Get Ready to RUMMMM-BLLE!!!!

I watched this video on Wed, Oct. 10 which was a reaction to a report published on Mon, Oct. 8 by the U.S. House of Representatives.

Watch Opposing Views on Congress’ Claims Huawei Technologies on PBS. See more from PBS NewsHour.

My initial reaction was pure shock, followed by extreme excitement which fueled over six hours of continuous research on these events and their immediate stakeholders. I took copious notes, which I’ve left mostly unedited at the end of this post.

What are you talking about?

So if you don’t have time to click the link above and watch a 9 minute video, allow me to get you up to speed.

Huawei, an international telecommunications giant based in China, intends to build up its pull in the US market.  The private company is currently the number two producer of switches, routers, and telecom equipment in the globe and number six in the global mobile phone sector. And based on their white paper published in September of this year, the company has a solid handle on whose approval is needed before business can happen.  Well, unsurprisingly, the company requested that the US government take a look at their company and the way it does business so as to facilitate a growing presence in that nation.

Enter the U.S. House of Representatives Permanent Select Committee on Intelligence. Mike Rogers (R-MI) became Permanent Select Committee Chair in early 2011, just prior to the submission of Huawei’s request. One of his first actions of business was to assess the U.S.’s top intelligence security risks.  Luckily for Huawei [read: sarcasm], an investigation into the Communist party’s role in their company was on the resulting list.  More specifically, an investigation began in November of 2011 regarding two top international telecom companies based in China: Huawei and ZTE.  This investigation concluded in a sixty page report released October 2012 detailing why American businesses shouldn’t work with these two companies, after trips to Beijing for Rep. Rogers and a trip in September 2012 to D.C. for these company’s CEOs.

Now to be fair, the recommendations of the report jointly released by Rogers and Ranking Member C.A. Dutch Ruppersberger (D-MD) don’t halt business completely for the Chinese companies.  The report focuses on big data processing, rather than mobile phones.  I assume their priorities must have been biased as a result of the new 4G network upgrade the government is planning.  For those who are not keeping up with the telecom industry, 4G technology provides improved speeds for data-centric networks (as opposed to voice-centric — you may have heard of circuit-switching).  A major bottleneck in such networks are the switches and routers that essentially act as the connections between all the pipes.  It doesn’t matter how fast or how much capacity your pipe has if your data has to wait each time it needs to change lanes!  Huawei happens to be very good at designing these connections wide enough and with fewer leaks.  Their equipment has been quoted by many to build the fastest networks (see the rural network provider interviewed by 60 Minutes). But the report recommends that American companies not use this top of the line equipment because it could enable the Chinese government to spy on America — its government, its citizens, and its businesses.

OK, so let’s look at some numbers thanks to the money experts at Fox Business. “Huawei generated around 4 percent of its group sales from the United States, while ZTE’s U.S. revenues made up 2-3 percent of its overall figure. The bulk of both companies’ U.S. sales comes from selling handsets through U.S. carriers such as Verizon, Sprint and T-Mobile USA.” So if U.S. revenues represent a significant minority of their business, why do these companies care about Rogers’ and Ruppersberger’s recommendations? First, this report severely redirects Huawei’s growth plan in the U.S. They have been focusing on small network providers, especially in rural areas where the pay off diminishes (more expensive equipment for fewer people — or increased expense with reduced income) and therefore less competition. Second, the U.S. government is planning a nationwide 4G network upgrade and this ban keeps Huawei and ZTE out of the bidding action and any chance of benefiting from that money stream. Third, the U.S. government has quite a bit of influence (intended or not) on its allies. For instance, both the Canadian and Aussie governments are considering a ban of their own.

Clearly this ban has gotten people’s attention for good reason.  But is it completely baseless, or is it backed up by legitimate security concerns?  Now, I work in the telecom industry and know quite a bit about the technical aspect of this issue.  I also have experience working for the DoD, so I’m no stranger to the Representatives’ concerns. I remember during a lecture in my intro to telecoms course at Carnegie Mellon my professor exclaimed that it was a wonder that the internet works at all.  There are about a million things that can go wrong which will completely kill these systems.  But let me step back for a second.

