Threat or Not, Countries Still Work With Huawei
Huawei is the second largest telecommunications provider in the world, with deployed products and solutions in over 140 countries, indicating that the majority of the countries in the world do not fear Huawei as an intelligence threat. In 2011, Huawei’s enterprise business experienced rapid growth, with its sales revenue reaching CNY9,164 million, a year-on-year increase of 57.1%. Sales increased 60.8% year-on-year when adjusted for currency exchange rate effects. This growth was attributable mainly to expanded offerings in Huawei’s overseas markets. [13] Huawei has set up 23 research centers in Germany, Sweden, the UK, France, Italy, Russia, India, China, and other countries, according to the company’s website.[14]
- The United Kingdom (UK), one of the United States greatest partners and closest allies, shares equal security concerns about Huawei. The UK established an independently managed Cyber Security Evaluation Center that conducts independent reviews of Huawei’s equipment and software deployed to the UK’s telecommunications’ infrastructure.[15]
- In 2012, in an effort to achieve transparency, Huawei offered Australian authorities unrestricted access to its code and hardware to prove that it’s not a threat.[16] In 2013, Huawei supported the creation of an Australian Cyber Security Center development to test the security credentials being implemented into critical infrastructure.[17]
- U.S. companies, particularly those in IT, continue to invest in China despite the alleged “intelligence” threat. Dell,[18] Intel,[19] Hewlett Packard,[20] Boeing,[21] and General Electric[22] are intending to substantially invest in China over the next years.
Conclusion
The United States used to be on the forefront of IT development, manufacturing, and services. With globalization, the U.S. opted to favor outsourcing as a means of spurring industry growth and profits, and consequently, fostered dependence on an international supply chain. A national strategy to address this concern has been formed by the White House, but is it needed?
Several elements need to be factored into national strategies such as milestones, performance measures, cost and resources, and roles and responsibilities, to name a few. All of this requires a significant investment in time, personnel, financial backing, policy development, oversight, accountability metrics, compliance penalties, etc., across public and private domains to address a threat that is just too large and too decentralized to mitigate effectively.
Risk can be managed, and every effort should be made to verify and validate IT equipment used by our critical infrastructures and national security apparatus. Similar programs like the one instituted in the UK addresses these very concerns and demonstrate how collaboration with an IT vendor would work. The benefits are substantial and mutual. For the customer, such partnering will aid in the immediate detection of defective or poor quality equipment prior to its implementation into key networks, thus ensuring the confidentiality, integrity, and availability of original equipment. For the vendor, rigorous testing information is supplied to product engineers bolstering their abilities to make stronger, more durable products. However, this is only possible by embracing these types of partnerships, not hiding from them.
If the U.S. wants to levy policies to enforce an economic protectionism, then so be it. It is entirely within their right to say they don’t want Chinese companies to gain a niche in their market. But it shouldn’t hide behind national security as an excuse for these economic policies, nor should it send mixed messages to Beijing that repeat how China is a partner and welcomed to invest in all things American.[23] The United States encouraged the very globalization that it now sees as a threat. If the U.S. fears companies like Huawei, then the government needs to be transparent and public with its findings. If not, it risks losing out on opportunities to strengthen its position as a global partner as well as proactively helping to strengthen the very networks it’s worried about being compromised.
