Is Canada at risk if we continue to use Huawei equipment and not follow US law makers’ suggestion of “use another vendor” other than Huawei and ZTE? (full PDF report link) After reading a ton of reports & backgrounders (see end of article for an extensive list), plus the following New York Times report “Chinese Telecom Firm Finds Warmer Welcome in Europe” which I excerpted below), I can’t help but sense a bit US trade protectionists in the US recommendations when UK, one of US closest allies in both the Iraq and Afghan wars, has treated Huawei very differently than US. (emphasis added in this NYT article excerpt)
“[UK Prime Minister] Mr. Cameron’s government said it had no plans to change its relationship with the Chinese company in the wake of the U.S. committee’s recommendations. But in a trust-but-verify approach to the partnership, Huawei set up a Cyber Security Evaluation Center two years ago in Banbury, England. There, its engineers work alongside officials of Government Communications Headquarters, a British spy agency, to vet Huawei equipment for use in Britain.
“We recognize, of course, that no systems can be completely invulnerable, but by working together we can mitigate some of the risks,” said a spokesman for the Cabinet Office in London, who asked not to be identified as a matter of government policy.
Huawei counts as its customers many of the biggest telecommunications companies in Europe, including BT and Vodafone of Britain, Telefónica of Spain and Everything Everywhere, a partnership between France Télécom and Deutsche Telekom in Britain. The company’s equipment is in high demand, analysts say, as those companies scramble to roll out next-generation wireless broadband networks.“
For my opinion, I pay special attention to what BT does which I will explain next. Quoting Reuters,
“Huawei is well established in Britain, and it has a partnership with the country’s largest telecoms operator, BT Group PLC, to upgrade networks that stretches back to 2005. […]
BT also said the relationship was managed strictly in accordance with the law.
“BT takes a risk-management approach on the use of components from Huawei and, like the UK government, we see no need to change our position following the U.S. report,” a spokesman said.
“BT’s network is underpinned by robust security controls and built-in resilience. We always work closely with each of our suppliers – and government where appropriate – to gain assurance through rigorous review that the security of the network is not compromised.”“
To me, a big vote of confidence of the UK approach come from BT’s acceptance Huawei equipment and of the UK approach. Why? You see, Bruce Schneier, an internationally renowned security technologist recognized & respected by people interested in cryptography, is also the Chief Security Technology Officer of BT! I am not saying whatever Schneier believes or approves can simply be blindly trusted. But what I am saying is that Schneier’s acceptance of the use of Huawei equipment and the UK approach (namely “Cyber Security Evaluation Center”) merits careful consideration by Canadian government officials. Check out and see what UK is doing with the Cyber Security Evaluation Center in the last two years and possibly even hire BT and Schneier for some consulting work to understand his full justifications and see how the UK approaches can be adopted or modified for Canada.
On this note, Reuters is reporting Sir Malcolm Rifkind, chairman of British Intelligence and Security Committee, “would look at why the center [Cyber Security Evaluation Center] was needed, how it was working, and what conclusions could be drawn from the way it was operating. He said the committee’s report would be issued to the prime minister by the end of the year if not sooner.” I wish and hope this report will be published for the public so more about the operations of the Cyber Security Evaluation Center can be evaluated, for one, this is important for businesses too and not just governments.
For the record, I’m trained in Computer Science at University of Toronto although I’ve never taken a course in IT security. My interest in security & cryptography started in 1995 when I bought and read Schneier’s classic book “Applied Cryptography 1st edition“. As a result of my personal curiosity, I’ve been following security related development and news for decades by reading Schneier’s security mailing list and then blog just to keep up and stay current a little.
I also want to point out I don’t mince words when I criticize China (especially its lack of respect for rule of law) in case readers think I am “pro-China”. In fact, re Huawei I will go further than the “trust-but-verified” approach and go with “distrust-and-verified“.
What I am saying is, unlike this Canadian security expert, without know stuff that will sure need a security clearance to know, I wouldn’t categorically say “The Harper government is putting Canadian telecommunications companies at risk.” And I will definitely avoid hostile and unhelpful language like, “We shouldn’t be rolling out the red carpet for this company.” After all, Britain’s GCHQ has some seriously smart people and I presume Schneier is not asleep at the switch of BT given he holds the title of and get paid as Chief Security Technology Officer of BT.
