Is Huawei a Security Risk?

Is China’s Huawei a cyber security risk? Western governments have some reasonable grounds for concern.

Following is a guest entry by IT security analyst Jeffrey Carr on the ongoing attempts of Chinese technology firm Huawei to crack the US telecoms market.

Huawei recently published on its website an open letter to the US government regarding its attempt to acquire 3Leaf and the ruling of CFIUS (Committee on Foreign Investment in the United States) that opposed it. The letter's authors have attempted to allay fears in the Unted States that Huawei has deep ties with China's People's Liberation Army and the State Council, and that its hardware may be utilized by the Chinese government to conduct offensive cyber operations such as sabotage or espionage.

Huawei's letter isn't remarkable for what it says, but for what it doesn't say. According to Huawei's annual financial report (2009), it's 'the largest network equipment provider for China Unicom's WCDMA networks and China Telecom's CDMA2000 EV-DO networks; and it provides over 30 percent TD-SCDMA network equipment used by China Mobile.'

An early look at Huawei's 2010 annual report (by China Technology News) confirms Huawei's continuing support of China's three carriers. Since the supervision and monitoring of 'all wireless frequencies, satellite orbits, telecommunications network numbering, Internet protocol addresses and Internet domains used to realize telecommunications functions' is mandated by Chinese law, and since Huawei provides the majority of the hardware for China Telecom and its sister companies, isn't it reasonable for Western governments to be suspicious that the same Huawei technology that supports the Chinese government's monitoring requirements may also be used in like manner outside of China?

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

If Huawei wants to convince Western governments that its hardware doesn't contain backdoors or other hidden malicious code, my suggestion as someone who regularly speaks and writes on this topic for US and foreign governments is to provide details on how your equipment is being used as part of Beijing's information acquisition and processing program within China. That level of full disclosure would probably go a long way in establishing trust in a world where there currently is none.

This is an edited version of an entry that also appears on Carr's blog. Carr is also the author of 'Inside Cyber Warfare: Mapping the Cyber Underworld' (O'Reilly Media, 2009).