The Huawei hang-upPosted: 16/10/2012
By Randolph Bell, Managing Director, IISS-US
Huawei, the Chinese networking and telecommunications firm, is no stranger to allegations of unsavoury business practices, but last week it received perhaps its most stinging accusation yet. On Monday, the US House of Representatives Permanent Select Committee on Intelligence issued a report on Huawei and ZTE, another Chinese telecommunications company, which concluded that ‘the risks associated with Huawei’s and ZTE’s provision of equipment to US critical infrastructure could undermine core US national security interests’.
Committee Chairman Representative Mike Rogers told CBS 60 Minutes: ‘If I were an American company today … looking at Huawei, I would find another vendor if you care about your intellectual property, if you care about your consumers’ privacy, and you care about the national security of the United States of America.’
This followed other recent criticisms, including from the US House Armed Services Committee, a French senator, and the Australian government, which barred Huawei from bidding on its $38 billon national broadband network. The Canadian government is considering blocking Huawei from working on its telecommunications network.
Do these criticisms represent prudent caution in an era of increasing cyber espionage – much of which emanates from China – or the unfair singling-out of a company without evidence of wrongdoing?
Western suspicions of Huawei and ZTE, respectively the largest and fifth-largest telecommunications equipment manufacturers worldwide and the two largest in China, may be understandable in the light of growing concerns about the posture and actions of the Chinese state in the cyber domain. Over the past several years, a tidal wave of malicious code has been used to spy on US government and corporate networks.
Pentagon networks have been hacked into at least once, and Deputy Secretary of Defense Ashton Carter has said that DoD networks are under attack ‘every day … both classified and unclassified’. The loss of intellectual property suffered by US corporations through cyber attacks in the past few years amounts to what General Keith Alexander, director of US Cyber Command and the National Security Agency, called ‘the greatest transfer of wealth in history’.
Although Beijing has persistently denied responsibility for such attacks, Western intelligence organisations are in no doubt that many of the most serious ones can be laid at the door of the Chinese state, specifically the Third Department of the General Staff of the People’s Liberation Army (3/PLA), China’s signals intelligence agency. Senior figures within the US administration have publicly identified China with these attacks and since the beginning of 2012 have raised with the Chinese government the issue of large-scale industrial cyber espionage.
Huawei’s or ZTE’s networking and telecommunications equipment could conceivably have built-in ‘back doors’ that would make cyber spying easier. The constant stream of software updates necessary for the functioning of any modern telecommunications network could also make these systems vulnerable to ‘zero-day attacks’ – which occur before a security patch could be created and distributed.
In a worst-case scenario, this technology could facilitate both state and corporate cyber espionage, be used to help map critical elements of a country’s digital infrastructure, or facilitate the delivery of destructive malware. The risks would be greatest during a conflict with China, when Chinese technology could be used to cripple critical communications networks and infrastructure.
The House Intelligence Committee report cites no direct evidence of Huawei or ZTE pilfering Western intellectual property or participating in Chinese state-sponsored espionage. Huawei has responded to the allegations by noting that the committee had ‘failed to provide clear information or evidence to substantiate the legitimacy of the Committee’s concerns’.
This week, Huawei’s European vice president, Tim Watkins, told the BBC he thought the report was ‘unbalanced’ and said that many major companies – even in Australia and Canada – used Huawei’s technology. ‘[Given] the lengths the British government has gone to satisfy themselves that there are no back doors, there is nothing to be concerned about,’ he insisted. Telecoms network provider BT is a major Huawei client and staff from British signals intelligence agency GCHQ are involved in evaluating the cyber security of Huawei’s equipment – although reports suggest that the US report may have renewed UK parliamentary interest in investigating Huawei.
ZTE said it had ‘presented the committee with ample facts that demonstrate ZTE is China’s most transparent, independent, globally focused, publicly traded telecom company’ and was recognised ‘as a Trusted Delivery Partner by 140 governments and 500 network carriers’.
However, in 2010, Motorola sued Huawei for allegedly hiring Chinese-born Motorola employees to steal its technology. American competitor Cisco sued Huawei in 2004 for allegedly copying and selling its switches and routers, including copying instruction manuals verbatim. Cisco recently broke off its distribution relationship with ZTE because of an FBI investigation into whether it was illegally selling Cisco equipment in Iran.
While Huawei and ZTE may not take orders from the Chinese government on a day-to-day basis, as my colleague Nigel Inkster noted last Tuesday on the BBC Radio 4 Today programme: ‘The fact is that companies like Huawei cannot be considered genuinely independent. Any major corporation in China will have a party committee that effectively has its hands on an override switch and can require a company to do whatever it wants. So there is no such thing as what we would understand as a genuinely private-sector corporation.’
A buyers’ boycott of Huawei and ZTE would, however, simply shift the risk on to other products. ZTE’s Director of Global Public Affairs Dai Shu noted that ‘virtually all of the telecom infrastructure equipment now sold in the US and throughout the world contains components made, in whole or in part, in China. That includes the equipment manufactured and sold by every Western vendor in the United States, much of which is made by Chinese joint venture partners and suppliers.’
China has achieved a dominant position in the international ICT market through a combination of business acumen, inexpensive labour, economies of scale, government subsidies and substantial state technical assistance. No US firm can build a 4G mobile communications network using exclusively US-manufactured equipment. This situation allows China to increasingly shape the global ICT environment as part of its over-arching strategy of exercising sovereign control of its own information space while remaining connected to the global network.
A Chinese-dominated global telecommunications infrastructure could have strategic implications in the event of a crisis with China, as Beijing might exert significant control over the cyber domain. Because the US cannot build an indigenous infrastructure overnight, or perhaps even in the medium-term without significant government support, there would be no easy solution to the problem.