References
[1] Dancho Danev, “China’s ‘secure’ OS Kylin – a threat to U.S offensive cyber capabilities?” Zdnet, May 13, 2009, accessed at: http://www.zdnet.com/blog/security/chinas-secure-os-kylin-a-threat-to-u-s-offensive-cyber-capabilities/3385
[2] Ellyne Phneah, “India Developing own OS to Boost Cybersecurity,” ZDnet, December 21, 2012, accessed at: http://www.zdnet.com/in/india-developing-own-os-to-boost-cybersecurity-7000009118/
[3] John E Dunn, Paranoia Drives Iran to Develop Homegrown Antvirus Program,” TechWorld, May 3, 2012, accessed at: http://news.techworld.com/security/3355680/paranoia-drives-iran-to-develop-homegrown-antvirus-program/
[4] Ryan Whitwam, “Russia to Create National Operating System,” Maximum PC, October 27, 2010, accessed at: http://www.maximumpc.com/article/news/russia_create_national_operating_system
[5] Isha Suri,“Iran to Establish Its Own Cyber Defense Headquarters,” Silicon Angle, July 25, 2012, accessed at: http://siliconangle.com/blog/2012/07/25/iran-to-establish-its-own-cyber-defense-headquarters/
[6] Government Accountability Office, “IT Supply Chain: National Security-Related Agencies Need to Better Address Risks,” GAO-12-361, March 2012, accessed at: http://www.gao.gov/assets/590/589568.pdf
[7] Carnegie Mellon University, Software Engineering Institute, “Evaluating and Mitigating Software Supply Chain Security Risks,” CMU/sei-2010-tn-016, May 2010, p. 16, accessed at: http://www.sei.cmu.edu/reports/10tn016.pdf
[8] Government Accountability Office, “IT Supply Chain: National Security-Related Agencies Need to Better Address Risks,” GAO-12-361, March 2012, accessed at: http://www.gao.gov/assets/590/589568.pdf
[9] Government Accountability Office, “IT Supply Chain: National Security-Related Agencies Need to Better Address Risks,” GAO-12-361, March 2012, accessed at: http://www.gao.gov/assets/590/589568.pdf
[10] “Emerging Cyber Threats Report 2013,” Georgia Tech Institute of Technology, accessed at: http://www.gtsecuritysummit.com/pdf/2013ThreatsReport.pdf
[11] General Accountability Office, “IT Supply Chain,” GAO-12-361, March 2012, accessed at: http://www.gao.gov/assets/590/589568.pdf
[12] Jason Dedrick and Kenneth L. Kraemer, “Globalization of Innovation: The Personal Computing Industry,” Alfred P. Sloan Foundation, Industry Studies 2008, accessed at: http://web.mit.edu/is08/pdf/Globalization%20of%20Innovation%20PC.PDF
[13] Huawei, “Huawei Investment Holding Co., Ltd. 2011 Annual Report,” accessed at: http://www.huawei.com/ucmf/groups/public/documents/attachments/hw_126991.pdf
[14] Huawei Website, “Research and Development,” accessed at: http://www.huawei.com/en/about-huawei/corporate-info/research-development/index.htm.
[15] U.S. House of Representatives; “Investigative Report on the U.S. National Security Issues posed by Chinese Telecommunications Companies Huawei and ZTE,” October 8, 2012, accessed at: http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Huawei-ZTE%20Investigative%20Report%20%28FINAL%29.pdf
[16] Lisa Vaas, “National Security Threat or Not? Huawei Offers Australia Unrestricted Access to Code,” NakedSecurity.com, October 25, 2012, accessed at: http://nakedsecurity.sophos.com/2012/10/25/huawei-australia/
[17] Hafizah Osman, “Huawei Supports Australian Cyber Security Centre Development,” Arnnet.com, January 23, 2013, accessed at: http://www.arnnet.com.au/article/451519/huawei_supports_australian_cyber_security_centre_development_/
[18] China Daily, December 15, 2010, “Dell to Double Investment in China to $250b by 2020,” accessed at: http://www.chinadaily.com.cn/business/2010-12/15/content_11704983.htm
[19] Aaron Back, April 12, 2012, “Intel, China’s Tencent to Join on R&D,” Market Watch, accessed at: http://www.marketwatch.com/story/intel-chinas-tencent-to-join-on-rd-2011-04-12
[20] China Economic Review, June 30, 2011, “HP Announces R&D Expansion in China,” accessed at: http://www.chinaeconomicreview.com/content/hp-announces-rd-expansion-china
[21] Navjot Kaur, March 15, 2012”Boeing’s Baby Steps in China,” The Motley Fool, accessed at: http://www.fool.com/investing/general/2012/03/15/boeings-baby-steps-in-china.aspx
[22] Ying Wang and Rachel Layne, November 9, 2010, “General Electric Plans to Invest $2 Billion in China,” Bloomberg, accessed at: http://www.bloomberg.com/news/2010-11-09/general-electric-to-spend-2-billion-on-china-technology-finance-ventures.html
[23] Department of Treasury, May 3, 2011, “Treasury Secretary on US-China Strategic and Economic Dialogue,” accessed at: http://iipdigital.usembassy.gov/st/english/texttrans/2011/05/20110505191406su0.2003072.html#axzz2NRFDOhGG
I thought this was a very interesting study that is quite different from what the government and the media is projecting. While I’m not sure I agree with all of what’s said, the author does make compelling arguments that deserve acknowledgement. The fact that the government has no claim of such threats (e.g., the reference China) other than fear is disconcerting.
Very different take than I’d seen before. Well reasoned article. I’d be interested in learning what the policymakers would more effectively focus on if they took this view.