Though the company is coming off of its best year ever in most of the world, Huawei cyber security is set for a big boost in 2019 and may end up becoming the company’s central focus going forward. Much of this is due to concerns in Western countries about the security of their hardware.
China’s Huawei has had a fraught relationship with both the United States government and major US telecoms ever since it began expanding into overseas markets in the early 2000s. The company endured multiple accusations of intellectual property theft, including a 2014 incident in which T-Mobile claimed that Huawei employees physically removed parts of a testing robot from one of its labs.
These controversies did little to slow the company’s phenomenal growth, however, which saw it pass Apple to become the world’s second-largest smartphone manufacturer in 2018 and the biggest of the Chinese telecoms. That is, until the accusations of espionage began.
Huawei took a heavy blow in mid-2018 when the Trump administration approved a ban on the use of all Huawei and ZTE products by government entities and their contractors. Earlier in the year, AT&T abruptly pulled out of a deal to distribute their smartphones in the US – largely thanks to government pressure. And to the north in Vancouver, chief financial officer Meng Wanzhou remains in the custody of Canada after her arrest at the request of the United States.
Huawei has denied allegations that it participates in espionage on behalf of the Chinese government. However, whether or not these allegations are true, they have created public relations problems for the company in the West. In response, Huawei cyber security will undergo major reforms as part of a $2 billion effort to revamp software source code for greater transparency.
The Huawei cyber security pledge
Huawei cyber security efforts in 2019 will focus on two central areas: software engineering and the way in which hardware is deployed.
Huawei’s present software system is basically “out of the box” for any end user, with the company only making information security changes upon specific request from government agencies. Huawei has yet to make a public statement on exactly what their new approach will be, but is slated to deliver a report to the British National Cyber Security Centre (BNCSC) sometime soon before releasing information to the public. This move was in response to a BNCSN threat to exclude Huawei entirely from the United Kingdom’s 5G network should they not respond to a list of specific national security concerns.
The hardware issue concerns Huawei’s network. Huawei cyber security is such a concern because the majority of traffic on their networks in many Western countries ends up passing through Huawei equipment that governments do not have oversight of or access to. More details on Huawei’s cyber security strategy for 2019 are also forthcoming after their meeting with the BNCSN, but it is safe to presume that they will increase government access to more of this hardware.
It is unclear if the new Huawei cyber security approach will address United States concerns. The company appeared to concede that territory in April of 2018, when it issued a statement indicating that they would “focus on existing markets” going forward.
Huawei founder Ren Zhengfei also signaled commitment to this new direction for the company in an internal letter in early January. The letter stressed the importance of the company’s credibility to the future of its business.
Understanding the debate
In the midst of all this, Huawei made clear that their new focus on cyber security should not be taken as some tacit admission of guilt. To the contrary, the company continues to push back on the espionage claims of Western nations, demanding that they at least provide proof to telecoms if not to the general public.
The United States has been positing theoretical concerns about Huawei since 2012, when the House of Representatives issued a report finding no direct evidence of espionage but expressed concern about Huawei’s refusal to fully disclose its relationship with the Chinese government. There is legitimate basis to believe Huawei might pose a security risk at some point, as China reserves the right to require private companies to collect intelligence for them on demand.
On the other hand, it is absolutely fair for Huawei to request evidence of what are serious accusations. The public has yet to see any concrete evidence of this nature. Some Western nations, such as Germany, have also asked that evidence of these charges be presented before they ban Huawei products.
There are also possible motivations for rival intelligence agencies to issue unfounded reports. These same agencies have shown a strong interest in having encryption-bypassing backdoors for their use be standard in phone hardware, something that cannot be done with phones made by Chinese companies. And the National Security Agency has already been caught committing the same sort of espionage against Huawei that they accuse the company of; the Edward Snowden leaks revealed that the agency hacked Huawei and copied source code as part of an operation called “Shotgiant”, the ultimate goal of which was to find exploits to allow them surreptitious access to the company’s hardware throughout the world.
There is also a race between the world’s leading economic powers to be the first to roll out 5G networks on a national scale, which would give the winner a significant research and development edge in technologies such as autonomous vehicles. The issue may end up being more about one (or all) of these things than it is about Huawei cyber security policies.
Huawei cyber security: Is their hardware safe to use?
The likely answer here is that both sides are engaging some level of spycraft. Huawei has been caught conducting corporate espionage against a number of major competitors over the last decade and a half, and the American intelligence agencies have conducted documented operations against both China and Huawei. There really are no clear-cut “good guys” here.
Huawei has to weigh up its new position as one of the world’s biggest telecoms and a company with over $280 billion in global annual revenue, something that is put at serious risk if it becomes as blatant an espionage arm of the Chinese government as some intelligence agencies are portraying it as. The company is likely more valuable as a China-based economic powerhouse than it is as a surreptitious data dragnet, and it would not likely last long trying to be both at once. That doesn’t mean that companies shouldn’t exercise due caution in evaluating Huawei hardware and services, but the new Huawei cyber security approach may well go a long way to restoring consumer trust once it is fully developed and disclosed to the public.