Telecom vendors Huawei, ZTE pose cyber-espionage threats, lawmakers conclude

After an 11-month investigation, the US House of Representatives' Permanent Committee on Intelligence suggested that telecom networks built on Huawei and ZTE gear could provide a way for the Chinese government to bake in listening vectors, for instance.

There is a "heightened threat of cyber espionage and predatory disruption or destruction of US networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies,” the report said.

The panel recommended that American telcos, cable MSOs, satellite companies, wireless operators and broadband providers should consider other vendors going forward when building out or expanding networks. And, sensitive government systems should exclude Huawei or ZTE equipment or component parts--Huawei in particular has a large enterprise IT division that could supply federal and state networks.

And, it said that it would seek to block mergers or acquisitions involving Huawei and ZTE due to national security concerns.

“There is a growing recognition of vulnerabilities resulting from foreign-sourced telecommunications supply chains used for U.S. national security applications. The FBI, for example, has assessed with high confidence that threats to the supply chain from both nation-states and criminal elements constitute a high cyber threat.”

Communications networks of course support electric power grids, banking and finance systems, natural gas, oil and water systems, rail and shipping channels and more. The panel concluded that given the mission-critical nature of telecom networks, and their supply-chain vulnerabilities, an absolute level of trust is required when it comes to equipment suppliers.

But lawmakers said that neither Huawei nor ZTE sufficiently cooperated with the year-long probe to assuage their concerns—in fact, they said, both companies failed in their “level of cooperation and candor” when it came to divulging their formal relationships or regulatory interactions with Chinese authorities and the precise role of each company’s Chinese Communist Party Committee.

The panel also singled out Huawei as presenting the larger issue and said that it plans to ask the Executive Branch (presumably the Department of Justice) to further review its activities. “During the investigation, the Committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating United States laws,” it said. “These allegations describe a company that has not followed United States legal obligations or international standards of business behavior. The committee will be referring these allegations to Executive Branch agencies for further review, including possible investigation.”

Huawei has long had trouble securing a significant footprint in the United States thanks to concerns on the part of operators about whatever ties to the Chinese government it may have, and it has always maintained that it is a purely private company, owned only by its employees. It issued a statement saying that while it had hoped that the investigation and its conclusions would “clarify the misperception of Huawei…despite our best effort, the Committee appears to have been committed to a predetermined outcome.”

Echoing previous concerns over anti-competitive subtexts, it also not-so-obliquely suggested that the report is nothing more than protectionism. “The ranking member of the Committee stated at the hearing that the investigation by the committee ‘is not political jousting or trade protectionism masquerading as national security.’” The vendor said. “ Unfortunately, the Committee's report not only ignored our proven track record of network security in the United States and globally, but also paid no attention to the large amount of facts that we have provided.”

It concluded, “The report released by the Committee today employs many rumors and speculations to prove non-existent accusations.

What’s hot on Infosecurity Magazine?