Huawei: The company and the security risks explained

(c) Sky News 2019: <a href="http://news.sky.com/story/huawei-the-company-and-the-security-risks-explained-11620232">Huawei: The company and the security risks explained</a>
 

Huawei is a Chinese business which has grown to become the world's largest telecommunications equipment vendor.

Reports of its equipment being banned as nations seek to develop their 5G networks show little sign of stopping, and Western bodies including the EU and NATO have been called on to establish a joint position on their security risks.

Huawei's equipment occupies every step of the network chain between our laptops and phones through to the data centres hosting the content we want to access.

Although it sells those user devices too, its equipment is especially prominent in the parts of the network closer to the data centres and it's this equipment which is raising concerns.

Network (BSE: NETWORK.BO - news) switches, gateways, routers, and bridges - the kit that controls how and where data is sent - is what Huawei really does. These infrastructure devices touch everything traversing the internet and are critical to it functioning properly.

As Huawei is the biggest player in what is a critical part of modern infrastructure, it is an obvious and necessary candidate for scrutiny. In general, the results of that scrutiny have not been favourable.

Concerns about Beijing

Three nations in the intelligence alliance Five Eyes, the US, Australia, and New Zealand, have effectively prohibited the installation of Huawei equipment as part of the next generation of telecommunications equipment.

The remaining two members, the United Kingdom and Canada, are expected to state their position within the coming months, with the UK's National Cyber Security Centre having previously published warnings about the company's security standards.

Elsewhere, nations including India and Germany have expressed their concerns about including Huawei equipment as they upgrade telecommunications infrastructure for 5G.

Two men working in the Polish telecommunications industry were detained earlier this month on suspicion of spying: a Chinese man employed by Huawei, formerly an attache at the Chinese consulate in Gdansk; and a Polish national who was formerly a counter-intelligence officer. The Huawei employee was immediately sacked for the bringing the company into disrepute.

In the face of this criticism and suggestions of impropriety, the company has consistently pointed out that there has never been any evidence suggesting its equipment is more faulty or suspicious than that of its competitors.

Security connections

Huawei was founded in China in 1987 by Ren Zhengfei, formerly an engineer in the People's Liberation Army. His connections to the military and to the Communist Party, alongside those of senior Huawei executives, have been cited as a security concern for foreign customers.

Alongside this, even if there is no evidence of bad action on behalf of the company, Western security officials have been especially wary of China's foreign policy, including its alleged ambitions to use business ties in foreign countries as elements of warfare.

Much of this wariness can trace its origin to 1999, when two Chinese Air Force colonels published a book of military strategy which was translated into English as Unrestricted Warfare and which described the strategy needed to win a conflict with the US.

It formulated the idea that non-military means can be used to challenge a rival nation, including attacking telecommunications networks, or what might be called cyber war.

Academics including Ofer Fridman, an expert in modern warfare, have suggested that the translated title is more incendiary than the original Chinese phrase - which could be read "warfare beyond boundaries" - but the assumed sentiment has influenced Western thought about China.

Economic warfare also comprised a section of the book, and in December, the Five Eyes alliance and others collectively condemned China for its active cyber espionage activities, declaring that it was engaging in the hostile theft of intellectual property.

Although a spokesman for the Polish security services said the allegations in the Polish espionage case related to individual actions and were not linked directly to Huawei, the ability - as alleged - for the Chinese state to place a spy within the company's staff will further worry Western nations over the potential risks posed by working with Huawei.

Spying or worse

Huawei's networking equipment could potentially facilitate espionage, although it has not been detected doing so, and any evidence that Huawei equipment manipulated or monitored the data it routed would lead to an immediate response from all companies using it. It would have to be a single-time action.

This has prompted the concern that the equipment could be made to not function by the company, or the Chinese government, to essentially take down telecommunications infrastructure during a time of international crisis. Such a move would inevitably compound the crisis and potentially have a critically damaging impact on the West's ability to respond to Beijing's action.

As described by the Australian government, Huawei was "likely to be subject to extrajudicial directions from a foreign government" and as such it would not be capable of resisting directions from Beijing to include a capacity to bring down the network or to manipulate the traffic its devices handled.

Certainly it seems as if Western nations assess that Beijing harbours such intentions, and this then is the risk that Western nations are being forced to measure: Can they include Huawei's equipment within critical national infrastructure and be confident that it would not be used against them?