4G networks more or less have the same plumbing as the internet — IP packet-switching and routing. The internet was not designed with security in mind back in the day because there were only a couple handfuls of users who also happened to all know each other (university professors/researchers and government researchers).  Since then actions have been taken to improve internet security and many people make a living trying to solve this problem, however there are still plenty of vulnerabilities available for the malicious black hats to take advantage of. Huawei itself admits to this fact and wrote extensively on the security issue in a white paper released September 2012.

But Rogers and Ruppersberger aren’t simply reacting to the inherent vulnerabilities of these networks.  If that were the case, this report would be picking on the Chinese companies while ignoring all the other international telecoms.  Given the fact that there’s really only one American telecom (Cisco) ever since Lucent merged with Alcatel in 2007, there must be more to the story.  And in fact there is! Let’s take a moment to review China’s behavior pattern.

For starters, “China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation” according to Chairman Rogers.  Furthermore, FoxBusiness notes that “U.S. intelligence officials have publicly denounced China as the world’s most active perpetrator of economic espionage against the United States.”  And it’s true that these facts are common knowledge among those in the industry.  China is known to rip off of any and all open source materials — especially R&D publications out of universities.  And why not? Seems like a smart move to take this short cut. It certainly makes going from zero to hero a heck of a lot easier, since you don’t have to do as much work finding what doesn’t work (which is the bulk of time in R&D).  But wait! Stealing is wrong! Right?

The 60 Minutes report cites cases involving Nortel, Motorola, and Cisco.  In these cases, engineering designs were stolen — reproduced down to the spelling error without permission.  In addition, Huawei was found to have planted their own recruiters at these American companies for the sole purpose of recruiting them for their own company. That’s right, they planted double-agents. Not everything in the Bond movies is fake!

FoxBusiness also mentioned this little jewel:

“Separately, U.S. network equipment maker Cisco Systems Inc said it ended a longstanding sales partnership with ZTE after an internal investigation into allegations the Chinese firm sold Cisco networking gear to Iran.”

And the Financial Review added:

“The company (Huawei) has been accused of having links to the Chinese government. Its chief executive, Ren Zhengfei, was a member of the People’s Liberation Army and he has never agreed to a media interview.”

OK, so there’s no doubt that the Chinese government and even these telecoms have a shady history, but that doesn’t mean they couldn’t have reformed, right? At least, that’s what Huawei claims.  Again, FoxBusiness has something to add: “The panel said it received credible allegations from unnamed industry experts and current and former Huawei employees suggesting Huawei, in particular, may be guilty of bribery and corruption, discriminatory behavior and copyright infringement.” BOOM! Naw they di’int!!

“But, wait, Moosette,” you say, “The panel claims the details are classified and therefore won’t share them with the public.” “How do you know it’s credible information?”

Good point. Except, there’s usually a really good reason why information is classified. For instance, if they divulged these details, they could be informing the Chinese government of an important resource or capabilities which the Chinese government would immediate snuff out.  Then where would we be? We would be less able to protect ourselves!  If the intelligence community (IC) says something is true, there’s a 90% chance that it is.  They don’t just take obvious evidence, they need it to be backed up by several different sources — people, images, sound bites, etc. They don’t take this stuff lightly, which is why I am inclined to believe them.

OK, so where are we now? We know that the parties in question have a history of untrustworthiness.  We know that the IC is aware of current shadiness. But, wait, there’s more.  Both the Aussies (March 2012) and the Canadians are banning Huawei and ZTE from building their sensitive government networks “due to security concerns”.

So the issue isn’t about the US picking on China — it isn’t a political move, though some might want to spin it that way.  The issue is that the U.S. government cannot trust that these two Chinese telecoms won’t ever take advantage of their presence in the U.S. to steal information for the Chinese government.  They were given ample opportunity to make their case, and they failed to do it.  The U.S. government was effectively doing a background check on these companies for the purpose of hiring them.  If I wanted a job with U.S. intelligence and couldn’t prove that I am not influenced by the Chinese Communist Party, I wouldn’t get the job!! It’s as simple as that.

