Cybersecurity at top of Huawei’s agenda as Europe decides on 5G infrastructure
- In the third of our eight-part series on Huawei, Zen Soo and Jane Zhang report on the company’s effort to gain support from major European economies, like Germany and the UK
- Huawei had 91 total 5G network projects as of February, 47 of which are located in Europe
The ground floor of this two-storey centre is replete with wood laminate flooring and clean white walls rigged with multiple screens, flashing slogans from PowerPoint slides such as “5G is a shared responsibility” and “A strong ecosystem is our best protection”.
“The centre is how we demonstrate openness, where we show our security approach strategy, research, Huawei’s software and hardware product development, and our supply chain,” said Marco Men, a senior security solution architect who regularly guides visitors through the exhibition. Visitors are also able to view flowcharts of Huawei’s product development and security testing processes.
The facility, which was opened in March last year, is one of six cybersecurity centres established by Huawei, the world’s largest telecommunications equipment supplier. These centres engage with the Shenzhen-based company’s client network operators, lawmakers, regulators and the media to show the security of its products.
The stakes are high for Huawei to bolster its cybersecurity credentials amid the global roll-out of 5G mobile networks. With peak data rates up to 100 times faster than what current 4G networks provide, 5G has been held up as “the connective tissue” for the Internet of Things, autonomous cars, smart cities and other new applications, providing the backbone for the industrial internet.
Burnishing those credentials has become more crucial for Huawei in Europe, which represents the company’s biggest overseas market – accounting for about 30 per cent of its annual revenue and where a large chunk of its 91 5G network projects as of February are located. Gaining support from major economies, like Germany and the UK, is vital for Huawei to further expand its business on the continent.
“Europe was the first to set cybersecurity standards, including the General Data Protection Regulation (GDPR) … When everyone abides by the GDPR, sooner or later cybersecurity won’t be an issue,” Ren said.
“If we can completely meet Europe’s high standards … then our ability to serve humankind will increase significantly,” Ren said. “We believe the global community will reach a consensus on cybersecurity and privacy protection.”
Those actions by the world’s largest economy opened up opportunities to Huawei’s main rivals. Still, Sweden’s Ericsson and Finland’s Nokia – with 86 and 69 5G network deals, respectively – remain behind Huawei in the 5G market.
Critics of Huawei and Beijing often point to China’s national security law, which obliges companies to support the central government’s intelligence activities. Huawei has categorically denied links with China’s intelligence agencies and having back door systems in its equipment for spying. Ren had earlier said he would rather shut down the company than put at risk the security of its clients.
“We don’t have any malicious intentions,” Ren told the Post last month. He said European network operators working with the company for more than 10 or 20 years “have gained a deep understanding of Huawei through years of cooperation, and know that we have no security issues”.
Founder Ren Zhengfei says Huawei ‘racing to develop’ new technologies
Huawei posted record revenue of 858.8 billion yuan (US$121 billion) last year, despite pressure from the US. The company, however, cautioned about its 2020 outlook amid the coronavirus pandemic.
By contrast, some lawmakers from Germany’s two largest political parties – the Christian Democratic Union and the Social Democratic Party (SDP) – believe that domestic network operators should exclude 5G gear suppliers who could be influenced by a “foreign state”.
5G is expected to be a crucial backbone for German industries, which means such infrastructure must be protected from espionage and sabotage, according to SPD lawmaker Falko Mohrs in an interview. He is a member of the Bundestag, the German federal parliament.
“One of the criteria that is important for us is that we do not want suppliers from countries that do not have the rule of law,” Mohrs told the Post. He said the Communist Party of China, the country’s sole governing party, runs an authoritarian regime.
“Based on that criteria, suppliers from China will have trouble [becoming trusted 5G equipment vendors] because they would need to abide by Chinese law and cooperate with national security institutions and so forth,” Mohrs said.
