A mere six weeks after the United Kingdom’s National Cyber Security Centre concluded that the security risk of using Huawei’s equipment could be controlled, the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board declared in a new report that it has no confidence in the Chinese 5G manufacturer.
“HCSEC’s work continues to identify significant, concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation,” the fifth annual report from HCSEC reads.
The HCSEC facility in Banbury, Oxfordshire, belongs to Huawei Technologies (UK), which was set up eight years ago to evaluate the security for a range of Huawei products used in the UK. The oversight board is supposed to ensure the independence and competence of the HCSEC.
“The oversight board states only that Huawei’s development and support processes are not currently conducive to long-term security risk management and, at present, the oversight board has seen nothing to give confidence in Huawei’s capacity to fix this,” the report said.
European Union Takes on 5G Security
In view of the turmoil Huawei’s perceived security risk is causing European countries, the European Union (EU) decided this week to get involved. A political and economic union of 28 states, the EU called for action at the national, as well as European, levels to ensure cybersecurity. The EU called upon each member state to complete a 5G network risk assessment by the end of June 2019.
“Member states have expressed concerns about potential security risks related to 5G networks and have been exploring or taking measures to address these risks, as well as stating that they were looking forward to a common approach at the EU level,” the European Commission, an institution of the EU, said in a March 26 statement.
The national risk assessments will consider various risk factors, such as technical risks and risks linked to the behavior of suppliers or operators, including those from other countries[O1] . At the EU level, member states will be able exchange information on cybersecurity and receive the support of the EU agency for cybersecurity, the European Union Agency for Network and Information Security. Together they will complete a coordinated risk assessment by October 2019.
Action on cybersecurity in 5G networks must be addressed, according to the European Commission, because of the interconnected nature of the wireless networks, the cross-border nature of the threats and the rising technological presence of China.
“Any vulnerability in 5G networks could be exploited in order to compromise such systems and digital infrastructure – potentially causing very serious damage or in order to conduct large-scale data theft or espionage,” the European Commission said. “The dependence of many critical services on 5G networks would make the consequences of systemic and widespread disruption particularly serious. This justifies the need for a robust risk-based approach, rather than one relying primarily on ex-post mitigation measures.”
Huawei Equipment Sales Moving Along Just Fine
Even with all the security fears, Huawei’s 5G sales continue apace. Last year, the giant Chinese telecom manufacturer rung up $105 billion in sales, up 19.5 percent year-over-year; its net profit reached $9.3 billion, up 25.1 percent year-over-year.
Huawei’s position in the East and the refusal of companies in the West to ban its equipment has the United States facing the reality that the security threats will be a constant in 5G networks in the future, according to the Washington Post.
“U.S. national security officials are planning for a future in which the Chinese firm Huawei will have a major share of the advanced global telecommunications market and have begun to think about how to thwart potential espionage and disruptive cyberattacks enabled by interconnected networks,” the newspaper reported yesterday.