View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 7, 2018

Huawei: We’ll Spend $2 Billion to Improve Our Software Engineering Processes

UK security watchdog has warned of "repeated discovery of critical shortfalls" in Huawei's engineering processes

By CBR Staff Writer

Chinese telecommunications vendor Huawei – which is under assault from a range of western governments concerned its hardware could be used as a Trojan horse by Chinese intelligence services – has pledged $2 billion to transform how it approaches engineering its software and hardware, according to a new report from Bloomberg.

See also: Bombshell Report Warns of Huawei Risk to UK’s Critical Infrastructure Security

The report cites company sources as pledging to transform the way Huawei engineers software, “instead of merely applying one-off changes and workarounds in response to specific demands from companies and governments.” The proposal will reportedly be presented to the UK’s National Cyber Security Centre within days.

UK Pulls Huawei Equipment Apart – Sees “Critical Shortfalls”

The UK has a watchdog dedicated to pulling apart Huawei equipment and checking how robust its security is. The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board is chaired by NCSC CEO Ciaran Martin and in a July report warned it was increasingly unable to guarantee the security of the equipment.

“This is due to the repeated discovery of critical shortfalls, including but not limited to BEP and the third party component support issue, in the Huawei engineering practices and processes that will cause long term increased risk in the UK” it said.

Huawei makes everything from the routers and switches that direct traffic across the internet, to BT’s green street cabinets, to mobile transmission equipment used in masts.

Watchdog: “Limited Assurance” on Huawei Security

Cybersecurity experts told Computer Business Review at the time they believed an oversight board, however competent, has “very little chance of determining whether there are state sponsored vulnerabilities within extremely complex products.”

HCSEC added it can only offer “limited assurance [on the security of Huawei products] due to the lack of the required end-to-end traceability from source code examined by HCSEC through to executables use by the UK operators”.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The HCSEC board concluded: “Huawei’s processes continue to fall short of industry good practice and make it difficult to provide long term assurance. The lack of progress in remediating these is disappointing.”

Huawei: Not in Favour

Governments in the US, New Zealand and Australia have legislated to block the use of Huawei’s equipment in future 5G networks.

Earlier this week, meanwhile, the head of MI6 suggested the UK needed to decide if it was “comfortable” with Chinese ownership of the technology being used.

Intelligence hackles have been raised further by a legal basis that the Chinese government could use to mandate Huawei’s compliance with state security interests.

Article 7 of China’s National Intelligence Law (国家情报法), released in June 2017,  declares: ‘All organizations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work, and guard the secrecy of national intelligence work they are aware of.”

It adds: “The state will protect individuals and organizations that support, cooperate with, and collaborate in national intelligence work.’”

Huawei officials will present the details of the software revamp to the British government’s NCSC in coming days before it presents it to the public, Bloomberg cited one source as saying.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.