Friend or threat – looking at the heart of Huawei

Debate around the selection of Huawei to roll out the communications network for Metronet is just an example close to home of how the western world is grappling with the rise of the Chinese company as a technology powerhouse.

The headquarters of telco Huawei in the Chinese city of Shenzhen has a subtle link to Western Australia – two black swans that live on an artificial lake at the 20,000-person campus.

Like the black swan theory, Huawei has surprised many in the west.

In the space of 10 years, revenue has lifted from $US20 billion ($28 billion) to more than $US100 billion.

Huawei chalks this success up to a focus on research and development, with the company spending $US20 billion on technological exploration annually, more than competitors Cisco, Nokia and Ericsson combined, but less than Amazon.

And that investment has paid off.

The business is leading the global rollout of 5G telecommunications networks, picking up about 40 contracts globally with carriers so far.

New 5G technology, the company says, will make society interconnected like never before, with autonomous cars, smart cities, remote surgeries and greater productivity, all controlled from the cloud.

But that level of connectivity comes with a risk.

A network where infrastructure is operated via the cloud and where services are interconnected could also be an opportunity for adversaries to cripple society.

That has left western countries, particularly those in the Five Eyes intelligence network, which includes Australia, wrestling with a major problem: should they risk falling behind in their uptake of this technology, or are they most concerned about the security of critical infrastructure?

Huawei's Shenzhen headquarters.

In August, the federal government announced a new telecommunications policy that would oblige mobile carriers to protect networks against national security risks.

“While we are protected as far as possible by current security controls, the new network, with its increased complexity, would render these current protections ineffective in 5G,” the government said in a statement.

“The government considers that the involvement of vendors who are likely to be subject to extra-judicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference.”

That meant Huawei, a private business owned by employees, and ZTE, which is listed and partly owned by the Chinese government, were banned from rolling out 5G networks.

Vodafone later paused its 5G rollout because it was unable to use Huawei equipment.

The United States also signed off on a law that would ban Huawei in 2018, while New Zealand announced a policy similar to Australia’s in November. Japan announced a ban in December.

The US has been lobbying other allies to do the same.

Huawei chief financial officer Meng Wanzhou, who is the daughter of Huawei founder Ren Zhengfei, was arrested in Canada in December for allegedly fraudulently representing the company’s relationship with an Iranian affiliate.

The Australian 5G ban followed the award of a contract to upgrade the radio system for Western Australia’s commuter rail network in July, which would be worth about $136 million and replace 2G technology with 3G.

That contract has been similarly controversial, with the state opposition arguing the McGowan government did not do proper due diligence and ignored security advice.

More recently, The Times reported that the US Central Intelligence Agency believed Huawei had received funding from China’s People’s Liberation Army, National Security Commission and another unnamed branch of the country’s spy network.

An added dimension for Huawei is that the founder, Mr Ren, has links to the Chinese government, although he has made strong commitments that he would put his customers first.

The 5G ban was not Huawei’s first run in with Australian authorities, after the business was banned from building the National Broadband Network in 2012.

Despite this, Huawei has played a key role in the construction of the 4G mobile network in Australia, with about 60 per cent of Optus’s system in Perth and Western Australia manufactured by the business.

Manufacturing Equipment at an exhibit in the Huawei headquarters.

Trust

Huawei’s biggest frustration with the 5G ban is that the business feels that insufficient evidence has been presented to show it had done something wrong.

Speaking to Australian journalists at Huawei’s global analyst conference in April, Huawei head of cybersecurity John Suffolk said he felt the business had been found guilty in Australia without proof.

“I can’t sit here and say its grounded in forensic analysis because nothing like that has been presented to us,” Mr Suffolk said

“We allow anyone to test to their heart's content, we certainly haven’t seen that coming from Australia.

“(Australian) equipment running the National Broadband Network now (is) made in China.”

A March report by the United Kingdom’s Huawei Cyber Security Evaluation Centre oversight board said that country, one of Australia’s Five Eyes partners, had concerns.

“As reported in 2018, HCSEC’s work has continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to UK operators, which requires ongoing management and mitigation,” the report said.

