Huawei Admits To Needing 5 Years, $2 Billion To Fix Security Issues

Bruce66423 writes: In a remarkable piece of honest self assessment, Huawei has produced a letter to a House of Commons committee member in response to security concerns raised by the UK Huawei Cyber Security Evaluation Centre (HCSEC) in its annual report, a body that includes Huawei, UK operators and UK government officials. The firm pledged to spend about $2 billion over five years to resolve these issues. However they also claim that: "Huawei has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence. We would not do this in any country" -- a claim in sharp contrast to the ability of the Communist Party of China to suborn anyone into doing so. Good to see that Chinese firms still have a sense of humor. As The Economist puts it: "And China's leaders are tightening their grip on business, including firms such as Huawei in which the state has no stake. This influence has been formalized in the National Intelligence Law of 2017, which requires firms to work with China's one-party state."

Re:Five years may as well be forever

[AmiMoJo]

The headline is deliberately misleading.

They didn't say they needed to spend $2bn and five year to fix problems they know about. They said that they have a five year plan and are investing $2bn in security, which will include things like code audits and hiring additional people to work on it.

Huawei isn't particularly bad on security. Compare them with Cisco, who have had multiple cases of hard-coded accounts and passwords for support techs over the past few years. At least Huawei takes security seriously and is investing in it.

The headline should be "Huawei invests more than anyone else in security, actually has a plan for it".

And the US have the PATRIOT Act

[Lonewolf666]

And their National Security Letters. Overall, that gives them a legal loophole comparable to what the Chinese Government probably has.

As someone from the EU, I don't trust either. Perhaps we could buy at least some of our stuff from Nokia (Finnish). Seems the politically and legally safest option.

Re:Five years may as well be forever

[drinkypoo]

We have hard proof that the US has backdoors into hardware designed and made in the US. That's a fact, we know it with absolute certainty.

Citation needed.

Unlike you, I actually wanted such a citation, so I googled for "the US has backdoors into hardware designed and made in the US". I got back a pretty good hit but without citations, but it was from a story in 2013 so I appended 2013 to my search terms and found several good references. Also, let me take this opportunity to remind you to Never forget Qwest.

Maybe you're just terrible at googling, and need to work on that, but it seems more likely that your request for citations was disingenuous. If not, though, don't be so goddamned lazy.