Following the recent revelation that Britain’s National Security Council (NSC) has agreed to allow Huawei to help build “noncore” elements of the UK’s 5G network despite warnings about relevant national security risks, the University of Nottingham’s Martin Thorley examines the broad implications of the decision. At the Independent, Thorley reviews the financial gains and security risks that were presumably weighed against one another by the NSC. He also highlights a moral element of the decision, coming as Beijing becomes increasingly assertive on the global stage and as it ramps up restrictions on personal and media freedoms, and crackdowns on civil society:
The UK decision comes amid a long overdue “realist” turn in engagement with China, as many countries around the world take stock of the consequences of engagement with the Chinese party-state. Talk of Chinese investment is now qualified by discussions of Beijing’s influence and interference techniques, as well as the more morally dubious methods employed by the Chinese Communist Party (CCP) to maintain its power in a country of 1.4 billion.
[…] The decision would certainly make business sense: Beijing will continue to cooperate with the UK’s business elite who seek out lucrative opportunities in China. At the same time Huawei products themselves almost certainly represent a cheaper option compared to rival providers. Indeed, there have been rumours that because of the low prices, Huawei is actually a massive loss-maker, receiving considerable financial support from arms of the Chinese party-state.
[…] In such a landscape [of deteriorating rights in China] it is hardly a surprise that so few Chinese citizens are aware of the scale of the ongoing clampdown against Uighurs and other ethnic minorities in the far west of the country that has seen over a million sent to newly constructed re-education camps. Moving back to the other side of the country, in Hong Kong four activists have been sentenced for up to 16 months in prison for their roles in pro-democracy demonstrations, contravening the spirit of the Sino-British Joint Declaration regarding Hong Kong’s future.
[…] In the final reckoning, Britain’s decision on Huawei makes perfect sense financially, raises serious issues for security, and represents a grave misjudgement morally. [Source]
At Lawfare earlier this month, International Computer Science Institute security researcher Nicholas Weaver published a risk analysis for countries considering Huawei equipment, closing with some relevant recommendations:
[…T]he risks of Huawei equipment can be managed only by understanding the political risks: How much is a country willing to bet that Huawei will resist Chinese government pressure? Given that the U.S.’s National Security Agency is known to sabotage equipment in transit, bribe companies to deploy sabotaged standards, and compel cooperation of U.S. companies in intelligence activities, it would be naive to expect any less of China. Further magnifying the risk is that Huawei may actually be a state-owned company.
This leaves three options for countries considering what to do about 5G. First, a country can decide to buy Huawei equipment and save a considerable amount of money in doing so. The risk is simply that every high-level political figure and executive may have their calls monitored by Chinese intelligence. This may actually be a worthwhile trade-off—after all, the damage done by Chinese spies would have to be weighed against the potentially billions of dollars saved from purchasing Huawei equipment. That trade-off just needs to be acknowledged when making purchase decisions.
The second option is to purchase equipment from Huawei’s European competitors, Ericsson or Nokia. These manufacturers are more expensive than Huawei but provide the greatest political assurance: None of the major spying nations can exert the same pressure on Nokia (Finnish) or Ericsson (Swedish) that they can on domestic companies.
The final option is simply to avoid the hype. The claims about 5G being “20x faster” than preexisting 4G are effectively disingenuous marketing as real-world performance rarely reaches the theoretical peak bandwidth but, rather, is limited by the shared communication spectrum. […] [Source]
Following news of the NSC’s decision, Lawfare yesterday published “The Risks of Huawei Risk Mitigation,” by Alexei Bulazel, Sophia d’Antoine, Perri Adams, and Dave Aitel, which highlighted the fact that fully accounting for and mitigating all risks are impossible. The piece was a response to an earlier article on managing Huawei 5G risk by cyber policy and security researcher Herb Lin, who replied with another post stating “I don’t disagree with anything in their piece and endorse almost all of it.”
At the Financial Times, Yuan Yang re-examined the the security risks that Huawei’s 5G equipment could pose, including attacks on either individuals or entire national networks. Yang’s report also asked if these specific risks could be mitigated, and what actors could take advantage of Huawei’s equipment:
Michael Howard, senior research director at IHS Markit for carrier networks, said the “biggest issue is that any and all equipment from any vendor can be compromised by any knowledgeable rogue person”. That means private actors hacking for money, as well as the US’s fear — government-sponsored actors. “We have talked with CTO-level executives at operators around the world, and they tell us that Huawei equipment is no different than any other equipment in this regard,” Mr Howard added. Huawei says that its software has been more rigorously inspected than the software of its rivals because, for example, of the work of the Huawei Cyber Security Evaluation Centre in the UK, which is overseen by the government’s National Cyber Security Centre.
Huawei says that its software has been more rigorously inspected than the software of its rivals because, for example, of the work of the Huawei Cyber Security Evaluation Centre in the UK, which is overseen by the government’s National Cyber Security Centre.
But HCSEC’s Oversight Board deeply criticised Huawei’s software engineering practices in its last report, saying that it could only provide “limited assurance” that risks to national security had been mitigated. The board noted that Huawei’s software vulnerabilities could be exploited by anyone, and were not a sign of Chinese government interference. [Source]
Parallel to worry over the technical risks regarding Huawei have been concerns over ties between the CCP and the firm, and Beijing’s ability to demand cooperation under existing Chinese law and political reality. Earlier this month, The Times reported that the CIA accused Huawei of receiving funding from the Chinese military and state intelligence. Kanishka Singh last week summed up The Times report for Reuters:
The CIA accused Huawei of receiving funding from China’s National Security Commission, the People’s Liberation Army and a third branch of the Chinese state intelligence network, the British newspaper reported, citing a source.
[…] “Huawei does not comment on unsubstantiated allegations backed up by zero evidence from anonymous sources,” a Huawei representative told The Times.
The company, the CIA and China’s Foreign Ministry did not respond immediately to requests for comment. [Source]
The reported CIA accusation came on the heels of an academic report from Fullbright University Vietnam’s Christopher Balding and George Washington University’s Donald C. Clarke probing Huawei’s ownership, concluding that the firm has been misleading on the topic. At The New York Times, Raymond Zhong examines Huawei’s response to the report, and outlines just how complicated the ownership structure of the firm truly is:
[Chief secretary of Huawei’s board of directors] Mr. Jiang [Xisheng]’s explanation boiled down to this: On paper, he said, Huawei is owned by a labor union that solicits donations from employees when their colleagues have health problems and the like. The union also supervises the company basketball club, Mr. Jiang said.
Naturally, it is a little more complicated than that.
Huawei’s ownership is a murky matter because the company has never, in more than three decades of existence, sold shares to the public. The firm says that it is entirely owned by its employees, and that no outside organizations, including any affiliated with the Chinese government, own shares.
But these assurances have never quite dispelled American officials’ suspicions that Beijing and the Communist Party are somehow pulling the strings. Top American officials have also been alarmed by new Chinese laws that require companies to assist in national intelligence work. […] [Source]