GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

By Sarina Krantzler

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

Related: Part 1. China’s 5 year digital plans

Both of those initiatives are well-funded, thoughtful, and strategic in their attempts to spread influence and widespread dependency on Chinese products.

The first blog concluded with a strong message of encouragement for the U.S. to evolve its own creative cybersecurity strategy leveraging strategic goals with economics and public policy to create a sustainable, secure cyber system consistent with Western ethical standards, our free market philosophy, and our democratic traditions.

The FCC’s Rip and Replace Model was introduced, by title only, to provide a glimpse into how the U.S. should, and is beginning to, take action to counteract intrusive Chinese technology within our critical infrastructure. To understand our options in this fight, however, we first need to understand who we’re up against.

Huawei Technologies, or Huawei for short, is a Chinese telecommunications firm that has been fed tens of billions of dollars in financial assistance by the Chinese government on a scale of subsidization that dwarfs the next closest competitors’ monetary receipt. To fuel their rise to the top of the global telecommunications landscape, Huawei had access to as much as $75 billion in state support as it grew from a little-known vendor of phone switches to the world’s largest telecom equipment company (Wall Street Journal).

Subsidies aside, since 1998, Huawei has received an estimated $16 billion in loans, export credits, and other forms of financing from Chinese banks for the firms’ operations and customers.

As referenced in the previous blog, Brazil was originally firmly in opposition of adopting Huawei technology into their infrastructure until the country became desperate amidst the COVID-19 pandemic. Huawei executives arranged for millions of vaccine doses to be sent from China to Brazil, and to repay China for their assistance, Brazil relaxed its initial reservations about their security and instead allowed Huawei to participate in their 5G bidding processes, of which they were victorious.

Many African countries that rely heavily on Huawei and ZTE equipment appear to have a similarly relaxed view on security concerns. In 2018, Western media reported that the African Union (AU) – for which Huawei had supplied telecommunications equipment – had its servers compromised which resulted in information leaking back to China for five years. Nonetheless, the AU president joined Huawei in decrying the allegations of espionage and in 2018 signed a renewed agreement with Huawei (The Eurasia Group, 2020).

Sadly, Brazil, several African nations, and numerous U.S. allies are only several of many examples that displays Huawei’s staggering power and aggressive capacity to influence countries who initially oppose their tactics, but eventually fall victim to their immeasurable wallet or power to bring a desperately needed commodity.

A report issued by the Chair of Senate Foreign Policy Committee, Robert Menendez (D-NJ) in July 2020 said, “The United States is now on the precipice of losing the future of the cyber domain to China. If China continues to perfect the tools for digital authoritarianism and is able to effectively implement them both domestically and abroad then China, not the United States and its allies will shape the digital environment.”

Huawei’s global influence and staggering integration makes it one of the U.S.’s primary targets for immediate action.

Huawei technology in the infrastructure of our allies is unsettling, but understanding that Huawei is here, in the United States, is significantly more worrisome. The sweetheart deals that Huawei has managed to make with rural telco’s have furthered their influence and depth of integration into our critical infrastructure, making their presence a direct and significant threat to national security.

If the U.S. was to start conducting damage control on behalf of our internal national security shortcomings and oversights, Huawei would certainly be a logical place to start.

By May 2020, the United States Government finally pulled the plug on Huawei activities in the U.S. and placed the company on the Department of Commerce’s “Entity List” which imposes restrictions on U.S. commercial engagement. Commerce placed Huawei on this list after it was indicted by the U.S. Justice Department for theft of trade secrets, attempted theft of trade secrets, conspiracy, wire frauds, and obstruction of justice, as well as bank fraud, and conspiracy to commit bank fraud, conspiracy to commit money laundering, and violations of the International Emergency Powers Act in illegally assisting Iran with sanctions evasion.

About one year later, on July 13, 2021, CNBC reported that the Federal Communications Commission (FCC) unanimously voted to finalize a $1.9 billion dollar program to “rip and replace” equipment from Huawei and ZTE, two Chinese telecommunications companies who have been branded as national security risks by the U.S. government (Feiner & Macias, 2021). The program will subsidize the transition for rural U.S. telecom companies away from using the Chinese products to secure U.S. networks (Feiner & Marcias, 2021).

The United States can facilitate the FCC’s Rip and Replace Program due to infrastructure framework and economics. Our 5G technology is not built directly off our 3 and 4G technology, so modifying our infrastructure is costly but not structurally impossible. Additionally, the number of providers using Huawei and ZTE technology is estimated in the millions, which is a manageable amount to focus on economically.

Our allies, however, have a much more complicated relationship with their Chinese providers.

The United Kingdom is arguably the U.S.’ most reliable ally. Vodafone, based in the UK, is the world’s second largest telecommunications system (after China Telecom) and has used Huawei products for years.

Reiter

In an April 2020 essay on Lawfare, Joachim Reiter of Vodafone stated “European carriers and governments are working hard to figure out how to best reconcile market conditions and the EUs ambitions for implementing 5G with Washington’s perspective on supply chain security. The decision to continue to utilize Huawei is born of practicality, given Europe’s past use of Huawei and the lack of options when it comes to vendors and the prevailing market environment… Unlike the U.S., European carriers long ago installed Huawei products throughout 3G and 4G networks… Removing them from 5G means removing it from 4G, etc.…” (Lawfare Blog, 2020).

In July 2020, at least one European nation, the UK – no longer a member of the European Union – agreed to a compromise position agreeing to stop purchasing Huawei equipment by the end of the year, and clear Huawei equipment from its network in seven years (traditionally the typical length of time telephone companies swap out their technologies).

Krantzler

While there may be some follow-through by other major European countries, however, as of this writing they have not followed the UK lead and to do so in the post-pandemic environment may be extremely difficult.

While “ripping and replacing” may be a short-term solution to a limited number of the digital threats China poses, it can scarcely be considered a cost-effective solution. Moreover, while the recognition of the potentially significant impact of Chinese control of Western telecommunications in the digital era is welcome, the U.S. response has been limited, incremental, reactive, and largely unsuccessful.

We need a digital strategy that is as thoughtful, strategic, and intentional as the Chinese digital strategy that stands as a significant national security threat.

About the essayist: Sarina Krantzler is a research associate at the the Internet Security Alliance, a trade group whose members include chief information security officers of Fortune 100 firms. This essay was originally published on ISA’s Daily Cybersecurity Blog.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone