Huawei network gear again fails to meet cybersecurity quality, says UK board

Some of Huawei's telecommunications equipment has again failed to meet cybersecurity quality standards from a United Kingdom agency that investigates potential risks to the company's products in telecommunications networks.

There was "no overall improvement during 2020 to meet product software engineering and cybersecurity quality" as expected by the UK's National Cyber Security Center (NCSC), according to the annual report released Tuesday by the Huawei Cyber Security Evaluation Center's Oversight. ) group.

The report did not specify whether backdoors were found in the software code, but previous reports said the problems lie in the quality of the code, not in the malicious activity.

However, it also says that engineering and cybersecurity quality issues are part of long-term, systemic flaws in Huawei's software engineering and cybersecurity capability.

The report said the proposed UK Telecommunications (Security) Bill, which is now nearing parliamentary approval, should provide a framework to address strategic risks in Huawei and other manufacturers' products differently. In essence, the bill would give the government new powers to boost the security standards of UK telecommunications networks, including banning risky equipment suppliers and meeting technical standards.

The report said the NCSC anticipates that the new security obligations in the bill will result in improved security for all vendor equipment.

Last year the UK banned telecom companies from installing Huawei equipment on its 5G wireless network.

Meanwhile, Canada still hasn't decided on whether it will allow carriers here to use Huawei equipment in their 5G wireless networks. Ottawa's decision is believed to be complicated by the detention of two Canadians in China, while the U.S. In to Huawei's Chief Financial Officer Meng Wanzhou. Hearing on extradition request from Vancouver

In the meantime, Canadian carriers have decided to purchase wireless network gear from other vendors.

The UK report acknowledges that there was "sustained progress" last year on addressing the problems found in previous reports. This includes improvements to motherboards with outdated and out-of-mainstream-support components, and progress on binary equivalence, fixed access issues, and vulnerability management.

The report states that one problem is that Huawei uses an older version of the third-party realtime operating system in some products. This component fell out of mainstream support last year, although some products using those motherboards are still in UK telecommunications networks. He is being treated continuously, but about 25 percent of the Huawei gear in the UK's telecommunications network still needs to be fixed.

All vulnerabilities in "particularly bad code" identified in fixed network wireless products in 2019 have been fixed. During 2020, Huawei effectively addressed all vulnerabilities discovered and reported by the Center, the report said.

The Huawei Cyber Security Assessment Center was established 10 years ago to allow government investigations of fixed and wireless network products in the UK amid concerns about security. It is indirectly owned by Huawei Technologies. The job of the inspection board is to ensure that it is independent of the company, and that the center's testing methods are in good standing. NCSC chooses the equipment for the test.

The Board of Inspection is headed by the Chief Executive Officer of NCSC. Huawei has a senior executive deputy chair. Other board members include representatives from the UK government and the telecommunications sector.

According to the Globe and Mail, Canada has a similar center here. However, the government does not issue reports on its work.

News site Light Reading notes that the UK does not test network equipment from Ericsson or Nokia.

In its report for 2019, delivered last year, the Board of Inspection said it has "so far seen nothing to give confidence in Huawei's ability [software development] to successfully carry out elements of the transformation program that it addressed." " It has been proposed as a means to overcome these inherent defects."

There have been concerns for years in the US and UK that Huawei is too close to the Chinese government to trust its equipment. In 2019 the US consulate in Toronto warned Canada against allowing wireless network carriers here to purchase 5G equipment from Chinese manufacturers.