It’s a decision that has exposed a sharp divide between long-time allies.
On Jan. 28, Britain said it would allow Chinese telecom equipment maker Huawei Technologies Co. Ltd. to play a limited role in the country’s 5G networks, a decision government officials are calling a compromise.
But the United States and Australia say Huawei answers to China’s ruling Communist Party and could be compelled to help Beijing spy on or sabotage Western networks. Both have banned Huawei from supplying any gear for their next-generation mobile networks, and are adamant that no compromise is possible in 5G technology because no amount of its technology is safe.
Huawei, which rejects being categorized in the West as a “high-risk vendor,” says it’s not a pawn of the Chinese government and that its equipment can be trusted completely.
Canada is still mulling its own decision on Huawei, trying to decide whether it can overlook warnings from the United States.
Britain’s partial measures
Britain said it would block Huawei equipment from core parts of its 5G networks but allow the Chinese company’s gear to be used on the edge, or periphery, such as the radio access network of antennas on cell towers or base stations. The core of a mobile network has traditionally been the more securely protected part of the system that helps manage data traffic.
Britain said it is confident the limits it has placed on the use of Huawei gear – which include capping its share of the non-core 5G network use at 35 per cent, the same as its existing level – will sufficiently reduce the chances of cyberthreats. (Huawei components have been used in the core of some British wireless networks, but efforts to remove them began in 2016.)
“The government is certain that these measures, taken together, will allow us to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals, or state sponsored attacks,” the British government said late last month.
It said it would also exclude gear produced by high-risk vendors from “all safety-related and safety-critical networks” and sensitive geographic locations such as nuclear sites and military bases.
Espionage experts say this is not enough.
“None of this works if the threat is inside your network,” former Australian spy Simeon Gilding said in a public statement from the Australian Strategic Policy Institute, a think tank, one day after Britain’s decision. "In this new world, no number of impressive-sounding mitigation measures or cybersecurity standards can provide confidence that your networks are fully protected.”
Mr. Gilding was a top official at the Australian Signals Directorate, which helped advise the Australian government on Huawei.
Experts warn of risks even on the edges
For months, even years, Washington and Canberra have said a halfway solution is not possible.
Not only because the Shenzhen company, founded by a former People’s Liberation Army soldier, is a flagship enterprise in an authoritarian state where the law obliges companies to help Chinese intelligence agencies.
But also because of a key difference between 5G technology and previous mobile infrastructure.
In addition to faster speeds and increased data capacity, 5G is meant to support a vast expansion of telecom networks to connect self-driving cars, factory robots, medical devices and power plants. Australia and the United States say as 5G networks evolve, the distinction between the core and edges will disappear, with sensitive operations taking place much closer to the end user to deliver those benefits.
“Historically, we have protected the sensitive information and functions at the core of our telecommunications networks by confining our high-risk vendors to the edge of our networks,” Mike Burgess, head of the Australian Signals Directorate, said in a speech shortly after Australia banned Huawei in 2018.
“But the distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network.”
The U.S. and Australian governments say that means it’s too risky to allow Huawei gear even on the edges.
U.S. State Department web pages hammer home this message.
“The previous security distinction between critical and noncritical elements is gone,” Robert Strayer, the department’s deputy assistant secretary for cyber and international communications and information policy, says in one internet presentation.
“You cannot mitigate the risk of untrusted vendors in 5G networks by placing them in the ‘edge,’ because there is no distinction between the edge and the core.”
Mr. Strayer has also said another potential risk is the bigger role software will play in 5G technology.
“Because the nature of 5G relies so much on software, software-defined networks, and updates to software, we need to have confidence that those who are involved in updating that software or in the management of those systems are secure and not introducing vulnerabilities through those software updates," Mr. Strayer told a conference on 5G last year in Washington.
What other countries have done
Shortly after Britain’s decision, France’s biggest telecom company, Orange SA, announced it would build its 5G network with equipment from Ericsson and Nokia Corp. The French government considers Orange a strategic asset.
Taiwan has barred Huawei from supplying gear for the construction of 5G networks. Similarly, all major Japanese telecom companies have announced they won’t use Huawei equipment in their 5G networks.
Canadian spy agency declines comment
When asked whether it agreed with Mr. Burgess and Mr. Strayer, Canada’s Communications Security Establishment declined to answer. CSE spokesman Evan Koronewski said that Ottawa’s review of 5G technology will include “careful consideration of our allies’ advice.”
Telus Communications and Bell Canada, which use Huawei gear on the edge of their networks, declined to respond to the same question.
However, a senior Canadian telecommunications executive disagreed with Mr. Strayer, Mr. Gilding and Mr. Burgess, saying the 5G network will keep the edge and the core separate in terms of engineering and network functions, so high-risk vendors can play a role without jeopardizing security. The Globe and Mail is not identifying the executive because they were not authorized to speak publicly on the matter.
Alykhan Velshi, Huawei Technologies Canada’s vice-president of corporate affairs, said the Chinese company is willing to accept any test or regulatory or oversight mechanism necessary.
“Huawei has been in Canada for more than a decade and helped to build the wireless networks that Canadians use and rely on today,” he said. “Over the course of that time – again, more than 10 years – we haven’t had a single security incident in this country or received any complaints from Canadian security agencies.”
Ian Levy, the technical director of Britain’s National Cyber Security Centre, has rejected the idea that sensitive parts of a 5G network will be at risk.
