Huawei pledged to address concerns its equipment poses a significant risk to UK cybersecurity, which were raised by a committee established to assess whether the company places critical infrastructure in peril.
A representative of the China-based vendor told BBC News it would continue to improve processes covering its engineering and risk assessments in response to criticism by the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board.
The board was established in 2014 to monitor HCSEC, which was set up in 2010 to deliver security evaluations on Huawei products deployed in the UK telecoms market. HCSEC liaises with the UK government and security organisations including the National Cyber Security Centre.
In its fourth annual appraisal of HCSEC, the board warned it had identified “technical issues” in the vendor’s engineering processes, which led to “new risks in the UK telecommunications networks” along with “long-term challenges in mitigation and management”.
While acknowledging its concerns arose from the “proper functioning of the mitigation strategy and associated oversight mechanisms”, the board said the problems meant it could “provide only limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated.”
The board informed the UK’s National Security Adviser of the issues, who in turn will guide the government’s response.
While the oversight board concluded HCSEC continues to deliver “world-class cybersecurity expertise and technical assurance of sufficient scope and quality” it noted Huawei’s processes “continue to fall short of industry good practice” making it difficult to provide “long term assurance” over the safety of its kit.
The board cited a lack of progress by Huawei in ensuring the security of third-party components used in its equipment, stating this poses “a new strategic risk to the UK telecommunications networks” and “significant work will be required to remediate” the issue.
On the flip side, the board said its review had found HCSEC is functioning correctly, with robust “operational independence from Huawei headquarters”.
Huawei told Financial Times it welcomed the scrutiny and remained “committed to addressing” the issues raised.
The report comes a week after Huawei offered to provide a similar level of oversight to Australian officials, following reports politicians there were lining up a block on the vendor competing for 5G network deals.
Huawei has persistently batted down speculation it holds close ties with China’s government which make it a security risk. However, its denials held little sway in the lucrative US market, from which the company is effectively shut-out due to historic concerns.