What is not quite so simple is the implications of this recommendation. Will all of the Western world stop doing business with Communist subsidized companies? Who will these Chinese companies do business with if such a large chunk of the developed world turns their back to them?  Will this report and the potential domino effect strain relations between China and the US, like it might already have between China and Australia? If it does, what does that mean for the US debt and economy in general? What about the UN and other international efforts? China and Russia tend to veto everything (major exaggeration)! Will they work together to make international politicians’ lives that much more difficult?

Huawei…and ZTE too?

Even though the report by the U.S.House mentions both Huawei and ZTE, the latter only occasionally is mentioned in reports, it mostly has stayed quiet with the exception of a letter to the House that boils down to “Stop picking on us.”  Huawei has had a much greater presence in Western media.

I highly recommend going through some of the resources below if you are interested in learning more, or if you need some clarity on any aspect of the problem.

Sources

1. US House Official Report: Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE
   • Huawei requested “full investigation into its corporate operations” in Feb. 2011 and investigation initiated Nov. 2011 (p. 5)
   • “The Committee launched this investigation to seek answers to some persistent questions about the Chinese telecommunications companies Huawei and ZTE and their ties to the Chinese government. Throughout the months-long investigation, both Huawei and ZTE sought to describe, in different terms, why neither company is a threat to U.S. national-security interests. Unfortunately, neither ZTE nor Huawei have cooperated fully with the investigation, and both companies have failed to provide documents or other evidence that would substantiate their claims or lend support for their narratives.” (p. 44)
     • points to evasive answers, untrustworthy companies
   • both have committees of the Communist Party, but didn’t list who was part of those committees or their role in the company.
     • or is it just a different culture?
2. Huawei White Paper: Cyber Security Perspectives: 21st century technology and security — a difficult marriage 
   • open with “This document provides an open and frank perspective of Huawei’s viewpoints regarding cyber security and the overall ramifications and impact it has on technology, society and our daily life.” (p. 1)
     • how is it possible that to polar opposite characterizations exist? on one hand Huawei says they’re being “open and frank” and on the other the US govt is saying they’re untrustworthy and dodging questions…
   • “Information technology has become a key driver behind economic growth. As reported by the World Bank, for every 10% increase in broadband penetration, the GDP in developing countries will increase 1.38%.” (p. 2)
   • “No longer is technology designed, developed and deployed only in one country; no longer can any country or large company claim to rely on a single sourcing model; and no longer is it possible with today’s complex technology ecosystem and architecture that we can stop all threats from all threat actors.” (p. 3)
     • building argument that openness is important for the globe — this issue spans beyond any particular borders
   • “Take the United States as an example: the market share of smartphones in March 2012 reached 50.4%, up from 47.8% in December 2011.” (p. 4)
   • “The report said officials at the Departments of Energy, Homeland Security, Justice and Defence told investigators from the GAO that they did not know the extent to which their telecommunications networks contained foreign-developed equipment, software or services. According to the report, the Departments of Energy and Homeland Security had not defined supply chain protection measures. The Justice Department had defined protection measures, but had not implemented them or developed procedures for monitoring compliance with the measures.” (p. 9)
   • “The reality is a single piece of equipment, such as a laptop, can include components from all over the world, from Canada, Ireland, Poland, Italy, the Czech Republic, the Slovak Republic all the way to China, Israel, Japan, Malaysia, the Philippines, Singapore, South Korea, Taiwan, Thailand, Vietnam and many others.” (p. 9)conclusion of cited Microsoft paper on transparency and trust with regards to cyber security: “While government concerns are understandable, it is important that government responses do not threaten the vitality of the global ICT sector, stifling both innovation and competition”.(p. 10)
