A top cyber-security official has said Huawei’s “shoddy” engineering practices mean its mobile network equipment could be banned from Westminster and other sensitive parts of the UK.
GCHQ’s Dr Ian Levy told BBC Panorama the Chinese telecom giant also faced being barred from what he described as the “brains” of the 5G networks.
The UK government is expected to reveal in May whether it will restrict or even ban the company’s 5G technology.
Huawei said it would address concerns.
Last month, a GCHQ-backed security review of the company said it would be difficult to risk-manage Huawei’s future products until defects in its cyber-security processes were fixed.
It added that technical issues with the company’s approach to software development had resulted in vulnerabilities in existing products, which in some cases had not been fixed, despite having being identified in previous versions.
In his first broadcast interview, the executive in charge of the firm’s telecoms equipment division said he planned to spend more than the $ 2bn (£1.5bn) already committed to a “transformation programme” to tackle the problems identified.
“We hope to turn this challenge into an opportunity moving forward,” said Ryan Ding, chief executive of Huawei’s carrier business group.
“I believe that if we can carry out this programme as planned, Huawei will become the strongest player in the telecom industry in terms of security and reliability.”
However, Dr Levy – the technical director of GCHQ’s National Cyber Security Centre – said he had yet to be convinced.
“The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy.
“We’ve seen nothing to give us any confidence that the transformation programme is going to do what they say it’s going to do.”
He added that “geographic restrictions – maybe there’s no Huawei radio [equipment] in Westminster” was now one option for ministers to consider.
Mobile UK – an industry group representing Vodafone, BT, O2 and Three – has warned that preventing Huawei from being involved in the UK’s 5G rollout could cost the country’s economy up to £6.8bn and delay the launch of its next-generation networks by up to two years.
Those already using Huawei’s equipment have opted to keep it out of what is known as the core of their networks, where tasks such as checking device IDs and deciding how to route voice and data take place.
EE used to make use of Huawei’s gear in its 3G and 4G core, but BT is currently stripping it out after buying the business.
The industry does, however, want to use Huawei’s radio access network (Ran) equipment – including its antennae and base stations. These allow individual devices to wirelessly connect to their mobile data networks via radio signals transmitted over the airwaves.
The US has concerns about any deployment of Huawei’s products.
“You would never know when the Chinese government decide to force Huawei… to do things that would be in the best interests of the Communist party, to eavesdrop on the US,” claimed Mike Conaway, a member of the House Intelligence Committee.
The Republican drafted a bill last year to ban the US government from doing business with firms that use the company’s equipment. It was later adapted to become part of the National Defense Authorization Act, which was signed into law by President Trump.
The effect has been to deter the country’s major telecoms networks from working with Huawei. The Chinese company is now suing the US government claiming the move is unconstitutional.
The congressman now has his sights on the UK.
“Obviously, the terrific relationship between the UK and the United States – English-speaking countries – is important to maintain,” Mr Conaway told Panorama.
“But as a part of that we will have to assess what kind of risks we would have in sharing… secrets that would go across Huawei equipment, Huawei networks.
“We can always share things old-school ways by, you know, paper back and forth. But, in terms of being able to electronically communicate, across Huawei gear, Huawei networks, would be risky at best.”
This is a matter that crosses political divides.
Mark Warner, a Democrat and vice chair of the Senate Intelligence Committee, also cautioned against allowing Huawei to be part of the UK’s 5G networks.
“I think that the consequences could be dramatic,” he said.
“I think there could be a real concern about the ability to fully share information because of the fear that the network that would undergird 5G in the UK, that there might be a vulnerability.”
GCHQ’s Dr Levy, however, played down such fears saying that efforts to digitally scramble communications meant that even if someone was able to intercept them, they would only get “gobbledygook”.
“Anything sensitive from a company or government or defence is independently encrypted of the network,” he explained. “You don’t trust the network to protect you, you protect yourself.”
He added that despite finding vulnerabilities in some of Huawei’s kit “we don’t believe the things we are reporting on is the result of Chinese state malfeasance”.
For its part, Huawei says the Chinese government would never ask it to install backdoors or other vulnerabilities into its foreign clients’ systems, and even if such a request were made it would refuse.
And Mr Ding dismissed suggestions that this commitment would fall by the wayside if the US and China were to go to war.
“We have a country here that virtually uses no Huawei equipment and doesn’t even know whether our 5G equipment is square or round, and yet it has been incessantly expressing security concerns over Huawei,” he said.
“I don’t want to speculate on whether they have other purposes with this kind of talk. I would rather focus the limited time that I have on making better products.”
Panorama: Can We Trust Huawei? will be broadcast on BBC One at 20.30 BST this Monday.