The annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board points out "significant technical issues" in Huawei's engineering process that lead to new telecom risks. Additionally, Huawei failed to address security concerns raised by the board in last year's report. Those concerns centered around software development. As we reported then, Huawei was using an old version of Wind River's VxWorks, a real-time operating system. The version was set to lose access to security updates in 2020, which could open the UK to cyber attacks.
In response, Huawei told Reuters that it takes these concerns "very seriously," and that the report provides "vital input for the ongoing transformation of our software and engineering capabilities." According to Reuters, last year, Huawei pledged to spend more than $2 billion to address the security issues. However, it warned that the process could take up to five years.
As a result of these new and existing concerns, the oversight board said it can "provide only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK." There's no indication of what action, if any, the UK might take, but as we've reported previously, the country tends to favor mitigating risks as opposed to banning Huawei gear altogether. At the very least, the report substantiates the alarms the US has been sounding around Huawei's technology.