15 February 2019

Do Huawei and Chinese High-Tech companies pose a threat?


Chinese telecom firm Huawei has repeatedly been in the headlines, and not just because of the pending extradition case of its chief financial officer Meng Wanzhou from Canada to the USA. In fact, numerous countries are expressing fears over national security threats that Chinese firms, such as Huawei, pose.

As an example, the Australian Parliament reported an effort to hack into its computer network. A statement on February 8 said, "Following a security incident in the parliamentary computing network, a number of measures have been implemented to protect the network and its users. All users have been required to change their passwords."

No culprit has been named, but the media was quick to report that a foreign government might have been behind the Australian attack. Nevertheless, the event illustrates the danger that the computer networks are facing theats from hostile state actors.


Furthermore, the Australian Broadcasting Corporation recently aired a report about concerns over Hikvision and Dahua security camera networks, which have the Australian market cornered. The report cited experts fearful of the possibility of China using such cameras for espionage purposes. In 2017, Hikvision led all-comers with 21.4 per cent of the global closed-circuit TV and video surveillance sector.

DJI, a Chinese maker of consumer drones, monopolises 74 per cent of the world market. Last year, the US Army banned soldiers from operating DJI drones because of security risks. The Australian Army imposed a temporary ban as well, but a spokesman told ANI that strict protocols had been implemented to avoid security loopholes. For example, drones are never connected to the internet after their initial purchase.

Huawei is a giant in the industry. By the third quarter of 2018, for example, it enjoyed a 28 per cent share of the global telecommunications equipment market, well ahead of Nokia, Ericsson, Cisco Systems and another Chinese firm, ZTE Corp.

Huawei has a key role in China's promotion of the "Digital Silk Road", including 5G mobile communications that promise higher speeds and greater capacity. 5G will promote the Internet of Things (IoT), and China's 5G industry is expected to be worth USD180.5 billion by 2026.

Yet, one after another, Western countries have prevented Chinese technology companies from bidding in national programs. The USA set the ball rolling, and Australia and New Zealand have followed suit by banning Huawei's participation in 5G mobile networks. The UK will announce its decision soon.

Washington is also putting pressure on other countries, such as Poland, not to sign up with particular Chinese companies.

In another instance, Huawei is threatening to go to court if the Czech National Cyber and Information Security Agency refuses to change its December warning about utilising Huawei's technology in critical infrastructure.

The European Union (EU) is considering plans to change the definition of critical infrastructure and to strengthen procurement rules. If enacted, these changes would exclude Chinese companies from supplying the EU's high-speed information networks.

China continues to protest vociferously, yet it can only do so by ignoring the hypocritical reality that no Western firm would be eligible to compete in similar programs within China.

Huawei founder Ren Zhengfai told a CCTV reporter, "They are foolish and will lose money if they do not buy [our products]." Ren was a former director of the People's Liberation Army's (PLA) Information Engineering Academy, and many believe he maintains links with China's military.

Leading businessmen such as Jack Ma, head of Alibaba, are commonly Communist Party of China (CPC)members. Indeed, it is difficult to imagine how such people as Ren can succeed in business without the blessings that come from party membership.

Indeed, the truth is seen in a telling statement, later redacted, by the CEO of Sogou, a Chinese tech company that excels in search engines and speech recognition. He said, "We are entering an era in which we'll be fused together. It might be that there will be a request to establish a party committee within your company, or that you should let state investors take a stake…as a form of mixed ownership. If you think clearly about this, you really can resonate together with the state. You can receive massive support. But if it's your nature to go your own way, to think that your interests differ from what the state is advocating, then you'll probably find that things are painful, more painful than in the past."

On 28 January, the US Justice Department announced two indictments against Huawei. One concerned an attempt to steal information from T-Mobile and the other to committing fraud in order to evade US sanctions against Iran.

FBI Director Christopher Wray acknowledged there was no alleged complicity of the CPC, although he reminded all that it is a matter of public record that Chinese companies must allow the government access to all its data. Indeed, China has so blurred the lines between private business and government intrusion, that others must fear such collusion.

China's National Security Law came into effect in 2015, and the Cybersecurity Law arrived in 2016. The former requires all companies and individuals in China "to maintain national security". Additionally, Article 28 in the latter requires all network operators to provide "technical support and assistance" to the government.

The CPC has also been working hard to increase its influence over private Chinese companies, particularly via the National Intelligence Law of 2017. This orders every organization or citizen to support and assist the country's intelligence agencies.

Huawei responded to an Australian ban with this statement: "Chinese law does not grant government the authority to compel telecommunications firms to install backdoors or listening devices, or engage in any behavior that might compromise the telecommunications equipment of other nations. A mistaken and narrow understanding of Chinese law should not serve as the basis for concerns about Huawei's business. Huawei has never been asked to engage in intelligence work on behalf of any government."

