China syndromeBritish oversight body: Security flaws in Huawei 5G networks

A British oversight board has slammed the Chinese telecom giant Huawei for software security flaws. The report, however, stopped short of blaming Chinese intelligence agencies for the engineering defects.

A British board vetting the security of Chinese telecom company Huawei’s software found “significant technical issues” that could pose a risk to UK telecom operators.

The oversight board’s report on Thursday comes against the backdrop of increasing U.S. pressures on allies not to use the equipment from Huawei, the world’s largest telecom supplier, in their rollout of 5G mobile networks. The United States is concerned that Huawei is a front for the Chinese intelligence services, and that rolling out Huawei’s 5G system in Europe would open the door for Chinese spying or sabotage.

China and Huawei dismiss theses security concerns.

The report, published by the Huawei Cyber Security Evaluation Center oversight board, which includes the Britain’s GCHQ (the U.K. equivalent of the U.S. NSA), communications intelligence agency, identified several new technical issues that were greater than previously recognized.

ArsTechnica reports that the report found:

·  Huawei has made “no material progress” on addressing security and engineering flaws identified in last year’s report.

·  Major security and engineering defects create vulnerabilities for UK telecom systems that are “capable of being exploited by a range of  actors.”

·  Britain’s National Cyber Security Centre does not believe that the defects identified are a result of Chinese state interference.

·  Only “limited assurance” could be provided that security and technical risks posed by Huawei products to critical networks could be mitigated in the long-term.

In response, Huawei said it took the issues brought up in the report “very seriously” and the findings would allow the company to improve software security and capabilities.

Huawei last year committed to spend $2 billion to address problems previously identified by the board, but has also cautioned that could take up to five years to implement all the changes.

Huawei has been under intense scrutiny as European countries prepare to roll out next-generation mobile networks over the next several years.

The United States urged its European allies to ban the company from building their 5G networks. The United States has also threatened to restrict intelligence cooperation with those countries which would use Chinese-made systems.

Australia and Japan have already announced they would not use systems from the Chinese company.

Britain has left the door open to Huawei, and previously insisted it can manage the risks posed by the Chinese state.

DW notes that Thursday’s report comes as earlier this week the European Commission released security recommendations which stopped short of urging EU member states to ban or restrict Huawei from building 5G networks. The EU is expected to make a final decision on 5G network security by the end of the year.

The oversight report from the Huawei Cyber Security Evaluation Center is separate from a government review of security to the 5G network, which is expected later in the spring. Government ministers will make a final decision on 5G telecom equipment supply chain security.