NCSC techical director calls Huawei’s engineering processes very shoddy
News / NCSC techical director calls Huawei’s engineering processes “very, very shoddy”
8 April 2019
The National Cyber Security Centre’s technical director has voiced his concern over Huawei’s ability to eliminate security issues from its equipment deployed in the UK, stating that Huawei’s engineering, at present, is “very, very shoddy”.
Last year, the National Cyber Security Centre announced that its Huawei Cyber Security Evaluation Centre (HCSEC), which was set up to monitor equipment deployed by Huawei in the UK and to ensure transparency between Huawei, the government and operators, had flagged a range of security issues in the company’s hardware.
“The National Cyber Security Centre is committed to the security of UK networks, and we have a regular dialogue with Huawei about the criteria expected of their products. As was made clear in July’s HCSEC oversight board, the NCSC has concerns around a range of technical issues and has set out improvements the company must make,” said a government spokesperson.
Huawei promised to invest £1.54 billion to boost cyber security
In response, Ryan Ding, President of Huawei’s Carrier Business Group, said in a letter addressed to the Commons Science and Technology Committee that his company would invest up to £1.54 billion over the next five years to “comprehensively improve” its software engineering capabilities and to prepare for a complex security environment in the future.
“Cyber security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems. At our most recent board meeting, we officially signed off on a companywide transformation programme for our software engineering capabilities.
“The company will initially invest US$2 billion over the next five years to comprehensively improve our software engineering capabilities. This will help ensure that our products are better prepared for a more complex security environment both now and in the future.
“This programme is part of a broader effort to redesign our Integrated Product Development process. Technology and networking environments are evolving. Customer and societal expectations for technology are evolving too, as are regulatory requirements. In recognition of these changes, we too are evolving our processes,” he wrote.
NCSC not impressed with Huawei’s commitment
Despite Huawei’s reassurances, Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC), has said that Huawei has so far done very little to reassure the government that its promised transformation programme will bear fruit in the coming years.
“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy. We’ve seen nothing to give us any confidence that the transformation programme is going to do what they say it’s going to do,” he told BBC Panorama.
He added that if Huawei fails to deliver the best-in-class security in its products, then ministers could consider banning the use of Huawei-supplied communications equipment in government offices such as Westminster.
Recently, leading UK telecom services provider BT also announced its intention to remove all equipment provided by Huawei from its core 3G and 4G networks in the next two years in accordance with an internal agreement following its acquisition of EE. It also committed not to include Huawei in its search for vendors who would provide core infrastructure equipment for its 5G network.
The decision by BT could be a result of the banning of Huawei’s participation in 5G trials in the United States, Australia, and New Zealand as well as concerns raised about China’s National Security Law which enables state security agencies to compel domestic companies to hand over any information relevant to their intelligence gathering missions.