Huawei has failed to adequately tackle security flaws in equipment used in the UK's telecoms networks despite previous complaints, an official report says.
The assessment was given by an oversight board, chaired by a member of the cyber-spy agency GCHQ.
It said the agency had seen no evidence that Huawei had made a significant shift in its approach to the matter. And it added that while some improvements had been made, it had no confidence they were sustainable.
As a result, it concluded, the board could only provide "limited assurance that all risks to UK national security" could be mitigated in the long-term.
In July, the government announced that due to US sanctions Huawei would eventually be excluded from the new 5G telecoms network by 2027, but the Chinese company can continue to play a role in older mobile phone networks and fixed broadband.
The US has argued that using Huawei's equipment creates a risk of the Chinese state carrying out espionage or sabotage, something the company has always denied.
Despite the criticisms, British security officials say they can manage the current risks posed by using Huawei's existing kit, and they do not believe the defects they have found are a result of Chinese state interference.
Huawei has responded saying the report highlights its commitment to openness and transparency.
"The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities," a spokesman said.
Although the company now has limited prospects in the UK, it is still hoping to sell its 5G kits to other parts of Europe. Earlier this week, the chief of its Italian business suggested that other countries could carry out detailed inspections of their own to help overcome security concerns.
"We will open our insides, we are available to be vivisected to respond to all of this political pressure," said Luigi De Vecchis. However, the Financial Times has reported that Germany is set to be next to ban local networks from using the firm's 5G products.
Delayed findings Nokia clinches 5G deal with BT to phase out Huawei
Huawei equipment has been used in the UK for a decade and a half.Since 2010, a special Huawei Cyber Security Evaluation Centre (HCSEC), based in Banbury, has been tasked with checking its telecoms infrastructure products.
An oversight board then examines the work of HCSEC and reports to the UK's National Security Advisor annually, although the latest report covering 2019 was delayed because of the coronavirus pandemic.
Last year, the report raised serious concerns about standard of Huawei's equipment and software, and there is no major change in the latest assessment.
In 2018, Huawei committed to a $2bn (£1.5bn) five-year plan to improve its software engineering processes in response to previous criticism.
But the new report complains that Huawei has yet to convince that it can complete the effort on time, and adds that "unless a detailed and satisfactory plan has been provided, it is not possible to offer any degree of confidence that the identified problems can be addressed by Huawei".
In particular it highlighted "poor coding practices" and said there was a "range of evidence" employees were not following Huawei's own guidelines. Huawei argues it is still in the early stages of the plan and real improvements will only be reflected in future reports.
Broadband flaw
The report adds the amount of vulnerabilities reported in 2019 were "significantly beyond" the number found in 2018, but says this is partly due to the increasing effectiveness of the checks rather than an overall decline in standards.
But it highlights one vulnerability of "national significance" in 2019, which required extraordinary measures to fix. The BBC has learned this was related to broadband - but officials do not believe anyone exploited the flaw.
The report covers 2019, and so does not address the period when the US imposed new sanctions affecting Huawei. Those sanctions technically affect HCSEC itself, since it is part of Huawei, and will require changes in its organisational structure.
Huawei is also currently building an alternative supply chain for crucial technology affected by the sanctions.
The report comes a day after the ex-chief of GCHQ's National Cyber Security Centre explained why the UK had to be alert to the risks of using Huawei's kit in unusually plain language.
"We have to plan on the basis that at some point, Huawei could be made subservient operationally to the Chinese state," Ciaran Martin told a committee of MPs.
"You always have to have in mind a scenario where every bit of involvement of Huawei was turned against the UK."
And you don't make that assumption for Nokia, you don't make that assumption for Ericsson."
Latest Stories
-
Survivors of child trafficking overcome adversity, excel in tertiary education
3 mins -
Confront the barriers to your progress – Professor Lydia Aziato challenges the youth
14 mins -
Expertise France leads EU-funded initiative empowering African Journalists to combat human trafficking
23 mins -
Ghana Grows Programme empowers Ghanaian youth through Youth Policy Dialogue
31 mins -
Eastern NDC raises GHS5.4m to support Mahama’s 2024 campaign
46 mins -
Kumawood actress Akyere Bruwaa condemns death rumours
53 mins -
Ghana Institution of Engineering calls for proactive measures to prevent flood disaster
56 mins -
Who pays for the extra cost? – COCOBOD CEO questions EU on new regulations
1 hour -
‘Dumsor’ will be over by end of May – Former NPP MP assures
1 hour -
Power crisis is not about money – NPP Manifesto Committe chair
1 hour -
Education Minister urges graduates to embrace opportunities
2 hours -
UN rights chief ‘horrified’ by mass grave reports at Gaza hospitals
2 hours -
We need more resources to deal with flooding – NADMO
2 hours -
We’ll not contest in Ejisu by-election – CPP tells EC
2 hours -
Thomas Partey makes first start in 2024 as Arsenal hit Chelsea for 5
3 hours