In November of 2010, the Chinese networking and telecommunications giant Huawei entered into an agreement with the government of the United Kingdom to allow extensive security reviews of Huawei’s hardware and software—a move intended to allay fears that the company posed a security risk to the UK’s networks. Since then, the Huawei Cyber Security Evaluation Centre (HCSEC) has given UK officials a window into the company’s information security practices. And UK officials haven’t necessarily liked what they’ve seen.
In a report issued today, the HCSEC Oversight Board—a panel including officials from the National Cyber Security Centre, GCHQ and other agencies, as well as a senior executive from Huawei—warned that Huawei had failed to make long-promised changes to its software development and engineering practices needed to improve security.
“HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators,” the oversight board members noted. “No material progress” had been made in correcting those problems since they were noted last year.