However, as noted above, participation in intelligence work for the Chinese government is a legal obligation without geographic boundaries. Refusing to cooperate amounts to obstruction of a state agency. Chinese law is suitably vague about the scope of this cooperation, which means the government can wield it any way that it wants. In any case, these laws simply codify what the government was already doing in any case.

By the same token, China's deliberate ambiguity also gives ample reason for foreign countries to genuinely fear the theft of data and its delivery to the Chinese government.

China has been promoting high-tech industries in order to become cyber and artificial intelligence (AI) superpower. It is investing in private companies specializing in such areas as 5G and semiconductors through state-backed venture capitalist funds. Quantum technology is another area China is pursuing, with huge potential for military applications. It was the first country to launch a quantum satellite and it claims to have developed a quantum radar.

There is a very real prospect that China will emerge as the world's leading AI superpower. By 2013, it was already publishing more AI research papers than the USA was. China has been increasing what it calls "military-civil fusion", which leverages dual-use technologies for military applications.

All these efforts blur the line between public and private. Indeed, companies have no real ability to resist the government when it comes huffing and puffing at their door.

One American expert on Chinese AI and other high-tech sectors is Elsa B. Kania. In a testimony before the House Permanent Select Committee on Intelligence in July 2018, she warned, "China's attempts to advance indigenous innovation have often leveraged and been accelerated by tech transfer that is undertaken through both licit and illicit means. This history and these techniques of industrial espionage have been extensively documented, and cases abound. Some of the more notorious examples include the theft of data on the F-35 and recent Chinese targeting of the semiconductor industry, which has involved targeted poaching of engineers and the theft of intellectual property, as well as attempted and successful acquisitions."

Kania warned of Chinese students exploiting the US academic system. "…It is clear that there are instances when the US education system has been exploited in ways that are problematic at best or, at worst, even contribute to Chinese military modernization…When students from PLA universities or Chinese universities that are closely linked to Chinese defense technological development study and pursue research in the US, there is a more definite rationale for stronger screening mechanisms to limit access to those with such direct linkages to Chinese military research."

When it comes to allowing or denying Huawei access, there is ambiguity.

Writing for the Australian Strategic Policy Institute (ASPI), Kania and Samantha Hoffman wrote, "As Huawei's reach and access expand around the world, the opportunities for Chinese intelligence to leverage its products and infrastructure for espionage will only increase. Given the opacity of these issues and inherent uncertainties, the 'case' against Huawei may not meet the strictest of evidentiary standards in a legal sense, but there are enough red flags to raise serious questions about the potential for risks that cannot be mitigated satisfactorily without greater transparency."

The authors concluded, "Ultimately, what matters isn't whether Huawei can be 'proven' to be 'guilty' or 'innocent', but whether it's prudent to let a company that is constrained and influenced both by CCP priorities and by Chinese laws and extralegal mechanisms to build or operate the next generation of Australian critical infrastructure."

One example of how Huawei may be culpable, either via deliberate espionage or through negligence, is the African Union headquarters, which was a victim of data theft for a period of five years. Huawei was the primary provider of digital infrastructure for the building.

There have been a plethora of reports in the USA about the risk that China poses in the cyber and high-tech spheres. In one research report entitled "China's Internet of Things" prepared for the US-China Economic and Security Review Commission, the authors posited, "Chinese dominance in the IoT will likely come at considerable cost to US companies and consumers, hurting both US economic and national security interests. China sees technology development as a decisive strategic resource and believes other countries' control of key technologies is a significant strategic liability…As such, China's IoT development strategy to date has been designed to narrowly serve Chinese interests."

"China is actively researching IoT vulnerabilities, both for security purposes and almost certainly to collect intelligence, conduct network reconnaissance for cyberattacks, and enhance its domestic surveillance powers. Chinese IoT security research exhibits a familiarity with exploitation methods that could lead to unauthorized access and is already leveraging machine learning and algorithmic techniques to accelerate the pace of research and develop adaptable malicious code that could affect multiple types of IoT devices."

The authors described as striking the "high degree of collaboration between civilian academic and government research organizations, private sector firms, and military and defense industrial organisations".

Reinforcing what others are asserting, the report noted, "The Chinese government has given itself nearly unchecked legal powers to harness the data and supply chains of Chinese civilian firms for uses ranging from espionage to offensive operations. In some cases, Chinese leaders may even serve simultaneously as members of major IoT firms that are ostensibly private while at the same time holding government positions within China's national security bureaucracy."

It acknowledged that "concrete evidence of Chinese government exploitation of IoT vulnerabilities is difficult to find", but that tends to be par for the course when it comes to the cyber sphere.

The authors also noted, "China's premier civilian intelligence agency, the Ministry of State Security, appears to have taken a lead in weaponising IoT exploits for both offensive and espionage operations."

While the rest of the world must be duly alarmed about companies such as Huawei, perhaps even direr is the way that the authoritarian Chinese government is using such technology to surveil and capture data on the complete populace within its own territory.

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

No comments: