks associated with having Huawei equipment in the UK's mobile networks were manageable.

Still, Huawei's presence in the UK's mobile networks has caused growing concern. BT began removing Huawei equipment from the "core" part of its mobile networks in 2019.

Dr Ian Levy, technical director of the NCSC, wrote in a blogpost on Tuesday: "We've never 'trusted' Huawei and the artefacts you can see (like the Huawei Cyber Security Evaluation Centre (HCSEC) and the oversight board reports) exist because we treat them differently to other vendors."

Levy added that the NCSC asks mobile operators to use Huawei in a "limited way", allowing the UK to manage the security risks. Other providers include Finland's Nokia, Sweden's Ericsson, South Korea's Samsung, and China's ZTE.

Levy said: "Nothing we do can entirely remove risk in any telecoms network with any vendor and so our intent is to get the risk down to an acceptable level in all the different networks using all the different vendors.

"Basically, with a set of controls and other measures, can we reduce the risk of using an HRV to broadly the same as a 'lower-risk' vendor? The restrictions and controls we detail in the high risk vendors framework give us a way of minimising the risk of using a high risk vendor like Huawei."

Huawei said on Tuesday it was pleased with the government's "evidence-based" decision to allow the firm to participate in the 5G rollout.

Vice-president Victor Zhang said: "We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology."

Receive a daily update on your cellphone with all our latest news: click here.

Also from Business Insider South Africa:

  • Indicators
  • JSE Indexes
16.63
0,6%
21.41
0,88%
19.51
0,46%
$1,905.39
0,94%
54446.78
0,34%
DAILY BUSINESS INSIDER UPDATE

Get the best of our site delivered to your inbox every day.

Sign Up