Huawei a 'perfect storm of unintended consequences waiting to happen', claims researcher

Corporate and consumer Huawei 5G security risks have been misunderstood, warns Recorded Future

A security researcher has branded Huawei "a perfect storm of unintended consequences waiting to happen" in a scathing report released today.

The paper, "Geopolitical and Supply Chain Risks from the Huawei Monoculture", published by security researchers Recorded Future, explores the alleged security threats the Chinese company might pose to consumers, governments and organisations.

Author Priscilla Moriuchi claims that the real world "corporate and personal consumer risks in Huawei as a global technology conglomerate building next generation (5G) cellular networks have been largely genericized and misunderstood".

The enormous range of products and services offered by Huawei generates a nearly unimaginable amount of data for one company to possess

She believes that the company's vast product portfolio and global reach are "emblematic of an evolved and more comprehensive technology supply chain threat".

She continued: "The enormous range of products and services offered by Huawei generates a nearly unimaginable amount of data for one company to possess.

"From the personal device level (smartphones and wearables) to the network level (routers, switches and 5G base stations) and global level (undersea cables, fiber optic lines, and "safe city" surveillance systems integration), we can only begin to imagine what a single company can do (whether benign or malign) with access to that scope of information on people, government and companies".

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

Moriuchi notes how the firm offers a broader range of products and services than any Western tech giant, including Facebook, Microsoft and Apple. This alone, she claimed, is a major security concern.

In another point, she asserts that Huawei doesn't just exist within an authoritarian state but has "benefitted from that system, supported that repressive rule and is intertwined with the success of that government's policies".

The researcher continued: "The position that Huawei occupies in China and its obligations under that government's laws and regulations cannot be minimized.

"As a 2018 Hoover Institution report aptly states, not only are the values of China's authoritarian system anathema to those held by most Americans, but there is also a growing body of evidence that the Chinese Communist Party views the American ideals of freedom of speech, press, assembly, religion, and association as direct challenges to its defense of its own form of one-party rule.

"This government-level hostility towards freedom and openness, combined with a legal and extrajudicial regime that places the responsibility on individuals and companies to assist intelligence and security forces, foists Huawei and its employees in an unwinnable situation.

Computing's Cloud Excellence Awards return on the 19th September 2019, recognising the very best of cloud computing in the UK across end users, suppliers and products. Who is the Cloud Architect of the Year? What is the Best Cloud Development Platform? And who is the Cloud Entrepreneur of the Year. Entry is FREE - the deadline is Friday 28th June.

"Huawei as a Chinese company is not inherently malign; however, the people that comprise Huawei will at some point likely be forced into making decisions that could compromise the integrity or corporate ambitions of their customers."

To Moriuchi, the third-party supplier threat is no longer just a problem for hardware and software supply chains.

"Today, most companies contract some substantial portion of their business operations (including cloud data services, video conferencing, remote desktops, cross-domain solutions, and more) to external providers," she said.

"The breadth of products and services provided by Huawei places much of that technology supply chain within the domain of one company, and exposes its customers to cross technology risks."

She added: "Single points of convergence can also lead to single points of failure. While Geer and co-authors argued in their seminal 2003 essay, CyberInsecurity: The Cost of Monopoly, that one singular operating system, or the Microsoft monoculture at the time, aggregated global cybersecurity risk, today the monoculture is one of data ownership, where few companies own the personal and professional data of billions of people.

"The residence of this much of the global technology supply chain (and data) within one company governed by an undemocratic authoritarian government, which is threatened by basic human freedoms could potentially pose a serious business and personal hazard."

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.