Huawei Urges US to Adopt German Approach to Security
DENVER -- Big 5G Event -- Huawei is lobbying hard for the introduction of a new security regime on US soil, based on the approaches gaining traction in Europe, as it tries to defend and potentially expand its existing US business.
The controversial Chinese vendor, viewed as a likely conduit for Chinese spying by the current US administration, wants the US to set up evaluation centers that would test products from any vendor active in the 5G market.
Huawei is fighting US efforts to have it banned from 5G markets outside China and sees a government-approved security regime, developed along the same lines as Europe's General Data Protection Regulation (GDPR), as the answer to its problems.
It has already set up a cybersecurity evaluation center in the UK that is staffed by its executives but supervised by government authorities, and it has backed moves in Germany to develop a comprehensive set of measures for checking 5G network products from all vendors.
Speaking at a breakfast briefing in Denver this morning, Andy Purdy, the chief security officer of Huawei's US business, expressed optimism that US authorities would replicate those moves.
"Germany will put this in place relative to all equipment vendors," he told a packed room of industry executives. "Hopefully that is the kind of thing that can inform what the EU [European Union] is thinking about and that the US can do."
Purdy, who previously worked for the US government, said he was keen to engage US authorities in a dialog about risk mitigation measures that would cover all 5G equipment.
Under the approach he favors, a government-trusted third party would take responsibility for evaluating the security of products sold by Ericsson, Huawei, Nokia and other companies serving US carriers.
"We are supporting the development of regional transparency centers and the guidance that comes out of Germany would create transparency centers where trusted third parties would do evaluations," he said in response to questions.
But the plans could be difficult to implement. Ericsson CEO Börje Ekholm has slammed proposals for a post-development 5G testing regime, saying they would hinder innovation and drive up costs.
And setting up a cybersecurity center for the testing of equipment from all vendors would be extremely difficult, according to Scott Petty, the chief technology officer of mobile operator Vodafone UK. "It is tricky to do because you have direct access to source code and it is hard to see how one center would test four different vendors and for vendors to be confident that source code wasn't available to everyone else," he told reporters in March.
Moreover, the approach the UK is thought to be developing has already encountered resistance from US officials determined to block Huawei's involvement in 5G infrastructure.
The UK is due to publish a report that will recommend excluding Huawei from the sensitive "core" of 5G networks but allowing it to continue selling radio access network products, according to press reports. Gavin Williamson, the UK's former defense secretary, was recently sacked from his cabinet post after he was accused of leaking those details to a reporter -- a charge he denies.
Since those reports surfaced, the UK has come under additional pressure from US Secretary of State Mike Pompeo to restrict Huawei. During a press conference in London earlier today, Pompeo was reported to have said the US might reconsider defense and economic interests in the UK if Huawei remained as a 5G vendor.
The Chinese vendor has repeatedly denied links to the Chinese government and insisted that it would rather shut down the business than share any information with government authorities.
Most European countries have also resisted US entreaties to ban it, said Purdy. "Germany has pushed back and so has the UK because the US has given no evidence of wrongdoing," he said.
Huawei representatives have also argued the US campaign is politically motivated, pointing out that its Western rivals do not face the same level of scrutiny even though some of their components are made in China.
Security experts say Chinese authorities could feasibly insert "backdoors" in the components that go into network equipment sold by Western vendors.
Nokia Shanghai Bell is a joint venture between Nokia and the Chinese government and yet Nokia faces no restrictions in the US market, said Purdy at today's breakfast briefing.
Huawei has been unable to serve major US carriers that have government contracts since 2012, when a government report first said that Chinese vendors could be a threat to national security. In the last year, pressure from US authorities has led to restrictions in Australia and New Zealand -- which are members, along with Canada, the UK and the US -- of the "Five Eyes" intelligence-sharing community.
But Huawei continues to work with smaller operators active in rural US communities, and those contracts could be at risk in the current hostile environment.
It is currently working with a cybersecurity advisory group called AgeLight, whose founder and managing partner, Craig Spiezle, attended this morning's breakfast briefing.
Spiezle said AgeLight has come up with 35 cybersecurity recommendations that can be mapped to global regulations and used as a checklist when developing a cybersecurity strategy.
- Huawei 5G Bans Highlight Network Confusion
- Vodafone UK Frets Over Huawei Swap-Out Costs, Urges Testing of All Vendors
- Huawei Calls for GDPR-Like Security Regime, Denies Spying (Again)
- Australia Excludes Huawei, ZTE From 5G Rollouts
- Ericsson CEO Slams 5G Test Plans as 'Tax Burden,' Economic Threat
— Iain Morris, International Editor, Light Reading