'Really bad business practice': U.S. security experts sound off on Huawei
As European countries grapple with their decision to integrate telecoms equipment maker Huawei into their 5G infrastructure, the Chinese company has gone out of its way to reassure government officials that concerns of a national security risk are unwarranted.
This week, the company opened a cyber security center in Brussels, inviting customers and governments to test the company’s source code, software, and product solutions. Huawei also filed a lawsuit in Texas, arguing that a U.S. ban on government purchases of Huawei products violated the constitution.
China Foreign Minister Wang Yi voiced support for the lawsuit, telling reporters that the scrutiny of Huawei amounted to “political suppression" and that Beijing would take "necessary measures" to protect Chinese businesses.
But U.S. intelligence experts told Yahoo Finance that those efforts at transparency and claims of injustice do little to safeguard against Chinese espionage.
“The big question is why are we investing a substantial amount of money and infrastructure in a company that has in the past stolen intellectual property from the United States [and] Europe-based companies in an effort to promote their own,” said Dave Kennedy, a former U.S. government hacker and founder of TrustedSec, a cyber security firm that works closely with the U.S. and European governments. “It’s just really, really bad business practice.”
Huawei’s domination of market share
Europe has become an increasingly important market for Huawei’s success outside of China, accounting for the company’s second-largest market globally. European leaders have so far pushed back against the U.S. narrative that any use of Huawei equipment would compromise national security and intelligence sharing operations among the Five Eyes alliance.
And overall, according to Dell’Oro Group telecommunication infrastructure research, Huawei leads the global telecom equipment market.
Countries like the UK and Germany have been especially vocal about the risks a Huawei ban would pose on their abilities to keep up with 5G technology as the US and China look to roll out the next generation mobile network this year. Instead, they’ve hinted at a compromise that amounts to a strategy of containment — agreeing to use Huawei equipment but compelling the company to offer up its source code, reducing the number of Huawei components used, and drawing up a bilateral pledge not to conduct cyber espionage.
Kennedy said that given the complexities of the 5G buildout, there’s no guarantee that the source code Huawei shares with intelligence agencies will be what is ultimately used.
“There’s definitely a bait and switch that can happen,” Kennedy said. “A company can provide source that is clean and looks good but what actually makes it into the product, the build cycle of that technology is where the rubber meets the road.”
‘How hard is it for Chinese intelligence to put somebody inside the Ericsson plant?‘
The standoff between the U.S. and China has intensified as mobile carriers look to award contracts that establish the foundation of the next generation mobile network. 5G is expected to allow data to be transferred at speeds that are 100 times faster than current 4G networks, enabling machine to machine communication. (Disclosure: Yahoo Finance parent company Verizon is among the companies developing 5G technology.)
Ang Cui, the founder of embedded device security and research company Red Balloon Security, told Yahoo Finance that the stakes are particularly high given the economic, intelligence, and military edge that 5G technology would provide to a government.
“Every single room we move into, every car that we drive, any aspect of our modern existence will be directly be connected to this network,” Cui said. “Whoever gets control and dominance of that infrastructure will have access to all that data.”
Huawei executives have repeatedly maintained that a national intelligence law does not compel Chinese companies to create backdoors at the directive of the government. Founder Ren Zhengfei told CBS News he would “firmly reject” a government request, even if the law required him to follow orders. And Rotating Chairman Guo Ping framed the U.S. attack on the company as a “fusillade” stemming from America’s “desire to suppress a rising technological competitor.”
However, Huawei may not have a choice in the matter. Cui explained that the complex supply chain networks need to build the next generation network could be compromised without the knowledge of the company. And beyond Huawei, foreign competitors Ericsson and Nokia partner with factories in China, making the 5G vetting process even more difficult.
“Less [Chinese] equipment doesn’t mean less risk,” Cui said. “How hard is it for Chinese intelligence to put somebody inside the Ericsson plant?”
‘Direct proof that you cannot trust the Chinese government and their technology’
Kennedy specifically questioned the effectiveness of a bilateral “no-spy” agreement Germany’s national cyber security agency has advocated, given mixed results of the U.S.-China cyber deal signed in 2015.
While the U.S. National Counterintelligence and Security Center said the mutual commitment not to conduct cyber theft led to a reduction in Chinese attacks, Kennedy asserted that attacks targeting the intellectual property of American companies had increased 600% in the last 6 months as the trade war has escalated.
“That’s direct proof that you cannot trust the Chinese government and their technology,” he said. “You might have an agreement in place but they’ll throw it out the window when hard times come.”
Akiko is a reporter and anchor for Yahoo Finance. Follow her on Twitter.
READ MORE: How China steals U.S. secrets
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, YouTube, and reddit.