New concerns over Huawei hardware expected to be revealed in forthcoming UK government report
Huawei oversight board set to release new report critical of Huawei hardware security
The next report from the Huawei oversight board is expected to raise new concerns over the security of the Chinese company's communications equipment.
The report will follow on from one in August that claimed that Huawei was using third-party software in its communications products that will reach end-of-life - and, hence, cease to be supported - before the hardware is replaced.
Not only will the new report claim that Huawei has made insufficient progress with this issue, it will highlight new security and engineering concerns over the company's telecoms and network products.
That's according to the Financial Times, which claims that the matter will be discussed in December by the Oversight Board of the Huawei Cyber Security Evaluation Centre. The work of the Evaluation Centre is overseen by the Board, which is headed up by National Cyber Security Centre (NCSC) chief executive Ciaran Martin. The Board works closely with GCHQ.
However, an outright ban, as instituted recently by the Australia and New Zealand, is unlikely to be recommended just yet even though some countries, including Germany and Japan, are moving closer to barring Huawei entirely from 5G networks.
The Oversight Board, according to the FT, isn't hardening its stance based based on political pressure or information from US authorities, "but on the way the company manufactures software and equipment which makes critical telecoms networks vulnerable to cyber attack".
Nevertheless, the US has been pressuring allies to freeze-out Chinese suppliers, of which Huawei is the biggest, partly due to new laws in the increasingly authoritarian country. These provide the government with sweeping powers to compel individuals and companies to "co-operate with, and collaborate in, national intelligence work".
It is feared that such a sweeping law in such an authoritarian country could, for example, compel a company like Huawei or ZTE to use their privileged position in communications networks overseas to conduct eavesdropping and espionage on the direction of Chinese intelligence services.
It is not the only security concern. In October, China Telecom was accused of using its points-of-presence in networks outside of China to hijack traffic by taking advantage of weaknesses in the Border Gateway Protocol to route the traffic via China. Non-Chinese companies are not allowed reciprocal points-of-presence behind the so-called Great Firewall of China, part of the country's Golden Shield Project.
Scepticism over the security of Huawei hardware is not new. It was the surprise winner in a tender to supply equipment to BT's 21st Century Network initiative in the mid-2000s, edging out the UK's Marconi and leading to its demise in the process.
In 2010, the Huawei Cyber Security Evaluation Centre was set-up to test Huawei hardware against cyber security threats. In 2012, the-then Prime Minister David Cameron set-up the Oversight Board to bring in security specialists from GCHQ into the process of evaluating Huawei hardware, following a recommendation by the Intelligence and Security Committee.
The Board was Cameron's pragmatic response intended to head-off a likely trade war were Huawei to be excluded from UK communications networks.
And the recent recent bans on Huawei supplying hard to, for example, Australia and New Zealand 5G network are nothing new: Huawei was excluded from bidding to supply hardware to Australia's national fibre network, for example, ten years ago.
It has also long been suspected that Huawei is subsidised by China's government in order to undercut competitors in the networking and communications sectors, and put them out of business. It has also been accused of "misappropriating" technology from other companies in its own equipment.