   • “Consider this: The Chinese city of Chengdu has 16,000 companies registered and 820 of them are foreign-invested companies.24 Of these, 189 are Fortune 500 companies. Household brand names such as Intel, Microsoft, SAP, Cisco, Oracle, BAE, Ericsson, Nokia, Boeing, IBM and Alcatel-Lucent are all located there to name but a few. Should what these companies do be considered “foreign developed”?”
   • “Cisco has a huge presence in China, with R&D centres in six major cities. Over 25% of all Cisco products are produced by Chinese partners, and the company announced a US$16 billion investment in China that includes training 100,000 network engineers and the opening of 300 centres at vocational colleges to train students in networking technologies.25 Cisco CEO John Chambers stated, “What we are trying to do is outline an entire strategy of becoming a Chinese company.”26, 27 – does this constitute “foreign developed”?”
     • clearly states that the mentioned report doesn’t define “foreign developed” but then the author decides to define it himself in the worst way possible — totally unsubstantiated
   • “We understand the sensitivity of the industry we are engaged in and the vulnerability of advanced technology” (p. 13)
   • “Huawei will set up regional security certification centers if necessary. These certification centers will be made highly transparent to local governments and customers, and Huawei will allow its products to be inspected by people authorized by local governments to ensure the security of Huawei’s products and delivery service.” – Huawei CEO Ren Zhengfei (p. 14)
   • “Huawei has employed IBM since 1997 to develop, train and support Huawei in becoming a process-based organisation” (p. 14)
   • employs many additional US businesses to support finance, HR, customer support, etc.
   • “Huawei has become one of the core members of the International Standard Council (ISC) of the influential cloud computing security standard organization (CSA).” (p. 16 )
     • many additional examples to build up “security experts” image
   • “We should be prepared to accept that the commitment from some parties may initially not be as strong as we would wish it to be due to the inherent lack of trust between some parties, the issue of local politics and geopolitics, trade protectionism and competitor misinformation – having said that, we should not allow any of these issues to be used as an excuse for not taking action.” (p. 19)
3. Fox Business: China’s Huawei, ZTE should be banned: draft House panel report
   • “Employee-owned and unlisted Huawei is the world’s second-biggest maker of routers, switches and telecoms equipment by revenue after Sweden’s Ericsson. ZTE ranks fifth. In the global mobile phone sector, ZTE is fourth and Huawei sixth.”
   • “Huawei generated around 4 percent of its group sales from the United States, while ZTE’s U.S. revenues made up 2-3 percent of its overall figure. The bulk of both companies’ U.S. sales comes from selling handsets through U.S. carriers such as Verizon, Sprint and T-Mobile USA.”
   • “Separately, U.S. network equipment maker Cisco Systems Inc said it ended a longstanding sales partnership with ZTE after an internal investigation into allegations the Chinese firm sold Cisco networking gear to Iran.”
   • “The panel said it received credible allegations from unnamed industry experts and current and former Huawei employees suggesting Huawei, in particular, may be guilty of bribery and corruption, discriminatory behavior and copyright infringement.”
   • “Huawei and ZTE are rapidly becoming “dominant global players” in the telecommunications market, which is intertwined with computerized controls for electric power grids; banking and finance systems; gas, oil and water systems and rail and shipping, [the report] noted.”
   • “ZTE’s U.S. telecoms infrastructure equipment sales last year were less than $30 million. In contrast, two of the larger Western vendors alone had combined U.S. sales that topped $14 billion, ZTE told the committee in its September 25 letter, an apparent reference to Finland-based Nokia Siemens Networks and Paris-based Alcatel Lucent.””Huawei and ZTE may not be the only companies that present a risk to U.S. infrastructure, the committee’s draft report said, but they are the two largest Chinese-founded, Chinese-owned companies seeking to market critical network equipment to the United States. Beijing has the “means, opportunity and motive” to use them to its own ends, it added.”
     • YAY ALU!!!
   • “U.S. intelligence officials have publicly denounced China as the world’s most active perpetrator of economic espionage against the United States.”
   • top notch report!!
4. 60 Minutes: Huawei probed for security, espionage risk
   • Video from tv.com
5. CNBC Report: Cyber Espionage: The Chinese Threat
   • Video from Youtube posted by Rep Mike Rogers
     • Nortel, the cyber-casualty killed at China’s sword
     • lol IE Zero-day attack
6. Forbes: Interview: Huawei’s Cyber Security Chief Slams U.S. “Protectionism”
