Huawei has made “no overall improvement” in its software engineering and cyber security quality three years after it promised to fix systemic problems, according to the UK body that monitors its equipment.
The annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) said that despite “sustained progress” by the Chinese company in resolving historic issues, new problems had been uncovered that indicated that the telecoms equipment maker was still not performing to the industry standard.
Huawei’s role in the UK telecoms market has diminished over the past year after the British government opted to ban the use of new 5G equipment from the Chinese company from the end of 2020. It also set a seven-year phaseout plan for kit that had already been installed.
Huawei nonetheless remains a significant player in the broadband market and the HCSEC report is a critical tool to evaluating and monitoring both legacy and new equipment provided by the company.
The monitoring body is run by the National Cyber Security Centre, which is part of the signals intelligence agency GCHQ and has members of Huawei on its board. The report has in the past identified issues with the coding used in Huawei equipment, the use of old software and the equivalence between kit it has tested and that used for networks. Last year the report revealed a vulnerability of “national significance” to Britain’s telecoms networks.
Huawei has fought a running battle against the impact of the reports, which have been used by its critics as reasons to ban it. In 2018 Huawei pledged to spend $2bn to address concerns of the monitoring body.
The new report, which covers 2020, highlighted that good progress had been made in replacing vulnerable components but noted that concerns remained. “The work of HCSEC continues to uncover issues that indicate there has been no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC,” it concluded.
Huawei said: “Rapidly evolving technologies present all innovators with security challenges and Huawei, as the only vendor to operate under a transparency centre (HCSEC), always strives to achieve the highest standards to keep our customers safe.”
The government is set to introduce legislation aimed at improving the resilience and security of telecoms networks using all vendors.
The new Huawei report comes on the heels of Ericsson’s warning that it had lost market share in China after the Swedish government banned Huawei.
The Swedish company, a key rival of Huawei, said this week that its share of a lucrative 5G contract with China Mobile had been cut to 2 per cent from 11 per cent. Huawei and ZTE, another Chinese vendor banned in the US and the UK, won the lion’s share of the contracts, although Nokia, the Finnish company, was also awarded a piece.