A U.S. Congressional committee report attacking two Chinese telecom network equipment makers raises questions of whether Canadian governments and enterprises should feel their data is secure here.
On Monday the House of Representatives’ permanent select committee on intelligence issued a stinging rebuke to privately-held Huawei Technologies and ZTE on their potential security threat to U.S. interests given their “potential” ties to the Chinese government.
“Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems,” the report said.
The finding raises concern in this country because Huawei is a major equipment supplier to BCE Inc.’s Bell Canada, Telus Corp., Videotron and SaskTel. ZTE is a supplier to Public Mobile.
“We work with over 500 companies worldwide, in 150 countries. Last year alone, Huawei sold over $32B in equipment globally. Similar to Canada, we are also making significant investments to expand locally in other major markets, including the United Kingdom.”
In September the Globe and Mail reported that the Canadian government has pondered the possible threat of Huawei equipment on telecom networks here.
This morning, a Bell spokesman issued a statement saying the telco has no worries.
China calls Australia’s ban on Huawei unjust
Telus, Carleton U, Huawei open lab
“Bell has the scale to operate at a global level and we manage security appropriately with all our network suppliers, including Canadian, American and international partners such as Huawei, Cisco, Ericsson, Nokia Siemens and others.
“For a company like Bell, security is of primary importance. We work with government and the Canadian and international telecom industry to ensure Bell always offers the highest possible levels of security to our customers.
Telecom analyst Iain Grant of the SeaBoard Group consultancy issued a tart retort to the committee report.
“Canadian companies assess the attraction of Huawei gear on its merits, on function, on delivery and timeliness, on quality of what is delivered and on price. Paranoia is not a measurement they find germane.”
Ironically, it was Huawei that asked the U.S. government last year to investigate allegations that it has ties to the Chinese government.
“The allegation that Huawei somehow poses a threat to the national security of the
United States has centered on a mistaken belief that our company can use our technology to steal confidential information in the United States or launch network
attacks on entities in the U.S at a specific time,” wrote Ken Hu, Huawei’s deputy chair. “There is no evidence that Huawei has violated any security rules. Not only that, in the United States we hire independent third-party security companies, such as EWA, to audit our products in order to certify the safety and reliability of the products at the source code level. In addition, Huawei has established a “trusted delivery” model to protect the security of networks we supply.
But after hearings the congressional committee said there isn’t enough information to come to a conclusion about Huawei and ZTE.
“Despite hours of interviews, extensive and repeated document requests, a review of open-source information, and an open hearing with witnesses from both companies, the committee remains unsatisfied with the level of co-operation and candor provided by each company,” its report says.
“Neither company was willing to provide sufficient evidence to ameliorate the committee’s concerns. Neither company was forthcoming with detailed information about its formal relationships or regulatory interaction with Chinese authorities. Neither company provided specific details about the precise role of each company’s Chinese Communist Party Committee.
“Furthermore, neither company provided detailed information about its operations in the United States. Huawei, in particular, failed to providethorough information about its corporate structure, history, ownership, operations,financial arrangements, or management. Most importantly, neither company provided sufficient internal documentation or other evidence to support the limited answers they did provide to committee investigators.”
As a result, the committee said U.S. government systems shouldn’t include equipment from Huawei or ZTE, nor should systems of government contractors. That would include U.S. network providers and data centre outsourcers.
The committee also said private sector companies should “consider the long-term security risks” of buying equipment and services from Huawei or ZTE.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."