A UK body dedicated to monitoring Huawei’s equipment found the vendor had made no overall improvement to meet product software engineering and cybersecurity quality expected in the country, adding to scrutiny facing the company.

In an annual report, the Huawei Cyber Security Evaluation Centre (HCSEC) wrote the vendor had ultimately failed to improve issues related to software and cybersecurity over the course of 2020.

HCSEC was formed ten years ago to assess perceived risks from using Huawei’s equipment in critical national infrastructure.

It explained “sustained progress” had been made on remediating issues identified in previous reports, but added it continued to uncover new problems which meant the company fell short of the standards expected.

Huawei’s role in the UK has gradually reduced, with the government slapping a ban on operators using new equipment from the vendor in 5G networks, as well as ordering a seven-year phase out of existing kit which began in 2020.

However, Huawei still has a role the country’s broadband networks and HCSEC’s annual report assesses legacy and new equipment installed.

Unacceptable
Among its concerns, the body noted Huawei uses a version of a third-party real-time operating system which went out of mainstream support during 2020 in its products.

“Using old and out-of-mainstream-support components within a product leaves those products more vulnerable to exploitation. In 2018 the Oversight Board and UK operators made it clear that long-term reliance on this operating system in the UK is unacceptable and an upgrade path must be created,” it stated.

It noted 75 per cent of affected equipment boards had been replaced, leaving 25 per cent still in use across UK networks.

HCSEC also cited issues with source code, fixed access and vulnerability management.

In response, Huawei noted in a statement that it had indeed made “sustained progress” in addressing past issues, while taking solace in the fact that it had done so in the context of the global pandemic, which was described by HCSEC as “remarkable”.

Rapidly evolving technologies present all innovators with security challenges and Huawei, as the only vendor to operate under a transparency centre (HCSEC), always strives to achieve the highest standards to keep our customers safe,” added a spokesperson.