The news, for Chinese telecom giant Huawei, keeps getting worse. While the United States has outright banned the company from future government work, the United Kingdom has been more accepting of the fact that many of the underlying flaws in Huawei’s devices and code are fixable. The UK established the Huawei Cyber Security Evaluation Centre (HCSEC) in 2010 to evaluate and address security issues in Huawei products, and to produce an annual report about them. However, this year the report was especially damning.
Much of the focus on the 2019 HCSEC report in the news has been related to the fact that almost no security flaws from the previous year have been addressed. This includes the use of an operating system called VxWorks from Wind River that has been discontinued by its parent company, and which is set to stop getting updates in 2020. As soon as that happens, any new security holes discovered by hackers will remain unpatched. Huawei has promised to fix that problem, but it remains a core component in much of the UK’s telecom infrastructure.
A critical factor that appears to have been overlooked by most of the mainstream press amounts to what could be a fundamentally broken process, existing within the company’s development and deployment of new software and hardware. The report notes ‘significant technical issues’ with the way that Huawei handles its internal engineering methods.