Reports and analysis read and studied to prepare for this article:
US Governments sources
* Oct 8, 2012, “Chairman Rogers and Ranking Member Ruppersberger Warn American Companies Doing Business with Huawei and ZTE to “use another vendor”“
* Oct 8, 2012, (link to full PDF report) “Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE”
* Chairman Mike Rogers’ YouTube channel where various clips of “Huawei and ZTE Testify Before the House Intel Committee” can be found
* Sept 12, 2012, “HPSCI To Hold Open Hearing on National Security Threats Posed by Huawei and ZTE”
China Government source
* Xinhua (Official China news agency) Oct 10, 2012, “China “strongly opposes” U.S. report about Chinese telecom firms”
News with video reports
1a) CBS 60 Minutes (full segment video), Oct 7, 2012 “Huawei probed for security, espionage risk” (note: this CBS segment kinda started the ball rolling even before the report was formally issued)
1b) CBS 60 Minutes (text and transcript), Oct 7, 2012 “Huawei probed for security, espionage risk”
2) CBC News (with 3 video clips, including 16+ mins Power & Politics segment), Oct 9, 2012, “Canada ‘at risk’ from Chinese firm, U.S. warns – Head of U.S. committee says ordinary Canadians should be worried about Huawei”
3) CBC News, Oct 10, 2012, “Proof of possible corruption by China’s Huawei given to FBI – U.S. intelligence committee hands over proof of possible bribery by Chinese telecommunications giant”
4) Australian Broadcasting Corporation (full video and transcript), March 26, 2012, “[Australian] Government blocks Chinese [Huawei] technology for NBN [National Broadband Network]”
Related news from US, Canada, and UK
* Ottawa Citizen, Oct 11, 2012, “Inside Huawei’s stealthy Ottawa headquarters – If Chinese tech companies are barred from doing business here, who stands to lose more?“
* New York Times, Oct 10, 2012, “Chinese Telecom Firm Finds Warmer Welcome in Europe”
* ZDNet, Oct 9, 2012, “The Huawei dilemma: Should the UK be worried?”
* Ottawa Citizen, Oct 10, 2012, “Canada won’t say if security exemption shuts China’s Huawei out of contract“
* Council on Foreign Relations blog, Oct 10, 2012, “Huawei, Cybersecurity, and U.S. Foreign Policy”
* Forbes, Oct 9, 2012, “A Better Approach To Huawei, ZTE And Chinese Cyberspying? Distrust And Verify”
* Reuters, Oct 9, 2012, “Huawei faces exclusion from planned Canada government network”
* Queen’s University, Oct 9, 2012, “Canada should not do business with China’s Huawei Technologies: Queen’s University expert”
* CBC News, Oct 11, 2012, “Former Nortel exec warns against working with Huawei” (note: I appreciate the concerns raised by the former Nortel exec while my above analysis and approach/recommended action won’t change.)
* Reuters, Oct 11, 2012, “Britain scrutinizes Huawei’s telecoms infrastructure role”
* Tor Star, Oct 9, 2012, “McGuinty sticks up for Chinese firm Huawei accused of spying”
* Guardian, Oct 8, 2012, “China’s Huawei and ZTE pose national security threat, says US committee”
* Montreal Gazette (Post Media), Oct 9, 2012 “Canada won’t say if national security exemption shuts Chinese company out of communications contract“
* WSJ, Oct 9, 2012, “China Warns Huawei Report Could Harm U.S.-China Relations”
* Telegraph, Oct 9, 2012, “Huawei controversy: when it comes to Chinese tech companies, we should be paranoid”
* (must read) The Economist, Aug 4, 2012, “The company that spooked the world – The success of China’s telecoms-equipment behemoth makes spies and politicians elsewhere nervous“
* (must read) Globe and Mail, ROB Magazine, Nov 24, 2011 by Iain Marlow, “Huawei: Will China conquer the world?“
* Guardian, Mar 29, 2012, “Huawei contract ban stokes fear of cyber cold war – Australia cites security concerns as reason for stopping Chinese telecoms supplier from bidding for huge broadband contract”
* Reuters, Mar 29, 2012, “Australia PM stands by Huawei ban despite China plea”
* The Sydney Morning Herald, Mar 29, 2012, “PM defends banning of Chinese company – Gillard says decision on NBN contractors is for Australia alone to make.”
Background via Huawei
*) Dec 6, 2010 “Huawei Opens Cyber Security Evaluation Centre in the UK”
*) Cyber Security page with Huawei Cyber Security White Paper
*) Aug 1, 2011 “John Suffolk Joins Huawei as Global Cyber Security Officer”
*) YouTube “Cyber Security Perspectives: 21st century technology and security – a difficult marriage”