The report finds “no material progress” from the previous year, but also no further vulnerabilities.

Background: The Huawei Cyber Security Centre (HCSEC) was set up in 2010 under arrangements between Huawei and the UK Government, to mitigate any risks coming from the involvement of Huawei in the UK’s critical national infrastructure. Since 2014, the HCSEC has an Oversight Board, chaired by the CEO of the UK National Cyber Security Centre (NCSC). The Board issues annual reports on the working of HCSEC; the 2018 report gave “only limited assurance” that risks from Huawei’s involvement in the UK’s critical networks have been sufficiently mitigated.

The new report: Today, the Oversight Board has issued its annual report for 2019. Its findings are a mixed picture. “No material progress” has been made on the issues identified last year, and “significant, concerning issues” in Huawei’s approach to software development continue to pose significant risk to UK operators; however, the NCSC does not believe that the defects identified are a result of Chinese state interference. The report also does not suggest that UK networks are more vulnerable than last year; in fact, the technical insight provided by HCSEC to UK operators allows them to plan more effective mitigations.

Next steps: The annual report of the Oversight Board complements the Telecoms Supply Chain Review the Government is currently carrying out. This should be completed during April 2019, and in turn will inform any regulatory and policy action the Government will decide to take to strengthen network security.