Huawei kit contained flaws of 'national significance', NCSC reports
The report finds that the defects were not the result of interference from the Chinese state


Huawei failed to comply with “its own secure coding guidelines” during an incident which likely led to a vulnerability "of national significance", according to a new report.
Although the incident in question, which occured in 2019, was remedied before it could be exploited, the number of Huawei vulnerabilities had “risen significantly” since 2018, a report by the Huawei Cyber Security Evaluation Centre (HCSEC) has detailed.
The HCSEC, which is a group belonging to Huawei but directed by the UK's National Cyber Security Centre and overseen by an independent oversight board, found “sustained evidence of poor coding practices”, in spite of “minor improvements over previous years”.
It also found limited confidence in the Chinese tech giant, saying that the Huawei products analysed were found to have “major quality deficiencies”.
However, the NCSC also added that it “does not believe that the defects identified are a result of Chinese state interference”, a decision which was welcomed by Huawei.
“This latest report highlights our commitment to a process that guarantees openness and transparency, and demonstrates HCSEC has been an effective way to mitigate cyber security risks in the UK,” said a Huawei spokesperson. “As innovators, we continue significant investment to improve our products. The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities.”
The spokesperson added that Huawei “has faced the highest level of scrutiny for almost 10 years”.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“This rigorous review sets a precedent for cyber security collaboration between the public and private sectors, and has provided valuable insights for the telecoms sector. We believe this mechanism can benefit the entire industry and Huawei calls for all vendors to be evaluated against an equally robust benchmark, to improve security standards for everyone,” the spokesperson added.
RELATED RESOURCE
However, the report concluded that the Oversight Board behind the report “can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term”.
The findings are likely to compromise Huawei’s difficult position in the UK market, which had been heavily influenced by US sanctions and the company being perceived as a threat to national security.
In July, the UK government banned Huawei equipment from being used in the country's 5G infrastructure.
Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.
Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Google shakes off tariff concerns to push on with $75 billion AI spending plans – but analysts warn rising infrastructure costs will send cloud prices sky high
News Google CEO Sundar Pichai has confirmed the company will still spend $75 billion on building out data centers despite economic concerns in the wake of US tariffs.
By Nicole Kobie
-
Cisco wants to capitalize on the ‘DeepSeek effect’
News DeepSeek has had a seismic impact, and Cisco thinks it has strengths to help businesses transition to AI-native infrastructure
By Solomon Klappholz
-
CoreWeave’s first two UK data centers are now operational
News The company's European plans for this year also include new facilities in Norway, Sweden, and Spain
By Emma Woollacott
-
AWS eyes ‘flexible’ data center expansion with $11bn Georgia investment
News The hyperscaler says the infrastructure will power cloud computing and AI growth
By Nicole Kobie
-
Future-proofing operations
Whitepaper The Foundational Role of IT Infrastructure and Connectivity Solutions in Achieving Business KPIs
By ITPro
-
Quantitative analysis of a prefabricated vs. traditional data center
Whitepaper Apples to apples cost analysis between data centre types
By ITPro
-
Battery technology for single phase UPS systems: VRLA vs. Li-ion
Whitepaper An overview of li-ion batteries in comparison to VRLA batteries for singlephase UPS applications
By ITPro
-
Architecting enterprise networks for the next decade
Whitepaper A new paradigm in network architecture
By ITPro