recommended reading

China’s defense of Huawei? U.S. tech companies spy too

Zeus Kerravala, principal analyst with ZK Research.

Zeus Kerravala, principal analyst with ZK Research. // Flickr user Alex Dunne

China could retaliate if the U.S. government excommunicates Chinese technology firm Huawei by reciprocating charges of cyberespionage and denying American tech companies market access, some industry analysts say.

The results of a nearly yearlong congressional probe into the second-largest telecommunications firm in the world suggests Huawei facilitates wiretaps for the Chinese government through the equipment it sells stateside. The House Intelligence Committee, which released the findings Monday, has since alerted U.S. companies doing business with Huawei and ZTE to use another vendor.

“I thought of this from the reverse side. What if the Chinese government had accused us of this?” questioned Zeus Kerravala, principal analyst with ZK Research. “Wouldn’t we be in an uproar?”

One could argue American firms have similar U.S. government ties. Post-Sept. 11 rules enforcing the 2001 USA Patriot Act and updating the 1994 Communications Assistance for Law Enforcement Act, or CALEA, require U.S. telecommunications carriers and manufacturers to build backdoors into networks allowing U.S. authorities to intercept messages.

“I do believe the Chinese could view [federal wiretap rules] as a clandestine way of U.S. officials spying on foreign citizens,” Kerravala said.

William Plummer, Huawei vice president of external affairs, has warned of reprisals from foreign governments in response to the House panel’s conclusions. Blocking Huawei from doing business in the United States would set a "monstrous, market-distorting, trade-distorting policy precedent that could be used in other markets against American companies,” he has said.

Alienating the Shenzhen, China-based firm and its homeland could backfire on U.S. companies that depend on Chinese parts, Kerravala said. “Cisco and other U.S. manufacturers buy components from China. What if the components had backdoors? You could take this to the nth degree and by default you’re saying, ‘Don’t take or buy anything from China,’ ” he said.

Kerravala added that barring Huawei also could hurt U.S. innovation, which has benefitted from increased foreign competition. “Has Huawei put price pressure on the market? Absolutely. But good companies adapt their sales models accordingly,” he said.

According to former personnel, however, Huawei cheats by disregarding the intellectual property rights of U.S. companies -- a claim that Huawei denies. The House report did not name the former Huawei employees.

The unclassified account accuses Huawei and ZTE, a smaller Chinese telecom company, of selling products that pose a national security threat but stops short of identifying specific technical vulnerabilities.

“Companies around the United States have experienced odd or alerting incidents using Huawei or ZTE equipment,” the report stated. “Opportunities to tamper with telecommunications components and systems are present throughout product development, and vertically integrated industry giants like Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems . . . China may seek cooperation from the leadership of a company like Huawei or ZTE for these reasons.”

Kerravala said, “The whole premise of that report is based on a lot of innuendo.”

Former U.S. intelligence officials said the concerns Congress aired may be above Huawei’s pay grade. It is widely believed that the Chinese government exercises financial and legal control over all China-based company decisions and public disclosures.

“In many ways, it’s not Huawei’s fault. It’s the Chinese government’s fault, which is why you’re not seeing the same thing with Sony-Ericsson,” a Japanese telecom company, said Dave Aitel, a former National Security Agency computer scientist and now chief executive officer of cybersecurity firm Immunity Inc. Huawei officials “have to answer to the Chinese communist party. They could not explain in the end who controls the company” to House investigators.

Other foreign countries may be more accepting of America’s trapdoors than China’s Trojan software, because U.S. organizations are not known for being “the world's most active and persistent perpetrators of economic espionage" as the Office of the Director of National Intelligence called Chinese actors in 2011.  

The worry about Huawei is less about company officials “Trojaning their systems. It’s about whether Huawei can play by the rules,” Aitel said.

U.S. firms sometimes are able to quell foreign governments’ fears by, for instance, providing open source products that reveal their programs’ underlying code, said Aitel, whose company exposes its source code.

Huawei unsuccessfully offered U.S. officials independent inspections of its products to prove the Chinese government cannot activate features to trigger cyberwarfare. House lawmakers argued that such postproduction evaluations might not catch all malicious code. And technology can behave differently after it is deployed.

Upgrades, maintenance and service vendors “will affect the ongoing security of the network,” the report stated. “It is highly unlikely that a security evaluation partnership such as that proposed by Huawei or ZTE, independent of its competence and motives, will be able to identify all relevant flaws in products the size and complexity of core network infrastructure devices.”

Kerravala acknowledged that Huawei could improve its business dealings through better external corporate communications. “If ZTE and Huawei do want to be treated as a credible alternative in the United States, they need to provide the same level of access” to the media as American businesses, he said.

Huawei has recruited a number of well-connected former U.S. officials to help expand its stateside operations.

Huawei officials declined to comment for this story.

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.