fbpx

Posts

“The Costs and Benefits of Banning Huawei” (Two Think Minimum Podcast)

by

Two Think Minimum Podcast Transcript
Episode 018: “The Costs and Benefits of Banning Huawei”
Recorded on: April 9, 2019

Panel Recording: TPI hosted a panel of experts on April 9, 2019 in Washington, D.C. to discuss technical concerns and the costs and benefits of banning Huawei from U.S. telecommunications markets. Experts from the National Defense University, George Mason University’s Antonin Scalia Law School, Virginia Tech, the New America Foundation and Politico participated in the discussion. The panel took place from 2:00 pm – 3:30 pm at 409 12th Street, SW, Washington, DC 20024. For event details, speaker bios, and YouTube video, please see,
https://techpolicyinstitute.org/events/the-costs-and-benefits-of-banning-huawei/ .

Scott Wallsten: 00:00:00 Hi, I’m Scott Wallsten, President and Senior Fellow at the Technology Policy Institute. Thank you all for coming here for this discussion of Huawei. I’m going to start off, just do little introduction here by the podium, and I’m going to go sit here, because it’s not me you want to hear from. I’ll just be a voice off stage, kind of peppering them with questions. To start off, new generations of wireless technology often come with fights over various things. With 3G it was GSM versus CDMA. 4G was WiMax versus LTE, and different manufacturers in countries make you better or worse depending on who wins those various fights. But with 5G it’s been different. This transition comes at the time of a confluence of increased cybersecurity concerns, tensions between the US and China, Huawei’s relatively sudden emergence as not just low cost, but high-quality provider of 5G equipment.

And as everyone knows, the US government says that Huawei allows the Chinese government to use this equipment to aid espionage, making the equipment a national security threat. Almost every major US provider has agreed not to use it. Some countries, Japan, Australia and New Zealand, have also agreed not to use it, but others like the UK and Germany have not made that pledge. The security concerns, that laypeople, people like me who know nothing, certainly seem plausible. Why wouldn’t the Chinese government try to take advantage of that if the opportunity exists? But on the other hand, these concerns peaking at the same time as broader trade disagreements with China is convenient and it plays into some of our biggest fears regarding emerging powers and protectionist impulses.

Just last week the UK’s Huawei Cybersecurity Evaluation Center said that their analysis of the equipment quote “reveal serious and systematic defects in Huawei’s software engineering and cybersecurity competence, for this reason that NCSC continues to advise the oversight board that it is only appropriate to provide limited technical assurance in a security risk management possible for equipment currently deployed in the UK, since NCSC has not yet seen a credible remediation plan.” They also concluded that it does not believe that the defects identified are a result of Chinese state interference. It’s interesting also to see how this was reported in the US versus the UK; in the US seem to be reported as Huawei’s equipment is terrible and you can’t trust it, and in the UK, it was reported as well, we can manage this risk. And you’re reading from the exact same document, but as policy analysts and just citizens, it’s hard to know what to think about this issue or even really how to think about it.

How should we weigh the risks and costs of a ban? What are the best policies going forward? Is there anything that a government or companies can tell us to shed more light on the truth? And that is what we’re going to discuss today. I’m just going to quickly introduce the panelists and then we will get started. I’m going to go in alphabetic order.

First is Dr. Charles Clancy, who is the executive director of the Hume Center for National Security Technology at Virginia Tech. He’s also a Bradley Professor of electrical and computer engineering and he served as a researcher at the National Security Agency.

We have Eric Geller, who’s the cybersecurity recorder from Politico and his beat includes cyber policymaking at OMB and the National Security Council, American cyber diplomacy efforts at the State Department, cybercrime prosecutions and the Justice Department and digital security research at the Commerce Department.

Then we have Jamil Jaffer who is executive director of the National Security Institute and Director of the National Security Law and Policy Program at the Antonin Scalia law school at George Mason University. He is also vice president for strategy and business development at Iron Net Cybersecurity.

And then we have Samm Sacks, who is a cybersecurity policy and China digital economy Fellow at the New America Foundation. Her research focuses on emerging information and communication technology policy globally, particularly China. She leads New America’s DigiChina Data Governance project, which includes looking at China’s data regime in global comparative context as debates about new policy unfold in Europe, the US and across Asia. And she leads New America’s New York cyber security digital economy round table series, bringing together experts to discuss cyber and tech policy issues.

And we have Harry Wingo, who is the chair of the Cybersecurity Department at the College of Information and Cyberspace and the National Defense University. He served as president and CEO of the DC Chamber of Commerce, Senior Policy Counsel at Google, council to the Senate Committee on Science, Commerce and Transportation, Special Counsel to the General Counsel of the Federal Communications Commission, which is right over there. And he also spent six years as a Navy Seal. I’m not sure there’s anything left to do.

With that and having spoken so quickly I don’t know that anybody can understand me, but I wanted to get my stuff out of the way, I’d like to start with Charles. If you could give us a little overview of the technical aspects of it. So when you say that there are problems with Huawei’s equipment or things that people are worried about, what exactly are we talking about? What is it that people are worried about?

