Chinese-owned tech giant Huawei’s security practices in the UK have been criticized in an official report compiled by the Huawei Cyber Security Evaluation Centre (HCSEC).
The report found Huawei had a tech vulnerability “of national significance” in 2019 and found the company had failed to adequately tackle security flaws in the UK’s telecoms networks, despite previous complaints.
It also said GCHQ’s National Cyber Security Centre (NCSC) had seen no evidence Huawei had made a significant shift in its approach to the security matter.
HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation, the report reads.
The board that oversees the report also warned it only had ‘limited’ assurance that any risks to UK national security from Huawei’s involvement in the UK’s critical networks could be sufficiently mitigated in the long-term.
It added that while improvements had been made, it had no confidence they were sustainable.
“The increasing number and severity of vulnerabilities discovered, along with architectural and build issues, by the relatively small team in HCSEC is a particular concern.
If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of a UK network, in some cases causing it to cease operating correctly,” the report warned.
According to the BBC, the flaw of ‘national significance’ was related to broadband, but officials do not believe anyone exploited said flaw.
The US has argued using Huawei’s devices and equipment carries a risk of the Chinese state running espionage or sabotage. Huawei has denied this claim.
Following the report, Huawei said the company will continue to make a significant investment to improve its products.
The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities, it said.
The Australian government was quick to close its doors on Huawei after allegations the company posed security risks, with Huawei excluded from the 5G network.
Huawei has been barred from major projects in Australia such as the National Broadband Network (NBN) from as early as 2012.