A Huawei-backed cybersecurity agency accused Huawei of endangering the national security of the United Kingdom, delivering yet another blow to the firm's ambitions to overhaul its public image and push back against allegations of suspect product practices, not to mention more concerning insinuations pertaining to its ties with the Chinese communist government.
The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, in its capacity as the number-one authority on the Shenzen-based firm and its British wireless operations, published its fifth annual report on the company and its practices earlier today, concluding that while the current state of its products and services doesn't pose an immediate threat to the crown, the overall manner wherein Huawei approaches software development is highly concerning and reason for alarm.
Another year of warnings amounting to nothing
Even as no medium- or high-risk threats were identified in the Huawei-made equipment and solutions used by wireless carriers and government agencies in the UK, immediate "management and mitigation" are required in response to the tech giant's software development practices, HCSEC warned.
Moving on to even harsher wording, HCSEC blasted Huawei for not doing anything to address the issues raised by its fourth report from last year. The comparatively less concerning findings from 2018 were initially downplayed by Huawei and it took tremendous media pressure from both activists and the agency itself before the firm even acknowledged them in a serious manner near the turn of the year. That fact combined with the billions of pounds' worth of investments Huawei promised to the UK over a year ago doesn't sit well with HCSEC today, with the agency concluding how in spite of everything that was said and done, "no material progress" has been made in regards to making Huawei's tech used by British companies more secure.
For the second year in a row, HCSEC hence provided London with only limited assurances of adequate long-term cybersecurity protections being integrated into Huawei equipment in the UK. The company's wireless equipment continues to suffer from many "underlying defects" in both software engineering and cybersecurity-related processes, the report reads. Taken together, the two issues alone are a cause for concern when it comes to planning risk-mitigation of Huawei products, the oversight board concluded.
Discouraging potential meets a painful lack of alternatives
Even the vague technology transformation program Huawei proposed several months back as a way to address the British government's growing distrust of its solutions has been dismissed by HCSEC as frivolous, with the agency writing that it has so far seen exactly zero evidence of the firm having the ability to make its products less insecure. Had it wielded that power by now, it would have likely been making better wireless solutions already, the board cynically remarked.
Established in 2010, HCSEC is jointly financed by Her Majesty’s Government and Huawei itself, which was one of London's conditions for allowing the Chinese firm to operate critical infrastructure in the country, a choice that it appears to be growing increasingly regretful of.
British carriers are now faced with an extremely difficult choice between avoiding Huawei during their 5G rollouts and taking what's guaranteed to be a significant hit on their bottom lines in the near term or staying the course and risking even more in the long run.