A top UK cybersecurity official has accused Huawei of “shoddy” engineering and said the Chinese telecoms giant could be banned from Westminster, seat of the British government.
In a rare interview broadcast Monday, Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC), an arm of the UK’s signals intelligence agency GCHQ, said Huawei could also be barred from what he described as the “brains” of the next generation 5G networks.
“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy,” told a BBC Panorama documentary about the company entitled “Can we trust Huawei?”
Levy said they had found no evidence of “malfeasance” on behalf of the Chinese company and it was simply a question of “poor engineering”.
He said one solution might be to “do something interesting like impose geographic restrictions – maybe there’s no Huawei radio in Westminster” he said.
“Those sorts of things are all options as we go forward.”
Explaining the role of UK cybersecurity watchdog, which says risks from Huawei 5G gear can be limited
Levy said he was happy with Huawei being involved in parts of the 4G and 5G networks “that are kind of dumb, that do not understand the context of the traffic, so they know its somebody’s broadband at home, they do not know it’s yours”.
Separately, the BBC documentary also claimed Huawei removed Wi-fi transmitting cards from CCTV cabinets in a surveillance system in the Pakistan city of Lahore, after they were discovered by the project’s staff.
Punjab Safe City Authority told the BBC it had told the tech giant to remove the modules in 2017 “due to potential of misuse”.
The authority said that the Chinese firm had not mentioned the cards which can be surveyed remotely in its bidding specifications for the contract to build the system designed to help Pakistan clamp down on terrorism.
The UK government is due to announce next month possible restrictions on Huawei or even an outright ban from the core of the new technology that will drive 5G, that will transfer the way data is sent and received.
As a member of the “Five Eyes” security alliance which includes the US, Australia and New Zealand, the UK has come under pressure from the US, which would like to see Huawei banned from core technology.
Germany and the European Union have refused any ban, leaving the UK torn between its two sets of allies.
But concerns have been rising after a UK security review of Huawei last month claimed it would be difficult to risk-manage Huawei’s future products until flaws in its cybersecurity processes were resolved.
The annual review accused the company of failing to address adequately previously-stated concerns about the company’s approach to software development.
“The company has been targeted by a sustained campaign of ill-informed accusations that its involvement in 5G infrastructure somehow poses a threat to the nation,” Huawei UK CEO Jerry Wang said in a statement issued Monday.
He said that while the joint GCHQ/Huawei oversight board had criticised technical issues in Huawei’s software engineering processes “it explicitly stated that it had found no evidence of Chinese state interference”.
On behalf of the UK government, the NCSC has led the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, which monitors the Huawei-owned security research organisation HCSE.
Wang said Huawei has committed US$2 billion to improve software capabilities over the next five years.
He promised “if people find flaws with Huawei, we will listen, act and put things right. But criticism must be rooted in evidence and any meaningful dialogue must be based on facts.”
However, Levy told Panorama that he has not yet seen evidence that Huawei was taking the UK’s concerns on board.
“We’ve seen nothing to give us any confidence that the transformation programme is going to do what they say it’s going to do.”
Levy said there was no bigger threat of spying with 4G than 5G because anything sensitive would be encrypted.
Cybersecurity experts interviewed on the show said the bigger threat would be in the event of a future cyberwar where “back door” security lapses could allow a hostile state to shut down vital infrastructure such as power supplies and transport systems.
“Let’s make a proper analysis of the risk and then apply the same rules to everyone” lawmaker Norman Lamb, chair of the UK Parliament’s Science and Technology Select Committee, said.
“I think the fact that this country will significantly benefit from the roll out of 5G should also be taken into account.”
On Friday, an independent report commissioned by the UK’s main mobile telecoms providers found that a partial to full restriction on Huawei in the supply chain could result in a delay in the roll-out of up to two years and cost the UK economy as much as £6.8 billion (US$8.8 billion).
More from South China Morning Post:
- Explaining the role of UK cybersecurity watchdog, which says risks from Huawei 5G gear can be limited