T. Charles Clancy: 00:05:31 Well first of all, thank you very much for convening this panel. I think we’re all excited to speak on this topic- one of particular importance. So from a technical perspective, I’ll put on my electrical engineering professor hat for a moment. Huawei manufactures and sells and in many countries operates networking equipment. This is broader than just cellular networking equipment. It’s internet switches and routers as well, but a lot of the current concern is around in particular the 5G networking equipment. As a result there are a variety of sort of technical threat vectors that people are particularly concerned about. One is around the supply chain and the manufacturing process. There’s a lot of concern about China’s role in the standards committees and the influence that they’re having over the technology ecosystem as it matures.

Although I think that the cyber risk is, I think, a little less significant there. That’s really more of an economic risk, I think, in terms of global competitiveness from an economic perspective. As you get into the actual equipment itself, there’s a concern that there might be back doors introduced. There’s a concern that the code might just be buggy as we saw with the UK report. Particular in the UK report from last week, it basically noted that there were a lot of bugs in the code base that went into the Huawei equipment and those bugs all could lead to cyber vulnerabilities that could be exploitable by the Chinese government or by whomever wanted to discover and exploit them. That’s one set of concerns. The other is that of a software update. For example, if Huawei is providing, patches to equipment as bugs are discovered and software needs to be updated, software updates could include back doors that would allow third party access to the systems.

The area where I personally have the most concern is just the fact that in many countries, Huawei actually operates the equipment on behalf of the local telecommunications companies. It’s a fully shrink wrapped to 5G network in a box essentially, where Huawei not only sells you the equipment but also provides the managed services to operate and maintain it for you. In those cases, they are the administrators on the system, so you don’t need a back door cause they’re already in the house, if you will, and under contracts to manage it. So, all of those represent concerns that people have in the technology space and where there’s risk. The question then is how to manage that risk, and of course we have a variety of options. Here in the US we have a variety of different bans that are percolating through different legislative and regulatory ecosystems. In the UK you have more of an inspection regime that seeks to manage risk. There’s a variety of ways that you could seek to manage risk. I think all we’re trying to figure out is what’s the best approach? And whose characterization of the risk I think, is most accurate or plausible?

Scott Wallsten: 00:08:57 There are different ways of looking at the risk and we manage them in different ways. Eric, you’ve reported on how different countries are approaching this differently. How do different countries look at it and why are we in this sort of state of some thinking It’s an unmanageable risk and others thinking they can?

Eric Geller: 00:09:18 Well part of the reason that you see that divergence is a lot of companies, especially in Europe, have much stronger ties to China economically than we do in the United States. I think it’s fair to say a lot of these decisions are not based on a pure risk calculation about equipment, but based on what would happen to our economy if the second largest economy in the world decided that we were a trade adversary overnight because we banned one of their most famous products. That’s the broader context; the US is fortunate to not be that dependent on trade with China. As much as we do have this trade war going on right now, it would be a lot worse for our European partners if they made this decision to ban Huawei products. The other thing is you have a different philosophy overseas I would say especially in Europe, about the possibility of doing source code review as an assurance mechanism to see whether there are flaws in the code that doors, that kind of thing. When I spoke to Rob Strayer who’s the top cyber officials at the State Department, one of the things he said was, we constantly tell our allies when we’re talking to them that they should not count on source code review because software changes too rapidly. It’s not feasible to do source code review on a product that is dynamic. That’s an example, he would argue, of our allies bringing in this kind of, this model from a more static time when it was easier to look at something and determine the risk that pose. Today, that’s not really possible with telecommunications equipment that’s so heavily dependent on software.

With 5G that is the risk, especially as compared to 3G and 4G. It’s much more software dependent than previous generations wireless networks. I would add that as a second factor. How much do you trust in source code review? And what we’re seeing right now with even some NATO allies and EU members is, they haven’t yet made a decision to ban or not to ban, but they are saying things like, we’re looking at source code review as an option to mitigate that risk. So those are two major factors in determining where these countries shakeout based on a common set facts. If you want to look at things like the UK report, the publicly available information is there for anybody to read. But those are two of the, I would say, biggest reasons why you see different companies and countries coming to different conclusions about that data.

Scott Wallsten: 00:12:02 The first reason is that, basically, they may see the same harms that we do, but the costs of banning are much higher for them than for us. But the second is that they actually think they can do something about concerns to the extent that they are real.

Jamil Jaffer: 00:12:02 I think obviously, we face a real challenge here with this particular company. And it’s not just Huawei or ZTE, it’s other companies in this space who are a market dominators globally, and part of their market domination is because they benefit from all sorts of benefits from the Chinese government: low interest loans, a research development base that was largely stolen, that wasn’t developed a domestically. There’s a reason why a Huawei router looks like a Cisco router. It’s because it largely is a Cisco router. There are all sorts of other things going on. We saw recently, the reports about Huawei and ZTE and their efforts to evade US sanctions on Iran, and the outcomes of that. There are challenges, both foreign policy challenges but also very real technology challenges with these companies and the risk is real.

