The UK's top cyber officials have warned that Huawei has poor cybersecurity and that its processes are opaque, even as it's greenlit for 5G

sghosh@businessinsider.com (Shona Ghosh)
Boris Johnson phone

JUSTIN TALLIS/AFP via Getty Images

  • UK prime minister Boris Johnson has defied President Trump to permit Huawei to provide equipment for the country's 5G networks.
  • Even as the UK allows Huawei into "non-core" parts of the 5G network, its cybersecurity service warned that Huawei is a high-risk vendor who could be at the behest of the Chinese government.
  • The UK's National Cyber Security Centre wrote: "Our experience has shown that Huawei's cybersecurity and engineering quality is low and its processes opaque."
  • Huawei is banned from supplying equipment for sensitive parts of the network, and its presence in the "non-core" part is capped at 35%.
  • Visit Business Insider's homepage for more stories.

The UK's top cybersecurity organization has slammed Huawei's cybersecurity as "low" even as Prime Minister Boris Johnson greenlights the Chinese firm's presence in the UK's 5G networks.

The National Cyber Security Centre (NCSC) is the cybersecurity arm of the UK's GCHQ intelligence agency.

In advice published on Tuesday, the NCSC described Huawei as a "high-risk vendor" and said: "Our experience has shown that Huawei's cybersecurity and engineering quality is low and its processes opaque."

The NCSC added that Huawei could be forced by Chinese law to hand over information on the UK in a way that harms British interests. Huawei has always denied spying on behalf of the Chinese government.

The NCSC's comments come as Boris Johnson defies US lobbying to ban Huawei from the UK's 5G networks. On Tuesday, the UK government announced that Huawei would be permitted to supply equipment for "non-core" parts of the 5G network, but would be banned from more sensitive areas.

Its presence in the non-core part will be capped at 35% — potentially meaning telecoms operators such as Vodafone will need to roll back Huawei's presence in their networks.

The NCSC has been highly critical of Huawei's security practices, saying in 2019 that its equipment had "major defects."

Ren Zhengfei Huawei CEO

AP Photo/Ng Han Guan

Huawei has a long and complex history with the UK's mobile networks, and has already supplied equipment to the country's mobile operators.

It is a cheap, popular telecoms equipment supplier, and dominates the market globally.

But its suspected close ties to the Chinese government, and worries about its engineering led the UK to set up the Huawei Cyber Security Evaluation Centre in 2010 to analyze its equipment for security flaws. That centre is overseen by British spies and reports into an oversight board, but is run by Huawei employees.

The centre has never publicly reported finding backdoors in Huawei's equipment, although it has criticized the firm for sloppy engineering. It has also said the security risks associated with having Huawei equipment in the UK's mobile networks were manageable.

Still, Huawei's presence in the UK's mobile networks has caused growing concern. BT began removing Huawei equipment from the "core" part of its mobile networks in 2019.

Dr Ian Levy, technical director of the NCSC, wrote in a blogpost on Tuesday: "We've never 'trusted' Huawei and the artefacts you can see (like the Huawei Cyber Security Evaluation Centre (HCSEC) and the oversight board reports) exist because we treat them differently to other vendors."

Levy added that the NCSC asks mobile operators to use Huawei in a "limited way", allowing the UK to manage the security risks. Other providers include Finland's Nokia, Sweden's Ericsson, South Korea's Samsung, and China's ZTE.

Levy said: "Nothing we do can entirely remove risk in any telecoms network with any vendor and so our intent is to get the risk down to an acceptable level in all the different networks using all the different vendors.

"Basically, with a set of controls and other measures, can we reduce the risk of using an HRV to broadly the same as a 'lower-risk' vendor? The restrictions and controls we detail in the high risk vendors framework give us a way of minimising the risk of using a high risk vendor like Huawei."

Huawei said on Tuesday it was pleased with the government's "evidence-based" decision to allow the firm to participate in the 5G rollout.

Vice-president Victor Zhang said: "We agree a diverse vendor market and fair competition are essential for network reliability and innovation, as well as ensuring consumers have access to the best possible technology."

Read the original article on Business Insider