Why Huawei is banned

Some more top notch Aussie politicians at work today at the AFR:

Controversial Chinese telco Huawei is hitting back aggressively over spy agencies’ efforts to veto it on national security grounds from involvement in the construction of the 5G wireless network, lobbying federal parliamentarians directly that its exclusion would push up costs for consumers, result in an inferior service and threaten the company’s future in Australia.

In a letter to MPs and senators, chairman John Lord and directors John Brumby and Lance Hockridge say that the criticism Huawei poses a security risk is “ill-informed and not based on facts”, with a number of other Western nations including Britain incorporating the company’s technology in their networks within their security frameworks.

“To completely exclude Huawei from 5G in Australia means excluding Huawei from the entire Australian market and we don’t believe this would be in Australia’s best interest,” the letter stated, a copy which has been obtained by The Australian Financial Review.

Just in case you missed it. Via the ABC:

To understand the deep institutional anxiety about Huawei among Australia’s closest security partners, you have to understand the British experience with the Chinese telecommunications giant.

It’s not an episode that’s much advertised, deliberately so. But it’s an episode that is held against Huawei when it comes to why it should be denied access to Australia’s 5G network, notwithstanding its expertise and industry excellence.

What’s on the public record is heavily redacted, as much to hide the Brits’ gross embarrassment about the extent of its network compromise as it is on grounds of national security.

The story begins in 2005 when BT (formerly British Telecom) embarked on a 10-billion-pound ($17 billion) upgrade of its network.

Huawei was contracted by BT to supply routers, transmission and access equipment.

For Huawei — which was founded 30 years ago by Ren Zhengfei, a former officer of the People’s Liberation Army — the British contract was something of a PR coup, given its goal of breaking into the market in the United States.

Huawei has always denied direct links with the Chinese Communist Government, insisting it is 100 per cent owned by its employees, and the company cites the British contract as evidence of its trustworthiness and reliability.

But Huawei’s involvement in the BT upgrade was far from celebrated.

Brits left to ‘shut the stable door after the horse has bolted’

BT was under no obligation to inform the British government prior to awarding Huawei the contract.

As the UK’s Intelligence and Security Committee reported in June 2013: “It means that the government may not be made aware of contracts involving foreign companies from potentially hostile states until they have already been awarded.

“The government is therefore sometimes put in the position of trying to shut the stable door after the horse has bolted.”

In fact, the stable door was now controlled by Huawei.

But it wasn’t until 2010, five years after the company was awarded a contract to supply transmission equipment, that the British government raised concerns with Huawei about concerns that its equipment was being exploited.

Sources briefed by British intelligence have told the ABC that a problem was detected inside so-called “core switches” installed by Huawei. These devices are the proverbial stable door for information, letting data in and out.

BT noticed these core switches were doing a lot of “chattering” — to whom they weren’t sure, but it was concerning enough for the company to be hauled in by UK authorities.

‘The Cell’ called in to track down malicious code

The Government Communications Headquarters, the British intelligence and security organisation, established a Cyber Security Evaluation Centre (also known as “the Cell”) to study “every piece of hardware or software destined for the UK market” at Huawei’s expense.

The Cell also randomly sampled new hardware and software updates destined for UK infrastructure, looking for “malicious code”.

In 2011, BT and British government security chiefs flew to Huawei’s Chinese HQ in Shenzhen to tell the company they’d identified issues with its equipment.

The extent of the vulnerabilities exposed in BT infrastructure is not public, but the ABC understands it caused BT to replace many of the core switches.

The Brits’ Huawei experience saw its Five Eyes security partners — the US, Canada, Australia and New Zealand — harden their approach to critical infrastructure.

Huawei loses out on NBN, 5G now looks unlikely

Australia banned Huawei from the National Broadband Network in 2012 and earlier this year the CIA, FBI and National Security Agency told the US Senate Intelligence Committee they would advise Americans against using Huawei products.

And Australia’s recent intervention in the Solomon Islands, bumping Huawei as supplier of a 4,000-kilometre undersea communications cable between Honiara and Sydney, was a national security play camouflaged as foreign aid.

Australian security experts say 5G, which is predicted to start replacing fixed-line telephony, will be so powerful in reach and application it must be afforded maximum protection from sabotage and espionage.

China has an established track record of cyber attacks and Article 7 of China’s National Intelligence Law states that “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law”.

Huawei furiously asserts its independence from the Chinese state, but has not been able to shake suspicions from the Five Eyes intelligence partners.

“Forget Beijing’s Belt and Road strategy of building ports, road and rail, the Chinese are actively colonising the fifth estate, which is cyber,” a security source told the ABC.

“Security is not meant to be convenient, it’s meant to protect.”

And Huawei, which has one of the few high-functioning, enterprise-level 5G networks, will remain on the outer.

For Malcolm Turnbull it is a terrible dilemma.

The Prime Minister wants to improve relations with Beijing but knows that denying 5G entry to Huawei, one of China’s greatest international success stories, will put that mission in further jeopardy.

Whether you agree or disagree really hangs on whether or not you want Australia to remain inside the “five eyes” intelligence grouping.

Houses and Holes
Latest posts by Houses and Holes (see all)

Comments

  1. The Chinese Goverment, by their actions, have made their position clear. They intend to white-ant the Western Alliance until it crumbles. They have been given every opportunity to play fair over the last decades, and they have been given great lattitude. Yet they have continued to act as a snake in the grass. There can be no more lattidude given. The grass must be set alight.

  2. – And who is now the supplier of those core switches in Britain ? Who replaced Huawei equipment ? If it’s an american company then one would expect that it’s now e.g. the NSA or CIA is eavesdropping on british telecommunication (equipment).

  3. “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law”.
    Comforting.

  4. This is of course a national security issue, so a matter for our intelligence agencies. Personally I would rather be snooped on by a foreign company which would find it far harder to exploit my data against me for the gain of their secret cartels. It is incredibly hard here not to use the Intel Management Engine or equivalent which means you are owned before you have booted up. Wonder if we will be allowed to buy Russian computers or will they be sanctioned in the name of Google and Amazon ?

    https://habr.com/post/320840/

    • Your data is interesting, but not the goal. They want the government’s data … they want large commercial organisations’ data … they want to get an advantage wherever it can help them grow and control. And yes, that is both sides of the game …

      • Yeah nah not really. Whilst it’s true that the yanks don’t usually have little old ladies sitting on their front porches recording the foibles of the hoi polloi the Chinese authorities do have serious form in this regard. It would be a mistake I think to apply our ideas of what is reasonable or likely to how the Chinese authorities operate.

      • Actually normal users data can be very useful also so they can build up a social network for spear fishing attacks or similar, eg if you have several contacts at a defence contractor or high tech company they can guess you probably work there or with them, especially if they have access to gps data. They can fake emails, SMS etc from the other party making it much more likely you will click the funny video etc that downloads a trojan or opens a port, injects code etc or via several other means

  5. Ronin8317MEMBER

    The CEO is a former officer of the PLA, and the chairwoman is a ‘former’ member of the Chinese spy agency. Hello? They don’t even bother to hide it.

    • However, their Australian CEO is Rear Admiral John Lord of the Australian Navy

      Huawei also has ex-MPs Ruddock, Robb and Downer sit on its board. As do ex-VIC premier John Brumby and ex-NSW Mike Baird.

      Their Aussie credentials are as true-blue as can be.

      • Name me one other major corporation operating in Australia that has 5 former senior pollies on its board. Name me one other major technology company operating in Australia that has a former senior military officer as its chief operating officer. I would have thought their intent here was as obvious as George Michael’s moustache.

      • proofreadersMEMBER

        Pollies know which side their bread is buttered on and what’s in their best interests, which are foremost?

  6. drsmithyMEMBER

    BT was under no obligation to inform the British government prior to awarding Huawei the contract.

    As the UK’s Intelligence and Security Committee reported in June 2013: “It means that the government may not be made aware of contracts involving foreign companies from potentially hostile states until they have already been awarded.

    Another win for privatisation of critical assets and services.

    • Sony laptops also shipped with Spyware.
      Intel chip’s management engines allow remote access
      Cisco routers have a few hardwired passwords or backdoors
      Kaspersky anti-virus is being banned from US and EU governments.

      These days you need to choose who you want to spy on you, US, China or Russia.

      • True. None of the more powerful countries can be trusted. They care too much about preserving and if possible, expanding their power.

    • Beware any Chinese phone apps.
      Popular teen app Meitu is really Chinese spyware
      “The Android version of the app is creating particular cause for concern, asking for no fewer than 23 permissions. With all of this data being transmitted back to an unknown, untrusted remote Chinese server, many users and security experts are concerned”

      https://betanews.com/2017/01/20/meitu-photo-app-chinese-spyware/

  7. TPG supplied to its ADSL2 customers a new Huawei Wifi router when those customers were switched to NBN. Interesting. Presumably Huawei had the lowest tender price.

  8. All technology is insecure. So it’s a matter of who you’d rather be insecure with. Given Echelon, NSA mass surveillance, and data sharing agreements going with Cisco, etc. isn’t comprising security any more than it does today. But Huawei would.

  9. Unless you get Huawei to setup an independent, arms length software development center in Australia, you can never be sure that no back doors, trojans and malwares are incorporated in the compiled code. The government will need to have people skilled in software engineering and coding to audit the code . It is too, too hard.

    • Can you ever really be sure there are no backdoors even if you have your own Australia based software teams?
      Truly Secure software is unbelievably difficult to write and is a VERY specialized area, definitely not something that I’d trust to an inexperienced hastily assembled all Aussie team…catch22 really. Unfortunately it’s one of these problems where you need to be part of the game to ever really know the game and nobody that’s part of the game can ever really be trusted.

    • Not possible, you just need one person (either yours or someone blackmailed etc) with access at some point in the software/hardware/manufacturing chain and you are compromised.

    • Look – if its any major govt, with quantum computers and ai’s etc, you’re done.

      But the main challenge is not from them right, its from more pedestrian bad actors. Being careful and spending time on your own security will probably keep you pretty safe. And aligning your stack to foss, and not buying Huawei, is not a bad idea either.

  10. Anyone that allows any country with a track record, like China in recent times, to provide their backbone is plain dumb.

    • As far as I’m concerned : The only good thing about Huawei and ZTE’s attempts to include network backdoors is that they are unbelievably clumsy, the real game starts when their engineers learn to be a little less obvious.

  11. BubbleyMEMBER

    “Proven security risk” stamped on their tender documents and then straight in the bin/shredder.