Cybersecurity

China’s defense of Huawei? U.S. tech companies spy too

Zeus Kerravala, principal analyst with ZK Research.

Zeus Kerravala, principal analyst with ZK Research. // Flickr user Alex Dunne

China could retaliate if the U.S. government excommunicates Chinese technology firm Huawei by reciprocating charges of cyberespionage and denying American tech companies market access, some industry analysts say.

The results of a nearly yearlong congressional probe into the second-largest telecommunications firm in the world suggests Huawei facilitates wiretaps for the Chinese government through the equipment it sells stateside. The House Intelligence Committee, which released the findings Monday, has since alerted U.S. companies doing business with Huawei and ZTE to use another vendor.

“I thought of this from the reverse side. What if the Chinese government had accused us of this?” questioned Zeus Kerravala, principal analyst with ZK Research. “Wouldn’t we be in an uproar?”

One could argue American firms have similar U.S. government ties. Post-Sept. 11 rules enforcing the 2001 USA Patriot Act and updating the 1994 Communications Assistance for Law Enforcement Act, or CALEA, require U.S. telecommunications carriers and manufacturers to build backdoors into networks allowing U.S. authorities to intercept messages.

“I do believe the Chinese could view [federal wiretap rules] as a clandestine way of U.S. officials spying on foreign citizens,” Kerravala said.

William Plummer, Huawei vice president of external affairs, has warned of reprisals from foreign governments in response to the House panel’s conclusions. Blocking Huawei from doing business in the United States would set a "monstrous, market-distorting, trade-distorting policy precedent that could be used in other markets against American companies,” he has said.

Alienating the Shenzhen, China-based firm and its homeland could backfire on U.S. companies that depend on Chinese parts, Kerravala said. “Cisco and other U.S. manufacturers buy components from China. What if the components had backdoors? You could take this to the nth degree and by default you’re saying, ‘Don’t take or buy anything from China,’ ” he said.

Kerravala added that barring Huawei also could hurt U.S. innovation, which has benefitted from increased foreign competition. “Has Huawei put price pressure on the market? Absolutely. But good companies adapt their sales models accordingly,” he said.

According to former personnel, however, Huawei cheats by disregarding the intellectual property rights of U.S. companies -- a claim that Huawei denies. The House report did not name the former Huawei employees.

The unclassified account accuses Huawei and ZTE, a smaller Chinese telecom company, of selling products that pose a national security threat but stops short of identifying specific technical vulnerabilities.

“Companies around the United States have experienced odd or alerting incidents using Huawei or ZTE equipment,” the report stated. “Opportunities to tamper with telecommunications components and systems are present throughout product development, and vertically integrated industry giants like Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems . . . China may seek cooperation from the leadership of a company like Huawei or ZTE for these reasons.”

Kerravala said, “The whole premise of that report is based on a lot of innuendo.”

Former U.S. intelligence officials said the concerns Congress aired may be above Huawei’s pay grade. It is widely believed that the Chinese government exercises financial and legal control over all China-based company decisions and public disclosures.

“In many ways, it’s not Huawei’s fault. It’s the Chinese government’s fault, which is why you’re not seeing the same thing with Sony-Ericsson,” a Japanese telecom company, said Dave Aitel, a former National Security Agency computer scientist and now chief executive officer of cybersecurity firm Immunity Inc. Huawei officials “have to answer to the Chinese communist party. They could not explain in the end who controls the company” to House investigators.

Other foreign countries may be more accepting of America’s trapdoors than China’s Trojan software, because U.S. organizations are not known for being “the world's most active and persistent perpetrators of economic espionage" as the Office of the Director of National Intelligence called Chinese actors in 2011.  

The worry about Huawei is less about company officials “Trojaning their systems. It’s about whether Huawei can play by the rules,” Aitel said.

U.S. firms sometimes are able to quell foreign governments’ fears by, for instance, providing open source products that reveal their programs’ underlying code, said Aitel, whose company exposes its source code.

Huawei unsuccessfully offered U.S. officials independent inspections of its products to prove the Chinese government cannot activate features to trigger cyberwarfare. House lawmakers argued that such postproduction evaluations might not catch all malicious code. And technology can behave differently after it is deployed.

Upgrades, maintenance and service vendors “will affect the ongoing security of the network,” the report stated. “It is highly unlikely that a security evaluation partnership such as that proposed by Huawei or ZTE, independent of its competence and motives, will be able to identify all relevant flaws in products the size and complexity of core network infrastructure devices.”

Kerravala acknowledged that Huawei could improve its business dealings through better external corporate communications. “If ZTE and Huawei do want to be treated as a credible alternative in the United States, they need to provide the same level of access” to the media as American businesses, he said.

Huawei has recruited a number of well-connected former U.S. officials to help expand its stateside operations.

Huawei officials declined to comment for this story.

Threatwatch Alert

Cyber espionage / Social engineering / Man-in-the-middle attack

Apple Chief Talks with Chinese Official after Alleged Nation State iCloud Hack

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// 4:18 PM ET
X CLOSE Don't show again

Like us on Facebook