There’s no way to mitigate the possibility that network equipment from Huawei Technologies could be used by Chinese intelligence agencies for spying in Canada’s fledgling 5G networks, says a U.S. cyber expert.
“In my opinion, the risks cannot be mitigated,” Melissa Hathaway, president of a Virginia-based consultancy, a distinguished fellow at the Centre for International Governance Innovation based in Waterloo, Ont., and an advisor to two U.S. presidents said in an interview.
“I agree with what our British colleagues have said: Their [software] code is buggy; it has a lot of vulnerabilities in it … Their personnel really don’t know how to do secure coding. And 5G is really about secure coding because it’s about a software-defined network. You have to be able to code with security and resilience in mind to be sure the equipment you’re deploying or selling isn’t easily manipulated. So I start with that.”
The second problem, she added, is that China’s National Intelligence Law of 2017 requires any person or organization to support the state and whatever it wants, so “with 5G you can direct the company to just siphon off the data.”
Huawei officials repeatedly deny their equipment is risky, and maintain executives would refuse any Chinese order that would compromise customers’ security.
The Globe and Mail has reported that Canadian security agencies are split on allowing commercial carriers to buy Huawei 5G servers, routers and switches. The Canadian Security Intelligence Service (CSIS) has reportedly advised against using Chinese-made networking gear, while the Canadian Communications Establishment (CSE), which protects federal networks and data, reportedly argues risk can be mitigated through encryption, keeping Chinese equipment out of the network core and other tactics.
Hathaway will appear this week on two Canadian webinars discussing 5G, including Canada’s decision on whether to allow equipment Huawei to be used by Canadian carriers. This morning she will be on a panel hosted by the University of Waterloo’s defence and security foresight group; on Thursday she is scheduled to address the Ontario Chamber of Commerce; and address the Canada International Council on June 22.
Ottawa has held back from making a decision despite warnings from the U.S. that it will re-evaluate its intelligence sharing partnerships with allies if Huawei gear is allowed in commercial 5G networks. That decision has been complicated by the Vancouver extradition hearing for Huawei’s CFO to the U.S. on alleged fraud charges, and China’s reaction by arresting and confining two Canadians.
Some experts believe Canada won’t make a decision as long as the two Canadians are still in custody. Others believe Bell and Telus will tire of waiting and use other network suppliers, in effect taking the decision out of Ottawa’s hands.
Huawei, China and 5G are hot topics among experts as the U.S. increases its pressure on allies. Last week, a group of international security experts including former Canadian national security advisor Richard Fadden were on a webinar hosted by the Canadian Conference of Defence Associations Institute on the impact the China/ Huawei controversy is having within the 5 Eyes intelligence co-operative.
In that session, speakers argued that there is no reason for the West to rush a decision on Huawei participating in 5G networks. They noted that the U.S., Australia, New Zealand and others are rolling out 5G networks without Huawei. They also suggested Nokia and Ericsson will soon have eliminated Huawei’s apparent lead in 5G technology, lowering the need for Huawei to be considered. Last week Bell and Telus announced they have started 5G service in major Canadian cities; neither is using Huawei equipment, although they would like to.
In the interview, Hathaway said that because Huawei’s wireless network technology is so much cheaper than Nokia or Ericsson many companies and countries are making decisions based on economics, not on the risks. She also noted the U.S. is urging tech companies to create a 5G open standard so next-generation wireless network code can run on commodity hardware, thus reducing Huawei’s apparent advantages. AT&T, Verizon, Microsoft and Amazon are among those working on the integration of mobile edge computing with their 5G networks.
In a bind
Hathaway acknowledged Canada is in a bind: China wants Canada to release the Huawei CFO, Canada wants China to release the two Michaels; and the pressure from Canadian carriers to use Huawei technology. “I think there’s a natural tension between economics and the national security: How do we balance this and not introduce new risks to our economy and the digital economy; and the national security part is can we trust this technology at all?”
Earlier this year the U.K. decided as an apparent compromise that “high risk” network equipment makers — presumably including Huawei — would be limited to the access or network edge of commercial 5G networks and kept out of the core. However, under pressure from the U.S., the British government is reportedly rethinking its decision. Australia and Japan have banned Huawei from their 5G networks and the U.S. has virtually forbidden it as well.
“I think Canada would be well-served to look at what all the other countries are doing to try to manage the risk and balance the economics of it,” said Hathaway.
Some experts argue that modern wireless networks have an edge — where traffic is swallowed up through access antennas — and a core — where traffic is routed. Keep Huawei out of the core will mitigate risk. During the Conference of Defence Associations Institute webinar Martijn Rasser, senior fellow on technology and national security at the Center for New American Security in Washington, D.C., argued that’s true in a 4G network. However, he added, in a 5G network traffic management will increasingly be pushed to the edge to reduce latency, thus blurring the core/edge distinction.
Rasser was also blunt when asked if Huawei could do anything to reassure countries its equipment poses no risk. “We’re beyond that,” replied, noting China is pushing Huawei as a national technology champion. “Huawei will not be able to change any minds at this point.”
Timothy Heath, senior intelligence defence researcher at the U.S.-based Rand Corp., noted the U.S. hasn’t said it will stop sharing intelligence with allies that allow Chinese-made equipment into commercial 5G networks, only that its relationships with those countries will be severely damaged.
Finally, Fadden argued that the amount of damage China could do diplomatically or with trade sanctions to most Western countries if they turn down Huawei in 5G networks is limited. Countries that do large amounts of trade with China would be much more vulnerable, he said. “Our countries would not be materially hurt if we said no to Huawei in the medium to long run.” Rasser agreed, noting China accounts for a “relatively small” amount of European trade.
On the other hand, Patrick Walsh, associate professor of intelligence and security studies at Australia’s Charles Sturt University, pointed out that interference in the country’s security systems, as well as trade sanctions, have increased after Australia banned Chinese manufacturers in 2015 from supplying gear to the country’s new high-speed broadband network.