Huawei probed for security, espionage risk

CBS 60 Minutes:

If you’re concerned about the decline of American economic power and the rise of China, then there is no better case study than Huawei.

Chances are you’ve never heard of this Chinese technology giant, but in the space of 25 years it’s become the largest manufacturer of telecommunications equipment in the world; everything from smart phones to switchers and routers that form the backbone of the global communications network. It’s an industry the U.S. invented and once dominated, but no more.

Now, Huawei is aggressively pursuing a foothold in the United States, hoping to build the next generation of digital networks here. It’s prompted an outcry in Washington, and a year-long investigation by the House Intelligence Committee that has raised concerns about national security, Chinese espionage, and Huawei’s murky connections to the Chinese government. . . . [Read the rest]

Chinese telecom firms Huawei and ZTE pose security threat, congressional investigators say (Washington Post)

Congressional investigators plan to turn over to the FBI evidence of potential cyber-espionage involving Chinese telecommunications giant Huawei Technologies, the chairman of the House Permanent Select Committee on Intelligence said Monday. Rep. Mike Rogers (R-Mich.) said committee investigators received “numerous allegations” from U.S. companies that equipment bought from Huawei sent unauthorized data to computers in China. . .

. . .  He and Rep. C.A. Dutch Ruppersberger (Md.), the committee’s ranking Democrat, recommended that the U.S. government and American firms avoid using equipment from the Chinese firms for tasks that involve large amounts of sensitive data. The two lawmakers said the firms’ close ties to the Chinese government pose a threat to national security. . . .[Read more]

REPORT:

Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE: A report by Chairman Mike Rogers and Ranking Member C.A. Dutch Ruppersberger of the Permanent Select Committee on Intelligence (HPSCI, October 8, 2012)

Executive Summary

In February 2011, Huawei Technologies Company, the leading Chinese telecommunications equipment manufacturer, published an open letter to the U.S. Government denying security concerns with the company or its equipment, and requesting a full investigation into its corporate operations.

Huawei apparently believed – correctly – that without a full investigation into its corporate activities, the United States could not trust its equipment and services in U.S. telecommunications networks.

The House Permanent Select Committee on Intelligence (herein referred to as “the Committee”) initiated this investigation in November 2011 to inquire into the counterintelligence and security threat posed by Chinese telecommunications companies doing business in the United States.

Prior to initiating the formal investigation, the Committee performed a preliminary review of the issue, which confirmed significant gaps in available information about the Chinese telecommunications sector, the histories and operations of specific companies operating in the United States, and those companies’ potential ties to the Chinese state.

Most importantly, that preliminary review highlighted the potential security threat posed by Chinese telecommunications companies with potential ties to the Chinese government or military.

In particular, to the extent these companies are influenced by the state, or provide Chinese intelligence services access to telecommunication networks, the opportunity exists for further economic and foreign espionage by a foreign nation-state already known to be a major perpetrator of cyber espionage.

As many other countries show through their actions, the Committee believes the telecommunications sector plays a critical role in the safety and security of our nation, and is thus a target of foreign intelligence services.

The Committee’s formal investigation focused on Huawei and ZTE, the top two Chinese telecommunications equipment manufacturers, as they seek to market their equipment to U.S. telecommunications infrastructure. The Committee’s main goal was to better understand the level of risk posed to the United States as these companies hope to expand in the United States.

To evaluate the threat, the investigation involved two distinct yet connected parts:

(1) a review of opensource information on the companies’ histories, operations, financial information, and potential ties to the Chinese government or Chinese Communist Party; and

(2) a review of classified information, including a review of programs and efforts of the U.S. Intelligence Community (IC) to ascertain whether the IC is appropriately prioritizing and resourced for supply chain risk evaluation.

Despite hours of interviews, extensive and repeated document requests, a review of open-source information, and an open hearing with witnesses from both companies, the Committee remains unsatisfied with the level of cooperation and candor provided by each company. Neither company was willing to provide sufficient evidence to ameliorate the Committee’s concerns.

Neither company was forthcoming with detailed information about its formal relationships or regulatory interaction with Chinese authorities. Neither company provided specific details about the precise role of each company’s Chinese Communist Party Committee.

Furthermore, neither company provided detailed information about its operations in the United States. Huawei, in particular, failed to provide thorough information about its corporate structure, history, ownership, operations, financial arrangements, or management.

Most importantly, neither company provided sufficient internal documentation or other evidence to support the limited answers they did provide to Committee investigators.

During the investigation, the Committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating United States laws. These allegations describe a company that has not followed United States legal obligations or international standards of business behavior.

The Committee will be referring these allegations to Executive Branch agencies for further review, including possible investigation.

In sum, the Committee finds that the companies failed to provide evidence that would satisfy any fair and full investigation. Although this alone does not prove wrongdoing, it factors into the Committee’s conclusions below.

Further, this report contains a classified annex, which also adds to the Committee’s concerns about the risk to the United States.

The investigation concludes that the risks associated with Huawei’s and ZTE’s provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests. [Read More]

 

More DICE Posts