“No material progress has been made on the issues raised in the previous 2018 report.

“The oversight board continues to be able to provide only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK.”

The board also said it could only provide limited assurance that security risks from Huawei’s involvement in critical networks could be managed.

The report noted it was not possible to be confident that the source code examined by the board was exactly the same as that used to run the UK networks.

Mr Suffolk said some of the code was sloppy, while some was old to enable interoperability for clients using earlier versions.

The company would spend £2 billion ($3.65 billion) updating the scripts, he said.

Systems were also in place to ensure staff did not submit malicious code, Mr Suffolk said.

“We take software engineers for example, we know every project person who is going to work on a project, the code for every particular project, they have no access to anything else,” he said.

“We try and seek to limit what you can do.

“No software engineer has the ability to move software from development to automated process, with different people holding the key.

“It is automated from line to hardware, no one touches it.”

Mr Suffolk said the company was very transparent about its codes, opening testing centres in numerous countries, and went further than its major competitors.

“Some customers want to come to China,” he said.

“They use all the test facilities here, they use our labs here, they bring third-party consultants here.

“Other people, they don’t want to travel, they want something closer.

“Hence, why we’ve opened a facility in Brussels (as an example), which has a testing verification centre there and again, any country, any customer is more than welcome to come and use our facility.”

Another Huawei representative told Business News there were five stages the code would need to go through to be approved, although the final stage was automated.

Mr Suffolk said Huawei’s two major competitors supplying equipment to carriers also had Chinese operations, with both those businesses operating in joint ventures with Chinese government entities.

“In 2016, half of iPhones were made in China, the three major competitors (supplying equipment to carriers), Huawei, Ericsson and Nokia have their equipment made in China,” he said.

“So, it doesn’t matter whether you are running a Huawei or Nokia, I am afraid it is made in China as a joint venture.

“We take software engineers for example, we know every person who is going to work on a project, the code for every particular project, they have no access to anything else.”

One Huawei representative noted that last year, Cisco had needed to patch five backdoors in its networks in five months.

A modular data storage centre at Huwaei's Shenzhen HQ.

Founder’s pledge

Part of Huawei’s defence rests on the integrity of the founder, Ren Zhengfei, a billionaire.

He has worked in China’s People’s Liberation Army as a technology expert and is a member of the communist party.

But notably, his family had links to China’s pre-revolution nationalist movement, the Kuomintang, which reportedly led to his father being labelled a “capitalist roader”.

Mr Ren has said in numerous interviews he would rather shut down the business than do ill to his customers.

“When it comes to cyber security and privacy protection we are committed to be sided with our customers,” he reportedly said in January.

“We will never harm any nation or any individual.”

Taking Mr Ren at his word, it would leave the company in a uniquely delicate position with the country’s authoritarian government.

When asked if the company could give a guarantee that a similar commitment would be adopted by any successors, Mr Suffolk said it was firm as it could be.

“I think that’s an easy test, whenever the chief executive changes just ask them,” he said

“Can we predict the answer for the next CEO or the next CEO or the next CEO?

“No we can’t.

“But it’s worth bearing in mind that Huawei has a rotating chairman model … (the) three chairmen have the same commitment.”

Another consideration would be application of a law in China that expanded the country’s powers for intelligence gathering and can compel organisations and citizens to contribute.

If Huawei’s international operations fall in the scope is yet to be clear, but if so, that would be the test for Mr Ren’s commitment.

Huawei has undertaken network mapping services in Melbourne for a local carrier.

Chips

One example of how technology manufacturers can infiltrate the equipment of other businesses was uncovered by Bloomberg last year.

Chinese factories snuck a small extra chip into hardware built for US-based Super Micro Computer, which supplied Apple, Amazon and by US defence data centres, Bloomberg alleged.

The allegations were strenuously denied.

China has also been accused of cyber attacks on Australia, including the Bureau of Statistics’ census website and the Bureau of Meteorology.

Neither allegation was confirmed by the federal government, however.

Matt Mckenzie joined a group of Australian journalists at the Huawei analyst summit in April as a guest of the company.