A new research report from the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) recommends that the US government and its allies take a nuanced approach to dealing with China's Huawei as a potential supplier of next-generation 5G technology.
While outright banning of the company's products may be viewed as necessary by some governments, there is room for other options, such as implementing a government oversight body to evaluate Huawei's hardware and software, the report says.
The UK's Huawei Cyber Security Evaluation Centre (HCSEC) is the best example of how effective such an oversight body can be in addressing security and intelligence concerns tied to the use of Huawei's technologies, CCDCOE says.
HCSEC is controlled by the UK's National Cyber Security Center and, since 2010, has played a fundamental role in assessing the trustworthiness of Huawei's technologies in the country, the report says. Just last week, HCSEC issued a scathing report that criticized Huawei for not having secure software development practices.
Huawei has established similar security assessment centers in Germany and recently Brussels, though those centers do not have a dedicated oversight board like the UK's HCSEC.
"Instead of a blanket ban, the model of inclusive, competent, and transparent oversight embodied in the UK Huawei supervisory board is a good example" of options that governments might want to consider, says CCDCOE, a body of cybersecurity experts from 21 nations. "Such 'confidence building' and risk mitigation measures may, however, be accessible only to countries with extensive resources and expertise."
The US government has prohibited the use of Huawei's technologies — including 5G — citing national security concerns over the company's alleged ties to China's government and intelligence apparatus.
5G wireless technology supports much higher speeds than 4G, much better device connectivity, and reduced latencies. The technology is expected to enable a =new set of next-generation applications and use cases in areas such as robotics, virtual reality, and smart cars.
Huawei has established itself as an early leader in the space and is the only company currently able to produce all of the elements of a 5G network, the CCDCOE report says. Its closest competitors — Nokia and Ericsson — don't yet have a viable alternative. Huawei and a handful of other Chinese telecommunications companies have been leaders in setting global standards for 5G and obtaining patents around the technology.
US officials have said that using Huawei's technologies — especially next-generation 5G network technology — could expose the country to espionage and spying by China's government and military. The US is now trying to get other Western nations to take a similar stance in banning the use of Huawei technologies.
Fueling those concerns is China's long record of corporate espionage and intelligence-gathering activities against the US and other Western countries that it considers as economic and military rivals. Ninety percent of economic espionage incidents between 2011 and 2018 have involved China, CCDCOE says. Huawei itself has been directly accused of similar actions leading to the arrest of its CFO in Canada earlier this year.
Recent Chinese laws, including the National Intelligence Law of 2016 and the 2014 Counterintelligence Law, have exacerbated concerns by specifically requiring organizations like Huawei to cooperate with and support national intelligence activities, CCDCOE says. Such acts have raised considerable concerns about the ability of Chinese state actors to introduce backdoors in technology products from the country.
"Core communications networks constitute fundamental infrastructure and therefore are an essential national interest, bearing national security implications," the report says.
The fact that Huawei's 5G technology will be deployed for backbone communications networks means that it would become part of the core national communications infrastructure for any country. Governments should therefore approach any discussions involving the acquisition and use of 5G technologies from a national security perspective, rather than from a purely technological one, the NATO-affiliated body says.
Huawei itself has described the US government's stance as being motivated by geopolitical and economic rivalry. The company has accused the US of attempting to unfairly restrict its business; earlier this month, it filed a lawsuit in a Texas federal court challenging the constitutionality of the ban against the use of its products.
The US, though, is not the only country with concerns over Huawei's dominance in an area as critical as 5G networking. The CCDCOE report identifies other nations, such as the Czech Republic, Australia, Japan, and New Zealand, as imposing restrictions on the use of Huawei products.
Germany and other EU nations are considering similar restrictions. But they have not taken the step yet, citing the lack of conclusive evidence tying Huawei to the Chinese government or military. "There is growing appetite among EU member states and NATO allies on EU/NATO coordination in this matter," the report says.
But shutting the door entirely on cooperation with Huawei may backfire as well, the report warns. Such an action would potentially deprive industries in Europe and other regions of an opportunity to develop 5G services and leave development to be led by Chinese companies.
Ezra Gottheil, an analyst with Technology Business Research, says the US itself is unlikely to be hurt. "I don't think the US is in danger of falling behind in the use and development of 5G if it continues to ban Huawei," he says. "I think alternative vendors like Ericsson can deliver on 5G."
At the same time, US officials are preparing for the fact that many countries over the next few years will transition to 5G networks based on technologies from Huawei and other Chinese vendors. According to a Washington Post report Monday, US cybersecurity experts have begun discussing ways to use encryption, network segmentation, and stronger security standards to minimize risk to critical systems when connecting to networks based on 5G technology from Huawei and other Chinese vendors.
- UK Watchdog Criticizes Huawei for Lax Software Security, Development
- Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
- Chinese Intelligence Officer Under Arrest for Trade Secret Theft
- 8 Nation-State Hacking Groups to Watch in 2018
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.