Senators want to help the companies compete against Huawei, but China touches everyone’s supply chain.
Representatives for Finnish Nokia and Swedish Ericsson telecommunications companies are eager to help rural U.S. network providers replace equipment from verboten Chinese telecommunications company Huawei but defended their own ties to Chinese institutions during a hearing of the Senate Commerce Committee.
“Nokia does not support the view that either product or geographic isolation are effective,” Mike Murphy, chief technology officer, Americas at Nokia, said testifying before the committee today. “Rather, security is best served by using trusted suppliers.”
Jason Boswell, Ericsson’s head of security for network product solutions, also testified. “We stand ready to assist small carriers replacing equipment from untrusted vendors,” he said.
Now that a bill—H.R. 4998—authorizing $1 billion to be used for rural providers to “rip and replace” the Chinese equipment from their networks is headed to President Trump’s desk, attention turns to Nokia and Ericsson and ways to ensure they can fill the space Huawei’s exit will leave.
Ahead of the hearing, the office of Sen. Mark Warner, D-Va., released industry letters in support of legislation the senator has proposed which, his office said, “would provide over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE.”
Warner’s bill, the Utilizing Strategic Allied (USA) Telecommunications Act, goes all-in on the idea that interfaces from various networking equipment can be made interoperable and thereby introduce a greater diversity of providers into the ecosystem.
The bill is bipartisan, co-sponsored by Intelligence Committee Chairman Richard Burr, R-N.C. It seemed to receive more support today from Senate Commerce Chairman Roger Wicker, R-Miss., who stressed the importance of U.S. participation in international standards-setting bodies. Warner’s bill calls for this in order to promote and establish standards for interoperability.
Attorney General William Barr recently dismissed the interoperability effort, calling for the U.S. to more outrightly get behind an Ericsson and, or, Nokia “horse,” by acquiring a controlling share in one of the companies.
And now, senators such as Colorado Republican Cory Gardner are paying closer attention to the European companies’ own dealings with Chinese entities.
“You never mention Ericsson's presence in China in your testimony, but Ericsson's website talks about the company's long history in China,” Gardner said directing his questions first to Boswell.
He cited the company’s website in noting several joint ventures with Chinese companies, sizable investments in research and training in China, and a joint research institute with the Beijing Institute of Technology.
“Is Chinese-sourced research incorporated into Ericsson’s core network products?” Gardner asked.
Boswell stressed “all of our software is scanned, verified, signed and centrally distributed from Sweden. That gives us tight control and transparency and a chain of custody of that software.”
But after a back and forth, on the question, he said he would have to follow up with the senator.
Answering the same question, Murphy said it was more important to examine a company’s practices than where they are physically, and like Boswell, said there are transparent procedures for vulnerability testing and remediation.
At Nokia, which also uses research based in China, Murphy said, “Ethics and reporting of unethical behavior is mandatory for all employees and is a prerequisite for employment.”
He added: “These activities are independent of country of origin. And that is my final thought, namely that the governance, historical behavior, ethics, and security systems implemented by companies are the true definition of trust.”
“All software goes through a design for security verification test, vulnerabilities must be resolved and documented,” Murphy said, “so the fact that they're physically located in China is kind of a little bit irrelevant in terms of producing a secure product.”