Former Gov. Tom Ridge and two former U.S. government cybersecurity officials again attacked Huawei 5G technology on Tuesday for posing cybersecurity risks to a wide array of nations and carrier networks.
On a conference call with reporters, they urged governments to adopt standards requiring vendor diversity and interoperability as a protective measure and called on Congress to authorize more funds to further develop and secure 5G gear and apps and future communications technology in the U.S.
One recommendation called for governments to mitigate cyber threats from Huawei and other Chinese companies by adhering to emerging engineering practices promoted by the Open Network Automation Platform (ONAP) and the Open Radio Access Network (O-RAN) Alliance.
China’s Huawei has not joined O-RAN. As the world’s largest telecom equipment provider, Huawei has led the way in producing and selling 5G equipment and software, often cheaper than Nokia or Ericsson, and has previously defended its right to sell its gear as an exclusive product to carriers that doesn’t interoperate with that of other vendors in order to capitalize on its investment in IP and products.
A Huawei spokesman refused to comment about accusations made in Tuesday’s call. However, the company’s founder and chief executive Ren Zhengfei recently aired a proposal to license Huawei 5G technology to an outside entity.
Theoretically, such a move would allow a buyer of such a license to create technology that would interoperate with Huawei’s technology, some analysts have said, which could address the concerns raised by the officials on Tuesday’s call.
However, Ridge, former governor of Pennsylvania and the first U.S. Secretary of Homeland Security, said licensing Huawei gear doesn’t “solve problems as related to security.”
The licensure idea is “another sort of insidious way that Huawei is trying to get in” to foreign networks, added Nate Snyder, a senior counterterrorism official under President Obama, also on the call. He said that Huawei’s idea of allowing licensees to build atop of its 5G code and diversify it “seems like a good idea, but from an intrusion perspective it is almost like a trojan horse…It’s a way to sidestep opening up to interoperability standards.”
Huawei’s Chief Security Officer Andy Purdy recently told FierceWireless that a comprehensive approach to cybersecurity is needed, not one that only addresses Huawei. Multiple governments in the world already have the ability to implant hidden fundtionality in hardware or software “that is very hard to find.” Testing on network equipment is needed to ensure it has not been tainted by a hostile government or malicious actor, he added.
Also on the call, Ridge repeated his concerns made in the past that Huawei relies on government grants to subsidize its development of 5G, which is how it has worked to develop 5G quickly that is less costly. Huawei has made inroads in selling 5G in Malaysia and Africa and “countries with limited resources [that] are willing to take the risk of embedding software and letting them have a Chinese monopoly on telecom.”
He also repeated concerns made by Trump Administration officials that a 2017 law enacted in China subjects Huawei and other Chinese companies to respond to any requests by the Chinese government for access to data and gear sold to customers. “To embed that tech is a huge national security risk,” he added. He said China has stolen defense secrets in the past and is “into deep economic espionage.” Huawei is “an instrument of the state …and a massive, massive security threat.”
In the past, Huawei has defended itself, saying it is privately owned, not under the directives of the Chinese government and would rather go out of business than spy on its customers that are spread across 180 countries.
Also on the call, Chris Cummiskey, former Under Secretary for Management at Homeland Security, urged Congress to authorize more funds for network security for defense and critical infrastructure. Independent cybersecurity standards groups can be used to certify whether hardware meets certain security requirements, but he conceded that the task will be more difficult with emerging 5G applications and an abundance of data in clouds.
Money for DARPA and national labs is needed “to close the distance around technology advancements…with huge investments in China around 5G,” he added. ”We have a lot of ground to cover to make up for that disadvantage. Huawei has taken advantage of that with countries around the world. Our challenge is to get high quality apps and equipment on the market to close that distance.”
The call was sponsored by Global Cyber Policy Watch, a creation of Cambridge Global Advisors, a consulting firm. It was held in advance of an Oct. 1 deadline for a cybersecurity assessment underway in the European Union.