Should the UK share US fears over Chinese tech firms?
A US congressional committee has recently stated that Huawei represents a security threat. But the firm is allowed to bid for government contracts in the UK. Is the US right to be concerned, and should we follow suit? Stuart Sumner and Sooraj Shah investigate
As China's economy has boomed in recent years, several of its technology firms have also flourished on a global scale.
One firm, Huawei, is now the largest telecommunications equipment manufacturer on the planet. It delivered one of the world's first LTE/EPC (Long Term Evolution/Evolved Packet Core - essentially 4G-capable) networks in Norway in 2009 - and has had long-standing partnerships in the UK with BT, Carphone Warehouse and Vodafone.
But should we be concerned by Huawei's growing presence in the UK's public and private telecoms infrastructure? After all, the government itself is a customer of BT, and could very well be using Huawei-manufactured kit in its most sensitive, mission-critical networks.
Other countries are worried about Huawei's association with the Chinese government. The firm was set up by current president Ren Zhengfei, a former major in the Chinese People's Liberation Army. It was banned from tendering on Australia's National Broadband Network because of security fears, and this month, after a year-long review, was deemed a "national security threat" to the US, by a US House Intelligence Committee.
"China has the means, opportunity and motive to use telecommunications companies for malicious purposes," the report claimed.
Huawei has refuted this, stating that the report "failed to provide clear information or evidence to substantiate the legitimacy of the Committee's concern".
But since the US Committee released its report, the government of Canada has also announced that it will exclude Huawei from a project to build a government broadcasting network, again due to security fears. In the UK, it has recently surfaced that the Chinese firm could face a Commons inquiry into its relationship with BT.
BT has since issued a statement that said: "We work closely with Huawei on commercial security best practice and our relationship with Huawei is managed strictly in accordance with UK laws."
So what exactly is the US concerned about?
[Turn to next page]
Should the UK share US fears over Chinese tech firms?
A US congressional committee has recently stated that Huawei represents a security threat. But the firm is allowed to bid for government contracts in the UK. Is the US right to be concerned, and should we follow suit? Stuart Sumner and Sooraj Shah investigate
The US investigation into the firm - and fellow Chinese telecommunications equipment firm ZTE - found that Huawei had failed to provide details of several key issues relating to links with the Chinese government, Chinese Communist Party and its operations in Iran.
It seems that the Committee has taken this failure to be a substantive admission of guilt. The situation, however, is different in the UK, which so far appears to be adopting an "innocent until proven guilty" approach.
Last week, Huawei stated it would open new UK headquarters at Green Park in Reading in April 2013 as part of its £1.25bn investment and procurement programme - an investment that Prime Minister David Cameron had himself endorsed, stating that it would help to achieve sustainable growth in the country, as it promised the creation of a further 750 jobs.
Cameron, who met with Zhengfei at the launch of the plans, said this move signalled a "different relationship" between the Chinese firm and the UK.
By "different", it seems that he meant "not shrouded in suspicion and mistrust".
According to Derek Smith, cyber security spokesman for the Cabinet Office, the UK has not gone into this relationship with its eyes closed.
"In the UK, we have had a cyber security evaluation centre with Huawei up and running for a number of years and in my understanding this is unique. It's a system that allows our government security experts to work very closely with Huawei in the UK to ensure that the equipment meets the UK security standards," he told Computing.
In a statement, the UK's government spy agency, GCHQ, admitted that it was working with Huawei, and that it was a two-way process between public and private sector to ensure complete security.
Perhaps worringly, GCHQ is seeking to pin some of the responsibility to assure Huawei's trustworthiness on the private sector.
[Turn to next page]
Should the UK share US fears over Chinese tech firms?
A US congressional committee has recently stated that Huawei represents a security threat. But the firm is allowed to bid for government contracts in the UK. Is the US right to be concerned, and should we follow suit? Stuart Sumner and Sooraj Shah investigate
"Cyber security is not just a matter for government, and industry has a key responsibility to ensure that their products are suitably secure and robust for use. CESG [the Information Assurance arm of GCHQ] on behalf of HMG, has worked with Huawei in establishing the Cyber Security Evaluation Centre in the UK," it said.
A cynic might suggest that GCHQ is preparing its scapegoat, should things go wrong.
US security vendor RSA's executive chairman Art Coviello told Computing that it's important not just to understand the company, but its supply chain.
"In any instance where you're going to implement technology, you have to have the ability to understand the supply chain and how the supply chain might have been compromised. That doesn't have to be Huawei, that's just an issue with any supply chain."
Smith countered that the UK does indeed understand Huawei's supply chain, as it has been working with the firm since 2010. He echoed Huawei's own statement from 2010 on the matter.
"The evaluation centre is there to assure our end-to-end equipment: both hardware and software solutions will be tested in the centre to ensure its ability to withstand growing cyber security threats," it said at the time.
Smith added that to maintain and build confidence in the UK's infrastructure, overseas suppliers must meet very robust and stringent security standards.
"Companies have to meet those standards in order to be able to gain access to our competitive markets, now that's across the board whether it's in telecoms, IT or anything else - we work with companies closely to reduce and manage the threats to our networks and will continue to do that," he said.
Meanwhile, mobile operator EE, whose 4G network is to be powered by Huawei, admitted that it has not seen the US report, but issued a statement to clarify the security process it undertook with the Chinese firm.
"We have a rigorous security process in place that ensures all our partners and work undertaken by them meets our required standards. Huawei, a globally trusted and respected company, underwent a stringent security check and agreed to a specific set of security requirements before being selected to work with EE in May 2011 on the installation and upgrade of our ‘4G ready' 2G network infrastructure," the statement said.
Smith concluded by saying that the government takes security and the integrity of all equipment used by government and the public sector very seriously.
"It's very important for us to maintain public and business confidence across national and indeed international networks," he said.
Despite these assurances, many still question the wisdom of allowing a Chinese firm with close ties to the Beijing government to supply the backbone of the UK's communications infrastructure. The US government certainly views it as a risk not worth taking. The Coalition, however, appears to be satisfied that it has taken the necessary precautionary measures, and has so far found nothing sufficient to prevent it from doing business with Huawei.
As ever, the proof will be in the pudding. Huawei has got to be where it is today by delivering good technology at a highly competitive price. Should its equipment eventually prove to be free from bugs (the secretive, listening kind), malware and back-doors, then Cameron and his government will point to a cost-effective contract that other countries were too xenophobic to take advantage of.
But should diplomatic ties between China and the West nosedive, and evidence of the leakage of sensitive information from the UK come to light, then the blame game with start.
For its own part, Huawei itself needs to find a way to satisfy international partners that its intentions are honest, or it will find itself increasingly excluded from high-value and high-profile national infrastructure projects.
While Zhengfei, with his ties - real or perceived - to the Chinese state, remains CEO, it may find that to be an uphill struggle.