This article is more than 1 year old

Can you trust Huawei... or any other networks supplier for that matter?

Price, bug-patching, security, control ... so many factors to consider

Huawei's bugs look a lot like Cisco's. Care to guess why?

As for Huawei, Beardsley said that it sometimes has identical bugs to Cisco's, which he described as "interesting and unusual". In a 2003 court case, the Chinese company admitted to having copied some router software code from Cisco.

So there are reasons to doubt the quality of Huawei's security. What about the worries that, despite its denials, it is a conduit for spying? Ken Munro, co-founder of IT security company Pen Test Partners, argued that if it were a tool of the Chinese government, it would make sense for it to incorporate what appeared to be great security to tempt organisations in. But that's not the case: "Huawei has got work to do. Its attention to detail is not great," Munro said. "You can differentiate organisations based on their response to vulnerabilities." Cisco has a good reputation for this.

Others are less sanguine. "Certainly there is a worry that in times of crisis, such as a planned invasion of Taiwan, we might expect the Chinese to try to bring down the internet in the west, in order to blind us for a day or two," said Anderson. "That task would be an awful lot easier if they have a lot of their own kit in our networks." He added that Huawei's equipment is so insecure, other countries or groups could exploit it in a similar fashion.

What about the Chinese government?

There is a case for worrying about Huawei's motivations. Founder Ren Zhengfei spent two decades at a military technology division of the People's Liberation Army. More broadly, China passed a law in 2017 which obliges its companies to co-operate with the state.

And while western governments are not above criticism – the UK's GCHQ openly runs "equipment interference" – it's worth bearing in mind that on many measures of freedom and democracy, China is much worse. Its government is thought to execute thousands of prisoners each year, it probably holds more than a million Muslims in secure "thought transformation" camps and – pertinently to Huawei – it is using digital technology to build what amounts to a whole-population surveillance programme. The most recent ratings of national freedom by Freedom House, a US watchdog, gave Australia a score of 98 out of 100, the UK 94, the US 86... and China 14.

group of people in suits look at laptop screens

UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved'...

READ MORE

Former MI6 head Sir Richard Dearlove has argued that, given the step change in technical sophistication 5G represents, Huawei's kit should be banned completely from UK networks. "We should remind ourselves that China's military strategists perceive a world in which the military and the civilian will be fused into a single plane of conflict," he writes in a report published in May by the Henry Jackson Society, a think-tank that describes itself as fighting to "keep societies free".

"To place [China] in a potentially advantageous exploitative position in the UK's future telecommunications systems therefore is a risk, however remote it may seem at the moment, we simply do not need to take."

The report makes the case that Huawei is effectively government controlled, and that its 98 per cent ownership by a trade union committee should be seen in the context of officials being paid by the state and answerable to the Chinese Communist Party.

More broadly, John Hemmings, deputy director of research at the society, points to the Prague proposals agreed at May's international 5G security conference held in the Czech capital. These argue that "specific political, economic or other behaviour of malicious actors which seek to exploit our dependency on communication technologies" have to be considered along with technical security.

Hemmings said anyone buying telecoms equipment for organisations where national security, time-sensitive information or commercial confidentiality comes into play have to consider how supplier nations behave. "Country of origin will become a thing," he said.

"It means you look at the regulatory norms and standards of the country supplying the IT." Two key areas are how well a country protects its citizens' data and how much technology companies are mixed up with military and security agencies. Hemmings said that while plenty of western technology companies get involved with military and security work, the difference is that they can choose not to – unlike Chinese ones.

For those trying to decide whether to buy Huawei, it may not be possible to separate the quality of its security work from worries about the Chinese government. Australia has taken a strong line against Huawei for some years, having shut the company out of its AU$38bn (£21bn) National Broadband Network back in 2012 and last year banning it and fellow Chinese supplier ZTE from 5G networks.

Stanley Shanapinda, a cybersecurity research fellow at La Trobe University in Melbourne, said that when the government has a strong view, many companies need to take account of it: sectors including telecommunications are highly regulated and for many businesses, public sector organisations are big, steady customers. "It could come down to a business decision, that we want to be in the good books of government," he added.

In Shanapinda's view, it's hard to say whether or not your organisation is safer if it avoids Huawei. The question may also be beside the point: "My advice to any procurement officer or technical person is to make the best decision – and go with what's politically efficient." ®

More about

TIP US OFF

Send us news


Other stories you might like