U.S. IT security vendors surveyed about the Congressional report this week that blasted China's Huawei and ZTE as threats to U.S. national security say that the companies shouldn't be ruled out as network equipment suppliers but that they need to be more transparent about their dealings with the Chinese government.
The central argument made in the "Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE" from the U.S. House Intelligence Committee is that both companies have close but murky ties to the Chinese Communist Party and military, with Huawei in particular being evasive about these connections. The report claims there's a danger that if their network equipment becomes widely used here, they could "provide Chinese intelligence services access to telecommunications networks."
HUAWEI: Separating fact from fiction
Philippe Courtot, CEO of vulnerability-assessment scanning services company Qualys, says he doesn't know if the Chinese government is involved in such activities with these companies. But Huawei, which is known to be exploring the possibility of an IPO, should move forcibly to distance itself from any connection to the Chinese government, he says.
Though he says having a Congressional report label you a threat to national security could push the company out of the U.S. market, it's still possible for Huawei to respond in a way to build confidence.
"It's an opportunity to become transparent," Courtot says. "They need to disconnect themselves from the Chinese government" and try to clear the air regarding the accusations.
Huawei today said it is in no way cooperating with cyberspying by the Chinese government.
"We absolutely unequivocally reject any such notion. Indeed, it is complete and utter nonsense. We're a world-respected and trusted $32 billion company doing business in 150 markets - we would not jeopardize our commercial success for any government," said Bill Plummer, vice president of external affairs.
Courtot argues that if Huawei cannot show transparency and independence from the Chinese Communist government in its business affairs, it may slow down the Chinese telecom company's growth. But he predicted the likely outcome from this week's Congressional report might be to slow down its sales in the U.S. but not in the rest of the world.
The House report about the two Chinese telecom companies "is raising some valid concerns," says Jagdish Rebello, director for consumer and communications at research firm IHS. He says there is significant opportunity to plant hidden code in a system.
The dilemma for American carriers and service providers that want to buy the most up-to-date type of wireless 4G LTE network equipment is that wholly U.S.-based vendors are virtually non-existent, and one of them, Lucent, merged with France's Alcatel in 2006. That leaves Nokia Siemens Networks and Ericsson, both European firms, along with Huawei and ZTE, plus a handful of much smaller "others" involved in mobile infrastructure. The market is large in terms of revenues but the customers buying these wireless infrastructure systems are limited. Huawei is strong in wireless in Asia, Africa and Latin America, Rebello says, while "Cisco is strong in the enterprise space but not in the carrier-grade space."
Another security company executive, SSH Communications Security CEO Tatu Ylonen, observes that Huawei and ZTE have come to control many key 4G patents as leading telecom equipment makers. Alluding to the dire warnings about the risks ascribed to Huawei and ZTE in the U.S. House Committee report, Ylonen says, "While there are some risks, shutting them out carries its own risks. One should always have multiple layers of defense in a critical system against malicious code, bugs and bad operational practices."
Still, Mike Ahmadi, vice president of operations at San Francisco-based risk analysis and security planning firm Granite Key LLC, puts some credence in the warnings in the Congressional report about Huawei and ZTE.
"Would this be safer if it were made in the U.S.? Ostensibly, yes," he says. But his sense of assurance about that derives as much from the level of control that could be exerted by anyone in the U.S. on a legal and technical level, while China is distant, with a different corporate and governmental structure in general. Ahmadi says he has encountered evidence of backdoors on network equipment that was provisioned in China, so he doesn't think the whole idea of spying this way is far-fetched at all.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org.