Alliance members should look to mimic Britain, which created an entire government office to scrutinize Huawei’s products for security problems.
Cheap Chinese 5G technology isn’t all that cheap when you factor in the government time and resources needed to make it safe—or at least safer—to use, a new NATO Center of Excellence report says.
That’s the warning from a new report by the NATO's Cooperative Cyber Defence Centre of Excellence, or CCDCOE, which notes the considerable risks of importing next-generation telecom equipment from Chinese hardware and software maker Huawei. Acknowledging that alliance governments are unlikely to issue the “blanket bans” sought by U.S. officials, the report recommends instead a lot more government supervision of what companies like Huawei are building.
U.S. Defense Undersecretary Ellen Lord and Joint Chiefs Chairman Gen. Joe Dunford have highlighted the risk of Chinese-made 5G equipment, while Secretary of State Mike Pompeo has said that the United States would have a hard time “partnering” with countries that import it. “If that equipment is co-located where we have important American systems, it makes it more difficult for us to partner alongside them” Pompeo said in February.
U.S. lawmakers have expressed concern about Huawei and its opaque relationship to the Chinese military since at least 2012.
The CCDCOE paper notes that Huawei’s lead in developing products built to the new high-speed, low-latency standard puts it in position to furnish core infrastructure components to many countries and telecoms that are urgently looking to upgrade mobile networks. “There are as of yet no equivalent alternatives to Huawei 5G technology,” it says. (The NATO Center of Excellence lies outside of the NATO command structure. While it is accredited by NATO, it doesn't speak on NATO's behalf.)
This could have a major effect on data security for governments and militaries. “Huawei would provide critical components in systems of strategic importance for society, including security services and the military, both due to the latter’s partial reliance on these systems and a mandate to protect them during crisis,” it says.
Pompeo’s rhetoric aside, the United States itself is inching closer to accepting the inevitability of Chinese companies making parts for America’s future mobile networks.
“We are going to have to figure out a way in a 5G world that we’re able to manage the risks in a diverse network that includes technology that we can’t trust,” Sue Gordon, Principal Deputy Director of National Intelligence, said at a recent conference.
So how do you manage the risks?
U.K. defense officials say they have careful and nuanced attitude. “We’re taking—rather than sort of a blanket approach to it—we’re taking a very sophisticated approach to it which entails understanding of the threats and the risks, understanding what the networks would entail,” Britain’s Vice Chief of Defence Staff, Gen. Gordon Messenger, told reporters in March.
The U.K. has kept a close eye on Huawei since 2010, when Britain's National Cyber Security Centre, or NCSC, created an office specifically to scrutinize the company’s products with the care and prudence one might employ in handling a dangerous, powerful, radioactive substance. Center officials publish regularly on the various security issues they find. Just last week, they released a report revealing “serious and systematic defects in Huawei’s software engineering and cybersecurity competence.”
The CCDCOE paper surmises that this kind of careful and consistent government attention, rather than a blanket ban, is the only way to address the risks posed by Huawei. “The head of NCSC recently recognized that this detailed, formal oversight, building on a decade of formally agreed mitigation strategy and detailed provision of information, means that the UK regime is arguably the toughest and most rigorous oversight regime in the world for Huawei, and that it is proving its worth,” it says.
The paper also recommends that governments carefully track the use of Chinese products by federal agencies and sensitive industries, and to keep Huawei products away from anything that might have national security implications, such as critical infrastructure.
The use of Chinese 5G gear will be discussed at NATO’s policy planning conference this week. “It is as important for NATO as it is for us. How the European countries address Chinese involvement across all of their sectors is central to American security,” Kiron Skinner, who runs policy planning at the State Department, told reporters yesterday. “There will be more discussion with the NATO partners about that issue as well.”
Benedetta Berti, a NATO foreign policy expert, told reporters, “I think this is something we are starting to discuss as an alliance. I think that is per se significant… As an alliance, when we talk about the future of our security, we will have to factor in the role of emerging powers including China.”
While there is considerable agreement about the growing influence Chinese telecom and the risks that influence poses, there is less consensus about what to do about it.
“That we are having this discussion points to our success, actually,” said Maciej Pisarski, who leads policy planning at the Polish Ministry of Foreign Affairs.