Huawei: Separating fact from fiction

Industry veteran David Newman analyzes the charges made against Chinese telecom vendor

Chinese telecom provider Huawei was hardly a household word a few months ago, but it's had lots of negative publicity of late, from an Economist cover story to a 60 Minutes piece.

And now the US House Intelligence Committee has issued a report recommending that Huawei and ZTE, another Chinese telecom company, be viewed "with suspicion."

Huawei customers defend their security after congressional report

As the president of a third-party test lab, I've had some experience dealing with Huawei, its competitors, and its customers. And as a U.S. history buff, I'm also aware that this is hardly the first attempt to drum up fear of "The Other" in the name of patriotism and national security.

While some claims about Huawei are valid, others are unsupported. Let's sort through these. (I'm focusing on Huawei here because I know it better than ZTE.)

1. Huawei is succeeding because of Chinese government backing.

This is true. Beijing is a huge customer and subsidizer of Huawei's development efforts.

Then again, Huawei has lots of company. Toyota's popular Prius wouldn't have happened without a hand from the Japanese government. Airbus and its majority shareholder EADS wouldn't exist if Western European governments hadn't encouraged defense contractors to merge.

We have hugely successful public/private endeavors in the U.S., too. Some of our most important scientific and engineering achievements - things like atomic energy, space travel, human genome mapping, and the Internet itself - came out of government research programs.

The problem we have is too little R&D spending, not too much. Scream about waste all you want, but there's a baby/bathwater problem here. There's been a long-term slump in U.S. R&D funding while China is increasing its funding 10% year over year. We're not doing enough R&D spending to keep pace.

2. Buying Huawei is unpatriotic; it means replacing U.S. gear with Chinese stuff.

All telecom providers, including U.S. ones like Cisco, make at least some gear in China.

It's true that Huawei's profits go back to China. Then again, it's also common practice for U.S.-based multinationals not to "repatriate" their overseas profits for tax reasons.

This goes beyond factory locations. All major networking companies are multinationals, and all their engineering groups look like the United Nations. This can complicate matters for U.S. companies holding defense contracts with citizenship and security-clearance requirements.

Ironically, some manufacturers are scaling back in China as wages rise. These days we see more components coming into the lab from places like Malaysia and Vietnam.

3. Huawei doesn't care about intellectual property rights.

Huawei tried to enter the U.S. market a decade ago with an effort that would have been hilarious if it wasn't so ham-handed.

Visitors to Interop 2002 Las Vegas saw the Huawei booth next to Cisco's, with Huawei routers like the 2600, 3600, 4700, and 12000 GSR on display, all in Cisco's familiar olive paint. Although the Huawei command-line interface (CLI) said "HOS," it had the same bugs as a contemporary IOS release.

Cisco sued in a federal case that was settled out of court. As one Cisco engineer told me, "They don't get to copy our bugs."

Huawei has long since rewritten its router code. In my experience with it, I'd say its CLI is too strange to be purloined. Perhaps because of the earlier experience, Huawei seems to have come up with a different synonym for every single Cisco command.

4. Huawei equipment has secret backdoors.

This one is unproven, like similar allegations made a few years back about supposed backdoors in Israeli firewalls.

This claim can be tested empirically. One can capture any device's traffic externally (putting it in a Faraday cage if it's wireless) to see what comes out. Network operators routinely do these tests, and as far as I know they haven't found any backdoors.

If backdoors are proven to exist (and, again, I haven't seen evidence that they do), perhaps it's because Huawei was provided with a good example. Nicholas Kristof, who won a Pulitzer Prize for China reporting, notes that the U.S. used telecom equipment sales to China in 1980s and 1990s to spy on the Chinese.

5. We're already under attack from the China.

Security analyst Richard Bejtlich and others have provided numerous examples of China-based cyberattacks. While these attacks pose a real threat to U.S. infrastructure, they aren't tied to commercial vendors like Huawei. It'd be a stunningly stupid business practice if they were.

There is actual evidence of bad behavior, and there is hand waving for political purposes. When assessing networking equipment, it helps to remember that these are often different things.

Disclaimer: Huawei and Network Test Inc. have no current or former business relationship.

Newman is a member of the Network World Lab Alliance and president of Network Test, an independent test lab and engineering services consultancy. He can be reached at dnewman@networktest.com.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies