Top News

The Huawei Security Threat

Updated:2010/10/18 08:58

There is a genuine national security need to block a Chinese investment in U.S. telecommunications.

All signs point to a new round of Chinese investment attempts in America on the horizon, in industries ranging from oil to finance. The vast majority of these deals should be welcomed, but some raise genuine security worries that require careful attention from policy makers. Huawei's bid to provide telecommunications equipment to Sprint Nextel is a prime example of the latter.

A functional, reliable, resilient telecommunications network is a fundamental American national interest. Connectivity facilitates virtually all U.S. economic activity. Sound communications capabilities also serve as the basis of many other dimensions of national security, playing a key role in everything from emergency response to the transmission of sensitive information between government entities. Access to U.S. information and communications technology infrastructure could enable a motivated adversary to commit a range of malicious activities, including espionage, disinformation campaigns and disruption of service.

Any foreign investment in this sector should thus be carefully studied to ensure American regulators understand who is making the investment and why. Huawei raises many questions: While it claims that it is a fully independent and employee-owned company, it has strong connections to the Chinese military, Communist Party and government.

Retired General Ren Zhengfei, the company's founder and current president, was formerly the director of the People's Liberation Army General Staff Department's Information Engineering Academy, an entity responsible for telecommunications research for the military. The Communist Party and government remain extremely influential in China's large businesses in leadership placement and in directing funding. This is especially the case for firms in what China considers "strategic industries," which include the telecommunications sector.

That makes this deal very different from the scenario if a major publicly listed telecom from a democratic American ally were to invest in an American company. Indeed, Verizon Wireless started as a joint venture between America's Verizon and Britain's Vodafone with minimal controversy over the foreign company's role.

The U.S. government has voiced concerns over Huawei's attempts to enter the American market on previous occasions. In 2008, Huawei dropped plans to acquire 3Com after the U.S. Committee on Foreign Investment indicated that it would block the deal, and last year, the National Security Agency reportedly voiced concerns to AT&T over the firm's plans to buy Huawei equipment.

Several other nations have grappled with the same issues. Last year British intelligence officials warned of potential infrastructure threats from Huawei's communications equipment on networks operated by British Telecom, citing concerns that the equipment might allow attackers to "remotely disrupt or even permanently disable" critical communications networks. The Australian Security Intelligence Organization investigated claims by former employees that Huawei had engaged in cyber espionage against Australian interests and that the firm's activities in Australia involved technicians and executives with direct links to China's military. An Indian communications ministry placed limitations on Huawei's operations in India's telecommunications networks, also on national security grounds.

The U.S. should similarly be concerned over any deal for Huawei to supply equipment to Sprint Nextel. The Chinese military has a well-developed doctrine for computer network exploitation and attack. Other entities in China, likely with support from the government, actively engage in computer-related espionage activities. If Huawei were to provide infrastructure for U.S. telecommunications networks, actors within China could gain unparalleled access to multitudes of potentially sensitive U.S. communications information, including cellular telephone calls, email, text messages and browsing activities.

Some observers might assume that the quantity of data transmitted by U.S. networks would be sufficient to protect privacy and confidentiality—there would simply be too much for snoops to sift through—but this is not the case. Chinese telecommunications firms have perfected technologies to intercept, sort and evaluate staggering volumes of telecommunications data, as demonstrated in the "Great Firewall" censorship regime on the Internet. China has also perfected disruptive technologies, such as the outright blocking of text messages in western China for months following unrest in Xinjiang province in 2009.

Huawei has sought to counter concerns that the deal with Sprint Nextel would enable malicious network activities in America. Specifically, Huawei has proposed to submit source code for its equipment's operating systems to an independent third party to certify that the software is benign. In parallel, Huawei reportedly would allow other third-party firms to service the equipment.

These solutions are absolutely inadequate to counter the risk. Networked systems offer numerous attack vectors. Some look legitimate, such as those that are designed to offer remote diagnostics and support. Other vulnerabilities could be introduced by patches or updates once the basic software is already in place. Chain-of-custody principles introduce a whole other set of problems: It would be difficult to guarantee that a piece of software evaluated by a third party would share the exact characteristics of the software installed on the machines that ultimately operate U.S. telecommunications networks.

Even if a firm could somehow certify the harmlessness of a piece of equipment's operating system, and ensure that no new vulnerabilities were introduced after the fact, and maintain proper chain-of-custody principles, a malicious actor could still potentially gain access to systems. "Back doors" could be built into a piece of equipment's firmware or hardware components. The technology to discover these potential access points remains limited at best.

Given that the U.S. is already at great risk of cyber attacks, making our communications networks more vulnerable by using technology developed by a company with close ties to China's military would be a grave mistake. In this case, there are a number of competitive alternative suppliers of advanced telecommunications technology. Sprint Nextel should take national security concerns into consideration when selecting partners. Moreover, the U.S. government has an obligation to use every available means to ensure safe and secure telecommunications infrastructure.

"National security" has too often been a recourse for protectionists. But remaining open to foreign investment in general does not mean abandoning caution. Telecommunications is one industry that warrants a careful approach.

By:MICHAEL R. WESSEL  Source:online.wsj
For press release services, please email us at english@c114.net.cn.

Related News

E-Mail:english@c114.net.cn

Copyright© 2014 C114 All rights reserved.