The British government last week unveiled a new policy on Huawei’s role in the U.K.’s nascent 5G cellular network amid suspicion of Chinese authorities’ influence over the firm. Huawei has been labeled a “high-risk vendor,” and therefore barred from “core” and other sensitive parts of the network, and limited to 35% market share elsewhere. The decision fell short of the strict ban urged by the U.S., Huawei’s most vocal detractor, which had threatened both the two countries’ deep security cooperation and “totemic” post-Brexit trade negotiations if it did not get its way. The U.K., like other countries, has faced similar pressure in the opposite direction from China. The Guardian reported last week that although Prime Minister Boris Johnson faced possible rebellion from his own MPs and criticism from some prominent Republicans after the decision, the U.S. appeared to have somewhat softened its position. House Republicans, though, introduced a resolution condemning the U.K.’s choice on Monday.
Wired’s Garret M. Graf, author of an in-depth recent piece on U.S. moves against Huawei, cited the decision as one of several indications “that the Trump administration might have already lost one of its important geopolitical campaigns“:
[…] In the end, the technological world may actually just be too complex, the global supply chains too interwoven, and the networks that drive modern life too interconnected to draw the bright lines that the Trump administration wants. What that ultimately means for security and privacy remains an open question.
[…] Now, as it weighs how to proceed, the US must confront a difficult question: Is it really prepared to cut off intelligence sharing with key partners who open their doors to Huawei? And if so, will it ultimately hand China yet another victory by weakening the very global alliance that could counter the rising superpower? [Source]
At The Telegraph, the Royal United Services Institute’s Raffaello Pantucci described the process leading up to the U.K. decision as “an immature discussion that let the conversation about Huawei turn into a proxy for a discussion about China, reducing the debate to a false binary choice between Washington and Beijing.” At The Spectator, RUSI’s Charles Parton also suggested looking beyond entanglement with ongoing Sino-U.S. tensions: “forget the Americans, if you wish, on the grounds that they are ideologues. But why has Australia, for whom China is a key trading partner, banned Huawei?” One authoritative answer came last week with a blog post from Simeon Gilding, former head (until December) of the Australian Signals Directorate’s signals intelligence and offensive cyber missions, now a senior fellow at the Australian Strategic Policy Institute. Gilding described the British stance as “disappointing” and premature, and a doubling down “on a flawed and outdated cybersecurity model” involving close official scrutiny of Huawei products and a misconceived distinction between core and peripheral technology.
We developed pages of cybersecurity mitigation measures to see if it was possible to prevent a sophisticated state actor from accessing our networks through a vendor. But we failed.
We asked ourselves, if we had the powers akin to the 2017 Chinese Intelligence Law to direct a company which supplies 5G equipment to telco networks, what could we do with that and could anyone stop us?
We concluded that we could be awesome, no one would know and, if they did, we could plausibly deny our activities, safe in the knowledge that it would be too late to reverse billions of dollars’ worth of investment. And, ironically, our targets would be paying to build a platform for our own signals intelligence and offensive cyber operations.
[…] Cybersecurity is all about raising the costs for the attacker. Network access through vendors—which need to be all over 5G networks to maintain their equipment—effectively reduces the access cost to zero.
[…] When you are one update away from being owned, a code review cannot provide any confidence that the code you checked reflects the code in your network. Even with expensive oversight by cleared personnel, it would be hard to spot malware developed by a top-notch intelligence agency, especially when the network is down and your customers are screaming. [Source]
At The Sydney Morning Herald, Nick McKenzie and Anthony Galloway followed up on Gilding’s post:
Huawei Australia’s spokesman Jeremy Mitchell says ASD’s assessment relied on at outdated understanding of how 5G will work. He argues that multiple vendors can help run parts of a 5G network, mitigating the risk of compromise.
[…] Mitchell also says that if ASD’s concern is really about China, then it should equally apply to the other key players in the 5G debate, Nokia and Ericsson, as both manufacture in China and could also theoretically face demands from the government. Huawei is hoping the British decision will be replicated across the world and may even force a rethink in Australia and the US.
But in Canberra, Gilding thinks this is unlikely. Contrary to multiple press reports that assert Malcolm Turnbull simply followed US president Donald Trump’s lead when banning Huawei in 2018, Gilding insists the decision was made on his team’s advice about how to best protect Australia. That advice has not changed and is unlikely to, given the man who signed off on Gilding’s work, former ASD director Mike Burgess, now heads ASIO.
Sources close to Malcolm Turnbull also point out it was Turnbull who forcefully briefed Donald Trump about the need to ban Huawei from 5G, rather than the other way around. Despite this, Huawei continues to push the line that Australia has been dancing to Trump’s tune when it comes to Huawei. [Source]
Huawei was placed on the defensive elsewhere last week, following reports in a German newspaper of an alleged “smoking gun” for the company’s collusion with Chinese authorities. From Douglas Busvine and Andreas Rinke at Reuters:
“Huawei Technologies has never, and will never, do anything to compromise the security of networks and data of its customers,” the Chinese company said in response to the report in the Handelsblatt business daily.