   • “I am not surprised by the report but I am disappointed,” he told this blog. “We have spent 11 months diligently working with the Committee providing them with all the information they requested, and it has been ignored. We had hoped that the committee would take this opportunity to be constructive and propose a new model of international collaboration and standards, but instead defaulted to protectionism to the cost of the hard working American.”- John Suffolk, Huawei head of cyber security
   • “He [Suffolk] added that Huawei would never give Beijing access to its systems. “The law is quite clear in China: no they cannot do that.”
   • Huawei generates “70% of its revenue from outside mainland China.”
   • “the logic of the Committee bears little resemblance to a debate about how we limit the threat from cyber security.”-Suffolk
   • “In March 2012, the Australian government banned Huawei from taking part in multi-billion dollar federal auctions to supply equipment for the country’s broadband network, due to security concerns. Huawei representatives responded in a similar vein to Suffolk, hinting the Australian ban was driven by politics.”
   • “ZTE has also knocked the Congressional report, suggesting “the Committee’s investigation be extended to include every company making equipment in China, including the Western vendors.””
   • “When asked about his initial reaction to the Congressional report, Suffolk replied, “To partially quote the great John McEnroe, ‘They cannot be serious.’””
7. SlashGear: Huawei faces ban in Canada over security risks
   • “Canada was going to bring Huawei on board to help out with the initiative, but after hearing about the claims against the Chinese device manufacturer, Canada is thinking about excluding them from the project.” and “Huawei actually has been doing very well in Canada. In 2008, they were awarded a contract to build networks for Telus Corp and Bell Canada, and the company even received a C$6.5 million ($6.6 million) grant from Ontario towards an investment by Huawei in research and development that would cost a total of C$67 million.” and “The US House Intelligence Committee warned Canadian companies not to do business with Huawei”
   • short and to the point
8. NBCNews: China’s Huawei, ZTE should be banned: US lawmakers
   • “The report follows an 11-month investigation by the committee into Huawei Technologies Co Ltd and ZTE Corp.”
   • “Committee Chairman Rogers, at a press conference to release the report, said the panel was stopping short of urging a U.S. boycott of mobile phones and other handheld devices made by Huawei and ZTE.” and “The panel’s warning pertains only to devices that involve processing of data on a large scale, Rogers said in reply to a question.” but “It was not immediately clear whether the committee warning would curb mobile phone sales that Huawei and ZTE do with customers such as Verizon and Sprint.”
   • “The committee warning comes as Huawei considers a possible initial public offering, sources said, as part of an effort to overcome suspicions that have all but blocked its U.S. efforts, including business tie-ins.”
   • “The panel’s report faulted both companies for failing to fully satisfy the committee’s requests for documents to allay its security concerns, including detailed information about formal relationships or regulatory interaction with Chinese authorities.”
   • “The panel said it had received credible allegations from unnamed current and former Huawei employees suggesting Huawei may be guilty of bribery and corruption, discriminatory behavior and copyright infringement.”
   • “Based on classified and unclassified information, Huawei and ZTE, which are both based in Shenzhen, China, “cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems,” it [the report] said.””It [the report] noted that telecoms are intertwined with computerized controls for electric power grids; banking and finance systems; gas, oil and water systems and rail and shipping.”
     • typical behavior/reaction in this business — nothing new
   • it’s not just about US sales, but sales with all US allies.
   • “In addition, it [the report] said Congress should give thorough consideration to legislation seeking to expand the role of the interagency group, known as the Committee on Foreign Investments in the United States, to include purchasing agreements.”
   • Huawei has been selling handsets in the US for four years, network equipment for one year.
9. Financial Review: China’s Huawei banned from NBN
   • “Huawei sources have also hinted that the Chinese government will retaliate strongly against Australia if the ban on the company’s tenders is not lifted.”
   • “The company has been accused of having links to the Chinese government. Its chief executive, Ren Zhengfei, was a member of the People’s Liberation Army and he has never agreed to a media interview. The issue is now emerging as a major test of relations with Australia’s biggest trading partner.”
