People have been asking me what I think about this week’s news that the US House Intelligence Committee urged telecoms operators not to buy gear from Huawei Technologies and ZTE over security concerns.
US Huawei, ZTE ruling no surprise
Well, for one thing, it’s nothing new.
Many US politicians frequently characterize China as an all-purpose threat to US national security, especially when it comes to technology, whether it’s satellite technology transfers or cyber-attacks or what-have-you. We’ve been here before, and we’ll be here again as long as there are politicians in the US whose assessment of China’s current political structure is informed by Cold War paranoia, or indeed paranoia of any stripe.
For context, bear in mind that dithering over national security in the telecoms realm is hardly exclusive to US politicians during an election year. Telecoms infrastructure has always been considered a national security asset, and therefore subject to political whimsy (be it sensible or paranoid) in just about every country in the world.
Including, incidentally, China.
Granted, such concerns are valid on a general level – that’s why networks need security in the first place. It’s just hard for me to take seriously any report written by politicians during an election year that’s big on allegations but very light on actual evidence.
That could be just me.
But I do think that regardless of the report’s motivations or validity, it’s still going to have a serious impact on Huawei and ZTE’s plans for North America – possibly to the point of giving China a case to take to the WTO, as Forbes has suggested, though I’d be surprised if it got that far.
As for how this could be resolved, I don’t have any particular wisdom. Some have commented that Huawei and ZTE need to do more to convince US officials that their intentions are good and they’re no threat to anyone. It wouldn’t hurt, but if the report’s main objective is to make a political statement about China’s general untrustworthiness, I don’t think either company could ever do enough to clear away suspicions. How do you debunk allegations when the evidence is a state secret?
But I do agree with Gartner’s John Pescatore that a smarter alternative to an all-out ban would be a more rigorous testing process, as Forbes reports:
[Pescatore] points to the United Kingdom, where Huawei and Britain’s NSA-equivalent known as the Government Communications Headquarters have set up a Cyber Security Evaluation Centre to comprehensively audit any gear Huawei wants to sell in the country. In another case, he points to the Chinese security technology firm NSFocus, which had its products analyzed by the code-auditing firm Veracode ahead of offering them internationally.
The committee report claims that a testing process is impractical from a security standpoint because “a determined and clever insider” could get past it. But as SANS Institute research director Alan Paller points out in the same article, that’s true of any network equipment maker:
“If a nation, any nation, wants inside U.S. systems, they can just put their best graduates in U.S. colleges, and they’ll get inside. We’ve seen cases like that.”
So yes – I think any security concerns the US Congress has over back doors and other vulnerabilities could be alleviated with a little extra due diligence in the testing process. But it’s clear that – at least for now – the House Intelligence Committee is more interested in scoring political points than entertaining actual solutions.