Devdiscourse
Development News Edition
Give Feedback
VisionRI - Urban Development

Why Huawei shouldn’t be in 5G networks tells HCSEC Report

The report from oversight board for Britain’s Huawei Cyber Security Evaluation Centre (HCSEC) makes it clear that clever, secret backdoors in the Chinese company’s equipment are the least of anyone’s worries.


Devdiscourse News Desk wellington New Zealand
Updated: 16-04-2019 08:21 IST
Why Huawei shouldn’t be in 5G networks tells HCSEC Report

The bad code runs through Huawei’s software like the word Blackpool in a stick of seaside rock. Image Credit: ANI

Juha Saarinen writes in New Zealand Herald about the HCSEC report citing the real reason why Huawei shouldn't be in 5G networks:

The report from oversight board for Britain's Huawei Cyber Security Evaluation Centre (HCSEC) makes it clear that clever, secret backdoors in the Chinese company's equipment are the least of anyone's worries.

"Instead, it's old, unsafe and bug-infested software, bad coding practices, and little or no effort by Huawei to sort out some seriously deficient processes and practices."

Overnight, Huawei's status went from clever enough spy on networks undetected to bungling clowns.

The report is damning. It's not about a few weak points here and there. The bad code runs through Huawei's software like the word Blackpool in a stick of seaside rock.

The UK has known this for seven years.

Bad software is everywhere

On one level it's not a surprise. Poorly-written software is common. It runs the world.

Some of the best-known software names have or had dodgy code including Microsoft and IBM. Enterprise software often holds together with digital chewing gum and paper clips.

Shoddy software lies behind most computer security problems. Attackers find and exploit holes in poor code.

Critical infrastructure

That's the problem with Huawei. Its network products are part of critical infrastructure. Criminal or hostile-state-controlled coders could find their way into those networks.

Huawei network kit has always looked advanced compared with rival brands.

The NATO Cooperative Cyber Defence Centre of Excellence underlines this:

"It is currently the only company that can produce 'at scale and cost' all the elements of a 5G network, with its closest competitors Nokia and Ericsson not yet able to offer a viable alternative."

Now it looks like Huawei cut too many corners to get out in front. The HCSEC report is a wake-up call.

Hopefully, everyone watching is getting their own house in order. Experience suggests otherwise.

Fixing the mess

In theory, Huawei can fix this mess. It has acknowledged the report and says it will spend $2 billion in a programme to fix the problems.

The UK's National Cyber Security Centre isn't confident that will happen. It also fears any fixes that Huawei makes may not make their way into products used in networks.

Huawei has had seven years to fix problems. It's done nothing.

Last year the National Cyber Security Centre warned the company. According to the report, Huawei made "no material progress" on identified problems.

The HCSEC oversight board said it wants to see "sustained evidence" of better software engineering and cybersecurity "quality" before it gives Huawei a tick.

HCSEC report not about spies

None of the flaws found in Huawei's offering is to do with Chinese state intelligence.

That was the reason for setting up HCSEC in the first place. It's why Huawei faces more scrutiny than other equipment suppliers.

That poses an interesting thought: How would Huawei's rivals look if they were subject to similar investigation? Until then, there's no logical reason to assume they are any better.

Huawei's embarrassing HCSEC security report card was first posted at billbennett.co.nz.

READ MORE ON : Huawei
COUNTRY : New Zealand

POST A COMMENT