   • “The ban on Huawei tenders was imposed despite the firm’s high-profile participation in national broadband networks being installed in eight other countries, including the United Kingdom and New Zealand. Its technology is also the basis of Vodaone Australia’s $1 billion network fix and upgrade and it recently won key contracts with Optus. Telstra does not use much of its equipment.”
   • “Alastair MacGibbon, formerly the Australian Federal Police’s top cyber agent and now managing partner of Surete Group, said he supported the ban if made on security grounds. “The difference between a US-based Cisco or a Chinese-based Huawei is where they are domiciled,” he said. “I doubt either make back doors in their products because they would have too much to lose … but they would more than likely help their governments if called in to do so.”
10. Reuters: Huawei faces exclusion from planned Canada government network
    • “Canada indicated strongly on Tuesday it would exclude Chinese telecom equipment giant Huawei Technologies Co Ltd from helping to build a secure Canadian government communications network because of possible security risks.Meanwhile, the European Commission has delayed a trade case against Huawei and another Chinese telecom equipment maker, ZTE Corp, easing tensions between the European Union and China, its second-biggest trading partner.”
    • “EU Trade Commissioner Karel De Gucht is gathering evidence in order to launch an anti-dumping or anti-subsidy case. His efforts have been hindered by the fact that no European producer, such as Ericsson and Alcatel-Lucent, has complained. A formal complaint is normally a prerequisite for an investigation.”
    • “Huawei has 130 engineers in its Ottawa research-and-development facility and has 300 employees in its Canadian head office in Markham, Ontario, the company said. The company says it has so far procured C$400 million from Canadian companies.”
    • 700 band available for LTE next year (2013) in Canada; LTE is one of Huawei’s “fortes”
    • “In invoking the security exception for the government network, Canada has not gone as far as Australia, which has barred Huawei from taking part in contracts to build the government’s $38 billion national broadband network.”
11. U.S. House of Representatives: Permanent Select Committee on Intelligence: Chairman Rogers and Ranking Member Ruppersberger Warn American Companies Doing Business with Huawei and ZTE to “use other vendor”
    • “China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation.” – Chairman Rogers
    • Year-long investigation; culminated in Huawei/ZTE ban in US
    • official committee blurb
12. Huawei Press Release: Huawei Cyber White Paper Calls for Collaborative Approach to Address Global Cyber Security Challenges
    • “Cyberspace is a new and unfamiliar domain that has gradually become the ‘nervous system’ through which society operates. In a world where over 87% of the population are mobile users , the stark reality is that cyber security is a growing global challenge demanding rational and universal solutions. As governments, enterprises and consumers have become increasingly reliant on ICT solutions that integrate inputs designed, developed, coded and manufactured by multiple suppliers around the world, the scale of the cyber security challenge has grown exponentially.”
      • acknowledge security risk and importance of vigilance
      • “nervous system” phrasing acknowledges role they play
    • “All stakeholders – governments and industry alike – need to recognize that cyber security is a shared global problem requiring risk-based approaches, best practices and international cooperation to address the challenge.”
      • read: stop singling us out!
13. Network World: Huawei, ZTE ban is questionable, given its impact
    • ALU is Lucent!!! Chances are the other telecom giants hire Americans too. Just because an international company isn’t headquartered in the US, doesn’t mean it doesn’t harness major American brain power!
    • One good point: “the globalization of technology has been great for everyone.”
    • not a fan of this article
14. Network World: Huawei: Critical House report motivated by politics
    • is it a political distraction? china-bashing? or serious security threat? Consider Chinese communist government’s total access of Huawei/ZTE equipment. Consider Chinese techniques regarding technology and R&D. Consider what other telecoms produce products in China. Consider where majority of Huawei/ZTE employees are from/business originates. Consider effect in the marketplace. Consider sensitivity of US tech infrastructure.
15. Network World: 60 Minutes torpedoes Huawei in less than 15 minutes
    • 60 Min. report and CNBC report both highlight shady dealings of Huawei
    • Cite cases involving Nortel, Motorola, and Cisco