The backbone of America’s future wireless communications could be under threat, according to a congressional hearing Wednesday on the security of 5G.
Sen. Maria Cantwell (D-WA) argued that the new 5G networks could be prone to foreign interference, particularly if they relied on foreign-built hardware that could be vulnerable to supply chain attacks. “We must be certain that there is a secure supply chain backing up our 5G system,” Cantwell said. “We cannot tolerate a leaky valve or a back-door into these networks.”
She did not mention Huawei by name, but the Chinese company has repeatedly been raised as a specter by lawmakers, who argue that the Chinese government could use the telecommunications giant as a way to infiltrate sensitive infrastructure in the United States. The company has faced a number of damaging scandals in recent months — including allegations of trade secrets theft, sanctions violations, and the arrest of its CFO — but nothing has been so damaging as the implication that its equipment could be compromised by Chinese intelligence agencies.
Huawei has repeatedly denied that it would spy for the Chinese government, but the denials have had little effect. Use of the company’s equipment has already been curbed in countries like the US and Australia, and nations allied with America are reportedly being pressured into similar policies. As 5G rolls out across the world and cash-strapped carriers struggle for a way to compete, security concerns are keeping the world’s largest provider of telecommunications equipment on the sidelines in the US. The company, meanwhile, has been pitching government officials on a way forward.
In an interview with The Verge, Huawei chief security officer for the United States Andy Purdy acknowledged that, politically, it’s been difficult to have conversations with lawmakers about a potential path for Huawei to continue operating in the United States, but says “there are probably a number of different ways” that a risk mitigation system could work, whether as some sort of government-monitored checkup or an audit from a third party. Several agencies could be involved in checking the security of equipment, he argues. “We’re just open to having a conversation about what that might look like,” he says.
In an interview with journalists, one of the company’s rotating chairmen, Ken Hu, raised a similar point. Asked about security measures the company has taken in countries besides the United States, he said “we are very willing to take proactive measures to address and mitigate concerns,” and have “already had many successful cases” of cooperation with other countries.
Huawei has pointed to security systems in place in countries including Canada, where testing facilities for Huawei hardware and software are in place to look for potential flaws. “We have a very advanced relationship with our telecommunications providers, something that is different from most other countries to be honest from what I have seen,” Scott Jones, the country’s top cybersecurity official, said in September. (Regardless, others remain more skeptical of the company, and a ban is being closely considered in Canada.)
Huawei already uses security labs for testing their products in Germany and Britain, and has made a similar offer to Poland as well. Meanwhile, the company has been pushing for a similar arrangement in the United States. “There are mechanisms you can put in place so that you can demonstrate that our US operations are not subject to the undue operations of anybody,” Purdy says.
Purdy says there are effective ways that the US could set up such a mechanism. He points to processes used by the Committee on Foreign Investment in the United States (CFIUS). When a foreign company takes over an American one, he notes, the government committee may require some standards be used to mitigate the risk of foreign influence, including by managing security concerns. The United States could use a similar process to test Huawei products and manage security concerns, he argues. “There’s a way to address the risk, and [for] America to get the benefits,” he says.
The company has tried to make the case directly to government officials. The FCC has been considering a proposal that could further lock Huawei out of the US market because of national security concerns. The agency has asked for comment on the proposal, and Huawei has filed comments with the Commission arguing that there are still ways that government officials can be assured their products are safe.
“Huawei agrees with industry and government experts that cybersecurity threats require looking beyond banning specific vendors and instead adopting a holistic, forward-looking risk mitigation strategy,” the company said in a filing with the agency in December.
“What we’ve recommended to the FCC is they need to create a program to address real risk, and it needs to apply to everybody, and it needs to be objective and transparent,” Purdy says.
Still, some US officials have been unreceptive to those compromises, arguing that the company poses a potential security threat regardless of safeguards. When introducing legislation last month that would further tighten the grip on Chinese telecom companies, Rep. Mike Gallagher (R-WI) said Huawei “will be employed where and whenever possible to undermine American interests and those of our allies.” Sen. Tom Cotton (R-AR) described the company as “effectively an intelligence-gathering arm of the Chinese Communist Party.”