Huawei ‘failed to improve UK security standards’

Huawei has failed to adequately tackle security flaws in equipment used in the UK’s telecoms networks despite previous complaints, an official report says.

It also flagged that a vulnerability “of national significance” had occurred in 2019 but been fixed before it could be exploited.

The assessment was given by an oversight board, chaired by a member of the cyber-spy agency GCHQ.

It could influence other nations weighing up use of Huawei’s kit.

The report said that GCHQ’s National Cyber Security Centre (NCSC) had seen no evidence that Huawei had made a significant shift in its approach to the matter.

And it added that while some improvements had been made, it had no confidence they were sustainable.

As a result, it concluded, the board could only provide “limited assurance that all risks to UK national security” could be mitigated in the long-term.

In July, the government announced that due to US sanctions Huawei would eventually be excluded from the new 5G telecoms network by 2027, but the Chinese company can continue to play a role in older mobile phone networks and fixed broadband.

The US has argued that using Huawei’s equipment creates a risk of the Chinese state carrying out espionage or sabotage, something the company has always denied.

Despite the criticisms, British security officials say they can manage the current risks posed by using Huawei’s existing kit, and they do not believe the defects they have found are a result of Chinese state interference.

Huawei has responded saying the report highlights its commitment to openness and transparency.

“The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities,” a spokesman said.

Although the company now has limited prospects in the UK, it is still hoping to sell its 5G kits to other parts of Europe.