Huawei telecoms kit is a risk to UK networks
- 저자:Ella Cai
- 에 출시:2018-07-20
Huawei telecoms equipment poses a risk to the UK telecoms network, concludes a report by the Huawei Cyber Security Evaluation Centre (HCSEC).
“Through 2017, HCSEC has continued to find issues in Huawei products, demonstrating their continued ability to discover weaknesses in the Huawei product set,” says the report.
“The NCSC (National Cyber Security Centre) has advised the Oversight Board that it is less confident that NCSC and HCSEC can provide long term technical assurance of sufficient scope and quality around Huawei in the UK,” continues the report.
“This is due to the repeated discovery of critical shortfalls in the Huawei engineering practices and processes that will cause long term increased risk in the UK,” concludes the report.
The HCSEC report was compiled by UK security experts. The HCSEC was set up eight years ago to evaluate the risk of using Huawei equipment in the UK network.
“We are grateful for this feedback and are committed to addressing these issues,” said Huawei, “cyber-security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”
The report flags up a “lack of the required end-to-end traceability from source code”.
A previous HCSEC report had expressed concern about the use of third-party components and this new report says these concerns have not been sufficiently addressed
“In particular, security critical third-party software used in a variety of products was not subject to sufficient control,” says the report.
Huawei is fighting bans on the use of its equipment in the US, and Australia is considering whether to exclude Huawei products from its 5G network.
“Through 2017, HCSEC has continued to find issues in Huawei products, demonstrating their continued ability to discover weaknesses in the Huawei product set,” says the report.
“The NCSC (National Cyber Security Centre) has advised the Oversight Board that it is less confident that NCSC and HCSEC can provide long term technical assurance of sufficient scope and quality around Huawei in the UK,” continues the report.
“This is due to the repeated discovery of critical shortfalls in the Huawei engineering practices and processes that will cause long term increased risk in the UK,” concludes the report.
The HCSEC report was compiled by UK security experts. The HCSEC was set up eight years ago to evaluate the risk of using Huawei equipment in the UK network.
“We are grateful for this feedback and are committed to addressing these issues,” said Huawei, “cyber-security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”
The report flags up a “lack of the required end-to-end traceability from source code”.
A previous HCSEC report had expressed concern about the use of third-party components and this new report says these concerns have not been sufficiently addressed
“In particular, security critical third-party software used in a variety of products was not subject to sufficient control,” says the report.
Huawei is fighting bans on the use of its equipment in the US, and Australia is considering whether to exclude Huawei products from its 5G network.