The Chinese telecommunications giant Huawei has blocked more than a hundred products from being released on the market due to concerns that the items do not meet security standards, EURACTIV has learnt.
A representative at Huawei’s Cybersecurity Lab in Shenzen, China, told EURACTIV last week that since the company cybersecurity chief John Suffolk took up his current post in 2011, he has issued ‘no go’ decisions on more than a hundred products, a right he has as the company’s global cybersecurity and privacy officer.
“No go decisions are made when the product being evaluated does not match the security quality standards,” Suffolk told EURACTIV. “These include items such as clear text passwords in log files, or known vulnerabilities in third-party components or indeed penetration testing failures.”
Moreover, Suffolk added that once a product has been vetoed, it is “sent back to the product line for remedial action.”
“If the product quality is really poor then disciplinary action will be considered,” Suffolk said.
Huawei has previously come under criticism for purported backdoors installed in their products which would enable Chinese-state-led espionage, a claim the company has consistently denied.
In addition, the company has been keen to quell reports that its current employees have links to the Chinese military, following a recent report by Professor Christopher Balding of the Fulbright University Vietnam, which examined 25,000 CVs belonging to current or former Huawei employees and found “strong evidence that Huawei personnel act at the direction of Chinese state intelligence”.
However, at least at Huawei’s cybersecurity centre in Shenzhen, EURACTIV was informed that it against the lab’s recruitment policy to employ individuals with a background in the Chinese military.
Meanwhile, during a media roundtable in Brussels last week, Huawei’s Senior Vice President Catherine Chen said the company has no cybersecurity risk management framework in cooperation with the Chinese government. Huawei does, however, have agreements with governments in Germany, Canada and the UK.
During Chen’s visit, it also transpired that the majority of 5G contracts already secured by the company are with European contractors. The company has agreed 50 contracts globally, including 28 with European operators, highlighting the importance of the European market to the company’s future in the 5G market.
However, a common European approach to adopting a 5G security strategy is at risk of being undermined by a handful of EU member states. Following a request from the Commission, 24 out of 28 member states have returned national risk assessments for the bloc’s future 5G development that will in time feed into an EU-wide 5G security framework, due to be completed by 1 October.
Huawei welcomed the plans to establish a common approach across the EU, saying that they “fully agree with the stance that common security standards for 5G networks are required across the EU.”
One country in which the Chinese firm has already received a relative degree of support has been the United Kingdom, after it emerged earlier this year that London would permit Huawei’s involvement in ‘non-core’ aspects of the UK’s 5G network infrastructure.
However, over the weekend, the Financial Times reported that the UK’s head diplomat in Brussels, Sir Tim Farrow, has been sidelined by the EU with respect to ongoing discussions surrounding the cybersecurity risks related to Huawei.
Barrow recently wrote a letter of complaint to the European Council, after he was “disinvited” from an EU28 meeting on June 25 in which member states discussed the bloc’s cyber standards.
A specific item on the agenda was the security threats posed by Huawei. Barrow wrote to the Council that the UK has so far “received no explanation as to the substantive reason for its exclusion.”
[Edited by Zoran Radosavljevic]