EU spares Huawei, Chinese suppliers from blanket 5G ban, defying Trump
Despite that harsh rhetoric, major European economies have let Huawei take part in their 5G networks.
“Many of these people speaking out against Huawei do not have much technical background, they cannot even identify the different components of a network,” said David Wang, chief representative of Huawei Germany. “But they still have the right to comment publicly – and sometimes very loudly.”
The “noncore” area in which Huawei can take part covers radio access network (RAN) gear, which comprises the mobile base stations that connect smart devices to the broader telecoms network. RAN represents the largest segment of a mobile network roll-out, as multiple base stations must be installed for full coverage in every location.
How did Huawei fall foul of the US government?
Hosuk Lee-Makiyama, director of Brussels-based think tank the European Centre for International Political Economy, said the issue over Chinese 5G gear is complicated by a disparity in relevant telecoms security assets in the EU.
“In my view, only France has the same resources and cyber capabilities as the UK among the EU countries,” Lee-Makiyama said. “Most countries will find it easier to just rip and replace Huawei equipment than uphold costly countermeasures.”
Huawei sees ‘complicated’ year ahead despite posting record revenue in 2019
For years, Huawei has invited regulators and various telecoms industry players to review its products for security vulnerabilities. These are now mostly done at its cybersecurity centres.
In the UK, the Huawei cybersecurity evaluation centre oversight board – a partnership between the company and the British government – jointly runs the cybersecurity centre in Banbury, about 103km northwest of London. It provides the benchmark for evaluating gear from Huawei, which first set up offices in the UK in 2001.
This oversight group has annually released a report of its activities, including rigorous tests done on the company’s hardware and software. Its latest report, published in March 2019, said “further significant technical issues have been identified in Huawei’s engineering processes”, which could lead to new risks in the country’s telecoms networks.
At the cybersecurity centres, testing is done out of the public view by technical experts, including those from carriers and regulators, to check on Huawei’s software engineering and cybersecurity competence. The UK’s National Cyber Security Centre, the authority for information assurance, also visits Huawei offices in Shenzhen and Shanghai to discuss technical issues.
Walter Haas, chief technology officer at Huawei Germany, said the company’s track record shows that it has not lost any client because of cybersecurity issues. He said telecoms carriers thoroughly test and verify equipment for one to two years before committing to a supplier.
Huawei bets big on European 5G patents despite Trump’s pressure
“They’re not giving us market share because we’re nice … or cheap,” said Haas in an interview at Huawei’s offices in the western city of Düsseldorf. “Do you really believe that network operators, in this very competitive environment, will put [middling] technology into their network, for an investment cycle of eight to 10 years, because it’s cheap?”
Huawei is adamant that its products – including smartphones under its consumer business – are safe, and that Washington prove its accusations about spying.
Security vulnerabilities are inevitable, largely because software code is written by humans who will make mistakes, according to Lu Chuanying, secretary general of the Cyberspace International Governance Research Centre at the Shanghai Institute for International Studies.
“Therein lies the issue – are these issues and security flaws subjective or objective?” Lu said. “Here lies the biggest dilemma, because no matter which supplier – whether Huawei or others – no one can say with certainty that their products are definitely safe.”
Since there is no universal standard to measure the security of telecoms equipment, that makes it difficult for companies to absolutely guarantee the security of their products. As such, weaknesses are interpreted differently by various parties.
“It’s like this – if my friend is holding a knife, I might think he’s planning to chop up some vegetables,” said Lu. “But if it were my enemy holding a knife, I might assume he’s planning to stab me.”
Additional reporting by Bien Perez
Read more from this series on Huawei, China and the US.
Sign up now and get a 10% discount (original price US$400) off the China AI Report 2020 by SCMP Research. Learn about the AI ambitions of Alibaba, Baidu & JD.com through our in-depth case studies, and explore new applications of AI across industries. The report also includes exclusive access to webinars to interact with C-level executives from leading China AI companies (via live Q&A sessions). Offer valid until 31 May 2020.