Governments weigh Huawei, ZTE bans after scathing security report
Fallout continues as world economies weigh their response to a US congressional investigation that has blacklisted Chinese equipment vendors Huawei and ZTE on the grounds that they represent a security risk.
The determination, handed down in a recent report by the House Permanent Select Committee on Intelligence, has said that the two companies "cannot be trusted" for critical infrastructure systems given their relationships with the Chinese government.
"We have serious concerns about Huawei and ZTE, and their connection to the communist government of China," committee chairman Mike Rogers said. "China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation….We warn US government agencies and companies considering using Huawei and ZTE equipment in their networks to take into account the affect [sic] if [sic] could have on our national security."
The findings would seem to exonerate the controversial determination, made earlier this year, that Huawei would be banned from supplying equipment for the government's national broadband network (NBN).
Huawei has pushed hard into the Australian market in recent years and was hoping to use its credentials in similar deployments overseas to secure a chunk of the $35.9 billion cost of that project. The issue became political after opposition communications minister Malcolm Turnbull said he would reassess the ban if the Coalition wins the next federal election – but recently became a source of embarrassment after Turnbull, who had previously claimed to have never been briefed on the reasons for the ban, admitted he had in fact attended an ASIO briefing on the matter.
Meanwhile, both companies have reacted with anger to the US Congressional report, which contains five recommendations:
- US government systems and US government contractors, particularly those working on sensitive systems, should exclude any Huawei or ZTE equipment or component parts. Additionally, the Committee on Foreign Investments in the United States (CFIUS) must block acquisitions, takeovers, or mergers involving Huawei and ZTE given the threat to U.S. national security interests.
- U.S. network providers and systems developers are strongly encouraged to seek other vendors for their projects.
- Unfair trade practices of the Chinese telecommunications sector should be investigated by committees of jurisdiction in U.S. Congress and enforcement agencies in the Executive Branch. Particular attention should be paid to China’s continued financial support of key companies.
- Chinese companies should quickly become more open and transparent. Huawei, in particular, must become more transparent and responsive to U.S. legal obligations.
- Committees of jurisdiction in Congress should consider potential legislation to better address the risk posed by telecommunications companies with nation-state ties or otherwise not clearly trusted to build critical infrastructure, including increasing information-sharing among private sector entities and expanding a role for the CFIUS process to include purchasing agreements.
A number of countries have moved to review their commitment to the two companies' products. Even as New Zealand's government defends its use of Huawei equipment for the country's Ultra-Fast Broadband (UFB) project, the Green Party of New Zealand has called for a review of all the government's commitments.
A former security advisor at now-defunct networking provider Nortel warned that Huawei had aggressively hacked the company, which was based in Canada – which is now considering a similar ban on Huawei equipment in government contracts.
Meanwhile, the UK government has moved quickly to evaluate the long relationship between BT and Huawei, which has supplied the UK telecommunications giant since winning its first major contract in 2005. Huawei recently secured a leading role in the country's major super-fast broadband project, due to reach two-thirds of homes and offices by 2015.
A consistent, high standard of personal information handling practices is needed to meet...
Agencies must accept the need to shift to the cloud and therefore choose a solution that properly...
South Australia's Auditor General has uncovered a range of deficiencies in the IT security of...