British review finds "significant" security problems with HUAWEI's equipment (Updated)

Update, April 1, 2019 at 9:37 a.m. ET: HUAWEI provided the following statement to Android Authority:

The 2019 OB report again recognises the effectiveness of the HCSEC. As the report says, “The oversight provided for in our mitigation strategy for HUAWEI’s presence in the UK is arguably the toughest and most rigorous in the world. This report does not, therefore, suggest that the UK networks are more vulnerable than last year.”

The 2019 OB report details some concerns about HUAWEI’s software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year HUAWEI’s Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2bn.

A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.

Original article, March 28, 2019 at 9:00 p.m. ET: Huawei’s had a tough go in recent times as the company continues to push back allegations of security lapses from the U.S. and other countries. Unfortunately for Huawei, a report published earlier today on The New York Times doesn’t help its cause.

According to the report, a U.K. review found “significant” problems with HUAWEI’s telecommunications equipment. It also found “underlying defects” with HUAWEI’s software engineering and security processes.

In the review, British officials said that HUAWEI could not replicate the software it built. That means authorities couldn’t verify the code found in the U.K.’s wireless networks. British officials also said that HUAWEI had poor oversight of suppliers that made components for its offerings.

Backed by the U.K.’s top cybersecurity agency, the review didn’t call for an outright ban of HUAWEI’s equipment in the country. Instead, it said that governments and independent hackers could exploit the aforementioned defects.

Even with these issues, the review acknowledges that issuing a ban on HUAWEI’s telecommunications equipment would be difficult and costly. HUAWEI is the largest telecommunications equipment provider in the world and has its equipment in use in many countries, including those in Europe.

Banning HUAWEI’s equipment could prove costly for carriers as they race to introduce their 5G networks. A ban could also prove costly for consumers, who might bear the brunt of the cost it would take to replace HUAWEI’s equipment with a competitor’s. These findings echo Vodafone CEO Nick Read’s comments that were made during MWC 2019.

The British review doesn’t put HUAWEI in a great light, but it somewhat derails U.S. initiatives to persuade other countries to block the company. Most recently, HUAWEI sued the U.S. government and claimed that the U.S. hacked into its servers.