“The Handelsblatt article repeats old, unfounded allegations without providing any concrete evidence whatsoever.”
The Handelsblatt report cited a confidential foreign ministry document that intelligence shared by U.S. officials represented a “smoking gun” that meant Chinese companies were unsafe partners for building next-generation 5G mobile networks.
“At the end of 2019, intelligence was passed to us by the U.S., according to which Huawei is proven to have been cooperating with China’s security authorities,” the newspaper cited the document as saying.
The German foreign ministry said it did not comment on internal documents as a matter of policy. [Source]
The European Union last week announced non-binding recommendations along similar lines to the U.K. decision. At the European Council on Foreign Relations, Janka Oertel argued that the recommendations were more aggressive than they might appear, and “should be read very comprehensively as part of Europe’s attempts to strengthen its defensive mechanisms against the systemic challenge from China.”
In the entire document, there is no mention at all of China, or leading Chinese telecommunications firms Huawei and ZTE. This comes as little surprise. But the toolbox is crystal-clear in the direction it sets: high-risk vendors (read: Huawei and ZTE) will have to be restricted or excluded from sensitive parts of the network in order to mitigate the risk of state interference through the 5G supply chain. The sensitive parts of the network are explicitly not limited to “core” functions, but also include the access network, which the October 2019 EU Risk Assessment already underlined. The toolbox directly acknowledges the strategic and technical risks in this issue. It states that the strategic risks cannot be mitigated with technical measures alone, and it points to the need for a political and regulatory response, especially when it comes to the “risk of interference by a third country or dependency risks”.
[…] Brussels remains realistic about applying these measures. As such, the toolbox indicates that an outright ban on high-risk vendors will unlikely lead to the best and most favourable economic results. Its reasonable suggestion is that each member state, depending on its specific timeframe of deployment, should devise a plan for reducing dependencies. In other words, the commission provides member states with a roadmap to slowly wean themselves off high-risk vendors at the same time as they proceed with upgrading their infrastructure. It suggests that member states should consider exclusions and restrictions within normal cycles of replacement, thus creating a transition period to mitigate the economic impact of replacing existing kit from Chinese vendors. [Source]
In Canada, which has yet to announce a position and is even more deeply entangled by the ongoing extradition process against Huawei CFO and founder’s daughter Meng Wanzhou, Public Safety Minister Bill Blair said that the U.K. decision “requires careful examination.” In an op-ed at The Globe and Mail, the University of Ottawa’s Wesley Wark suggested that “Britain’s 5G announcement has long been awaited and may be considered a shield by the Liberal government, should it consider adopting a similar policy on Huawei.”
Amid the various apparent failures of the Trump administration’s campaign to turn other countries against Huawei, its broader policy on technological rivalry has boosted Chinese moves toward technological self-sufficiency, as The Financial Times’ Yuan Yang explored in a “Big Read” feature article last month. Huawei executives commented on this situation in Politico’s weekly Morning Tech newsletter last week:
“We want to continue with those relationships [with U.S. chipmakers] and we also, though, are willing to go our own way and rely on our own sources in China and also East Asia and Europe rather than the U.S.,” Glenn Schloss, head of global communications for Huawei, said in an interview. Schloss said there is a “growing awareness” that Huawei’s placement on the entity list is affecting the company’s supply chain, but a “plan b” was put in place before the U.S. took action.
[…] A request that would allow Google to license its popular Android mobile operating system for new Huawei devices is still outstanding, Huawei executives told POLITICO. It’s a key arrangement for both companies, as Huawei trails only Samsung, the world’s largest smartphone maker. A Google spokesperson said the company has a temporary license to service Huawei phones that were on the market before the Commerce Department’s restrictions went into effect last May.
“The business relationship with Google is very, very important. We’re reluctantly pursuing an alternative to it that we will achieve and we will end up probably making a whole lot more money than we did before,” said Andy Purdy, Huawei’s chief security officer. Nevertheless, he added, “We hope that the license will be granted to Google so we can maintain the relationship.” Huawei’s alternative is a system originally developed for connected commercial devices, called Harmony, which Schloss said can be adapted into a mobile operating system. “We have the capability to do something similar and consumers globally may welcome a non-U.S. operating system,” he said. [Source]
The post including the Huawei interviews is sponsored, somewhat incongruously, by 5G Action Now. Chaired by a former House Permanent Select Committee on Intelligence chairman, Michigan Republican Mike Rogers, the organization aims “to elevate the conversation regarding American national security and the economic benefits of winning the 5G innovation and deployment battle against China.” Politico reported elsewhere that the group “has hired Republican lobbyists and consultants at a rapid clip since its launch earlier this month.”