“In previous [generations of] networks, sensitive functions were grouped together in a couple of locations we called core. In 5G, they are spread out a bit more, but sensitive functions are still sensitive functions” and can be protected, he wrote on a blog the day the U.K. decision on Huawei was released.
Ward Elcock, a former director of the Canadian Security Intelligence Service, said allowing Huawei into 5G is not worth the risk.
“The reality is that a real tech expert might be able to say to you that ‘I can mitigate the circumstances.’ I don’t think a tech expert would ever be able to say to you, ‘I can assure you there are no potential risks,’ " he said. “So ... it doesn’t seem to me to be a risk worth taking, given [Canada’s] relationship as a staunch ally of the United States and given the integration of our telecommunications network with the American telecommunications network.”
Obliged to spy?
One obstacle to closer scrutiny of Huawei is the fact it’s not publicly traded and therefore not subject to as much regulatory oversight as listed companies. Huawei says it’s wholly owned by its employees. It’s formally owned by a holding company with just two shareholders: founder Ren Zhengfei and the Union of Huawei Investment & Holding Co. Ltd. That union, the researchers say, appears to be a trade-union committee. And such entities in China are part of a system the Communist Party controls.
Like all companies in China, Huawei is also required to have a committee representing the Communist Party. “Our ... committee is not involved in any operational or business decisions,” Huawei says on its website.
Huawei gets substantial state support, news reports say. The Wall Street Journal reported last December that Huawei has received the equivalent of about US$46-billion in loans and other support, and what amounts to US$25-billion in tax breaks.
The Journal said while this kind of financial support is common in many countries, China’s assistance for Huawei is “among the factors stoking questions about Huawei’s relationship with Beijing.”
China’s 2017 National Intelligence Law requires Chinese companies and citizens to “support, co-operate with and collaborate in national intelligence work” when asked, adding that the state protects any individual and organization that aids it. Its 2014 Counter-Espionage Law says that, during an investigation, “relevant organizations and individuals” must “truthfully provide” information and “must not refuse.”
Mr. Gilding, the former Australian spy, said he was part of a team that tried to design mitigation measures that might give Canberra “confidence that hostile intelligence services could not leverage their national vendors to gain access to our 5G networks."
In his commentary published by the Australian Strategic Policy Institute, Mr. Gilding said the Australians could not craft a solution. “We failed,” wrote Mr. Gilding, who headed the Australian spy agency’s signals intelligence and offensive cybermissions.
He said cybersecurity officials marvelled at the power Chinese law gives Beijing’s spies to force a company to do its bidding.
"We asked ourselves: If we had the powers akin to the 2017 Chinese intelligence law to direct a company which supplies 5G equipment to telecom networks, what could we do with that and could anyone stop us?
“We concluded that we could be awesome, no one would know and, if they did, we could plausibly deny our activities, safe in the knowledge that it would be too late to reverse billions of dollars’ worth of investment. And, ironically, our targets would be paying to build a platform for our own signals intelligence and offensive cyber operations.”
Huawei denies it’s obliged to spy for Beijing, and has offered to sign an agreement not to do so.
Richard Fadden, a former CSIS director and national security adviser to Prime Minister Justin Trudeau and former prime minister Stephen Harper, said Huawei can’t be trusted.
“The close relations between Huawei and a Chinese government with a history of cyber espionage should be worrisome,” Mr. Fadden said in the article.
Mr. Fadden said China has a long history of cyberoperations against Canada, citing the hacking of the telecommunications company Nortel Networks Corp., the National Research Council and the potash industry.
“A Chinese company will do pretty much what the Chinese government says,” Mr. Elcock said. “The reality is that the Chinese would no more buy Western telecommunications equipment than to fly to the moon.”
Huawei says it has never been found guilty of compromising security. This statement doesn’t mention allegations of misdeeds by the company and employees.
- Nov. 2, 2018: The newspaper The Australian cites a national security source saying Chinese espionage services used Huawei’s staff to get access codes to infiltrate a foreign network, which the paper said “highlighted the Chinese company’s role in cyber espionage.” The newspaper said Huawei officials were “pressed upon to provide password and network details that would enable Chinese intelligence services to gain access.” The hacking attempt occurred in the previous two years, it said. A Huawei official later called the report “more tired, unsubstantiated comments from anonymous sources.”
- Jan. 11, 2019: Huawei sales director Wang Weijing and former Polish security officer Piotr Durbajlo were arrested on allegations of spying for China. The company fired Mr. Wang, saying he “brought Huawei into disrepute.” Huawei said Mr. Wang’s actions “have no relation to the company" and a spokesman for security services said the investigation is focused on the two men.
- Aug. 15, 2019: The Wall Street Journal reported that Huawei technicians helped African governments spy on political opponents. The newspaper said Huawei employees embedded with cybersecurity forces in Uganda and Zambia intercepted encrypted communications and used cell data to track opponents.
- Jan. 29, 2020: Handelsblatt, a leading German business newspaper, reported that the German government has evidence that Huawei has collaborated with Chinese intelligence. “At the end of 2019, intelligence was passed to us by the U.S., according to which Huawei is proven to have been co-operating with China’s security authorities,” the newspaper quoted a confidential foreign ministry document as saying. Huawei rejected this, saying: "The Handelsblatt article repeats old, unfounded allegations without providing any concrete evidence whatsoever.”
With reports from Reuters and Associated Press