Huawei Chief Security Officer Andy Purdy forcefully denies any wrongdoing on the part of the Chinese telecom giant and says the company wants to be treated equally and given a fair shot to dispel rumors of undue foreign influence.
“The fact is: there are not really allegations of espionage against Huawei,” he told SDxCentral last week in a phone interview. “There have been a couple officials that are just clearly uninformed. Their reading is the government believes that in the future Huawei would cooperate with improper requests from the Chinese government.”
The whispers of espionage have reached a crescendo of late, culminating earlier this month with Huawei filing a lawsuit against the U.S. government, challenging a ban on its equipment. All of the suspicions are “future looking” and wrapped up in wider geopolitical concerns about the national security of the United States, Purdy said.
“China has risen economically and militarily to a point where the United States is concerned that economic might is national security,” he explained. “We’re certainly harsh competitors in the economic espionage space. We aren’t military opponents, but when the United States looks at risk from a national security or homeland security perspective they look at threats, vulnerabilities, and consequences of those vulnerabilities. And the key thing is threat is the intent and capability of the potentially malicious actor.”
Chinese technology in telecommunications, artificial intelligence, and data is “really cutting edge in a lot of ways,” and as a result the “U.S. government is concerned about the criticality of the globe’s communication networks and the U.S. communication network in particular with the evolution of communications to an IP-based world with 5G,” Purdy said.
“One of the realities is that we have a less secure cyberspace than we had in the past with 5G and IoT,” he said. “The evolution of our economies is going to change dramatically, and we are going to become much more dependent on information and communication technologies for just about everything.”
Who is Responsible For Security?
As such, the U.S. government is concerned that no separate ecosystem exists that can provide the level of security and assurance that it requires. “They’re bending over backwards while the world is trying to move forward toward addressing the true challenge in cyberspace in a multi-vendor world. They’ve been resorting to block an individual company, which of course is not going to make America safer.
He argues that the best approach to security is to require a diversity of suppliers and clear divisions of responsibility. “One of the key factors, whether it’s 5G or 4G, is the role of the operators in managing security. They have the ability to monitor all of the inbound, outbound, and internal traffic for any concerning or anomalous conduct,” Purdy said.
“Each entity needs to understand their role and their responsibilities relative to the security of the networks. You can’t eliminate all risk, but you manage risk. So each performs their particular role,” he said. Carriers have to assess and manage risk in their suppliers, and promote resilience on their networks, Purdy added. Huawei has its responsibilities too, but “in the end, the carriers need to understand the risk from suppliers and where necessary they need to put risk mitigation in place.”
Other countries such as the United Kingdom identify critical nodes in their communication network and require a diversity of suppliers for each critical node while also limiting the market share that any one supplier can have, Purdy explained. Indeed, major U.S. carriers have already indicated plans to use multiple suppliers for core network functions and radio access equipment. Purdy also added that Huawei is not seeking to compete on the core, which is where the most sensitive data is stored.
The advancement of 5G has changed the dynamics of Huawei’s role in networks and created new rifts between it and the U.S. government, which is pushing its allies to block the company’s equipment in their respective countries as well. While some countries have relented to pressure from the United States, many European countries remain unphased — Germany recently told the U.S. to butt out over Huawei and 5G.
Interoperable Equipment for 5G
Some major U.S. operators are also unconvinced that Huawei is a bad actor. AT&T CEO Randall Stephenson last week said he’s more concerned about Huawei’s adherence to interoperability than the security of its equipment. “If you have deployed Huawei as your 4G network, Huawei is not allowing interoperability to 5G,” Stephenson said.
Purdy declined to directly contradict this claim, but said Huawei is conducting additional research on interoperability and pointed to 3GPP standards that require interoperability for 4G and 5G. “My understanding is that the 3GPP requirements of interoperability would mean that if a carrier has their equipment for 4G, the competitor’s equipment would be able to become the 5G equipment.”
Even if standards call for interoperability, most network operators tend to stick with the same vendors they used in previous network upgrades to avoid potential problems and ensure a more seamless transition. Some major U.S. carriers have already said they will divide the country up by vendor using the same plan they followed for LTE network upgrades simply because it’s easier.
Regardless of where a vendor conducts operations, all operators must address risks from all vendors, according to Purdy. “We’re no longer in a world of trust and verify…We’re in a world where cyberspace needs on an objective and transparent basis to know which products are worthy of trust, and we’re not there yet.”
Huawei is willing and prepared to go through the normal process of review for foreign-owned entities operating in the United States, but that opportunity hasn’t been extended to the company, Purdy said. “Nokia, Ericsson, and Sprint operate under such risk mitigation agreements in the United States. Those are proven mechanisms to address risk.”
The unfortunate truth is that telecommunications networks and systems around the world “can be exploited by sophisticated, motivated nation states,” he said. “They can hack into the networking systems around the world, and they can hack into the global supply chain virtually, and they can implant hidden functionality and exploit our vulnerabilities in those systems. No network or system is impenetrable, and I don’t know of any that’s impenetrable by the five or six most sophisticated nation states in the world.”
All networks operate under this reality today, but there are processes in place to limit risk, he explained. “I can’t predict the outcome. I can’t say what we will do, but we would like the opportunity to talk to the United States government about proven risk mitigation mechanisms that are proven to the satisfaction of the U.S. government,” Purdy said. “We want to talk about such proven risk mitigation mechanisms and see if we might be able to come up with something that would allow Huawei to do business in the United States.”