As a Charles laid out, there are a number of vectors on which you might see risks. These risks aren’t limited, to be fair, to Chinese equipment. These risks are present in any major telecommunications gear, whether it’s because the dynamic updates, or because of hardware, firmware of modifications or back doors or just simply vulnerabilities. You can imagine a world in which you’re concealing backdoor access through obscurity. Simply hiding it in the noise of a bunch of other vulnerabilities that appear to be unintentional. And as Charles correctly pointed out, you don’t need a backdoor if you’re the administrator, if you’re running the network.

In a lot of these countries, because many of these countries are just skipping over generation of wireline gear or even wireless gear and went straight to 5G, they don’t have the technological capability at home to even deliver the services. Buying it as sort of as, as described, a network in a box, is a very appealing thing particular when it comes at a low cost. And in part for China, this is also an economic advantage. Being able to get these capabilities in place allows you to leverage that for future sales of other services and gear down the road. It’s both an economic development move, it’s a strategic move, and it’s a potential intelligence collection capability. And so for all those reasons it is very hard for the US government and allied governments to stomach adopting these into the core of their networks.

At the same time, you have a situation in the UK where British Telecom has deployed Huawei gear in the parts of their network. Perhaps there’s a debate about how that went down and where that happened. You’ve got the UK National Cyber Security Center saying, look, we can take this incremental approach and evaluate each piece of gear on its merits and each software update a we need to because we can take the current software update, the next bill, compare them, identify the differences and then look at the code review just on that part. Yes, it will be slow, but it can be done, and we can go there for National Security Systems and the like, we can do it and we can do it efficiently. Now that is an open question for debate. It is interesting to see two allies that are typically so close on issues of intelligence collection and cybersecurity, almost inseparable, being sort of at odds on this question.

It’s unusual to have the US, Canada, and Australia and New Zealand one place, and the UK, literally our right-hand partner in some of these efforts, on the other side of the debate. It’ll be interesting to see how this plays out in the long run. The hard part is standing against the tide. The reality is that Huawei is deployed globally, they’ve benefited from these benefits from the Chinese government. And are we simply trying to try stem an inevitable flow? And I think that is part of what the government continues to struggle with today. I tend to be one of those people who says you’ve got to do what you got to do. And you’re standing against that flow as long as you can, but that may not be the right economic or the right national charity answered at this point. And maybe the answer is what the British had done which is to try and mitigate it as best you can.

Scott Wallsten: 00:16:03 So you see this basically two ways. One is that there is an economic factor, and maybe you can say a little bit more about why you think that part matters, why we should be concerned about that and not just take advantage of cheap equipment that, of course benefits 5G build out and so on. And then the other is the security issues.

Jamil Jaffer: 00:16:30 Well, it’s economic in two ways. One, it’s an ability to deploy a whole set of gear that is at the core of the modern communications interface, the modern global communications infrastructure and then leverage that for all sorts of things. Whether it’s access to those markets for other equipment or other services on top of that capability. But it’s also economic in the following sense which is that we know that China has been on a multi-year, over a decade, effort to steal intellectual property and to repurpose that for economic purposes back home. That’s been a huge boom to the Chinese economy because it’s allowed the development of an economic base that didn’t require an enormous amount of investment that the US companies put into that. Now, that being said, in the long run, that’s also challenging the United States because as the United Sates trends more and more away from a manufacturing economy to an innovation economy, that intellectual property, becomes more and more core to the economic success and the economic health of this country. If it’s walking out the back door or if the systems we operate on it on enable it, even in part, to walk out the back door, that is a huge gap.

Now this isn’t the only way that people steal technology and China is not the only country that does this. But it is the single largest beneficiary of it. My current CEO and the former director of the NSA Keith Alexander referred to it as the greatest transfer of wealth in human history, and that’s just actually true. How do you quantify that? There might be debates about that but I don’t think objectively that anybody can dispute the fact that this has taken place and that it is an economic challenge to the United States. You may debate President Trump’s national security policies, economic policies, there are a lot of good reasons to debate it, but one point that he made that I think everyone sort of accepted at face value which is correct, is it economic security in the modern era is national security and frankly always has been.

Scott Wallsten: 00:18:16 Who else sells 5G in a box?

Jamil Jaffer: 00:18:16 Who else sells 5G in a box. Great question. Who else wants to sell 5G in a box or could?

Scott Wallsten: 00:18:16 I mean there’s clearly demand for it, and it sounds like this is something that they developed indigenously. These countries that are going to rely on it, who would they use?

Scott Wallsten: 00:18:16 I mean they could use American telecom manufacturers or European manufacturers that are developing these capabilities, the question is at what price? And with what capability? Huawei makes cheap gear. Is it good? There’s debate about how good it is. There are plenty people say, look its service will be good. It’s good enough to get the job done, and at this price point is absolutely worthwhile and better than 10 years ago. Absolutely. And they’re increasingly getting better. There is a sort of virtual circle here for Huawei, which is that once you’re in and you’re able to get the economic benefits of the sale, you can rebuild and make it better. So that’s not to say that they’re always selling terrible gear or the gear is even a terrible now. The question of whether it’s a national security threat is a different debate.

Samm Sacks: 00:19:16 Just briefly to answer the question as well. I think there’s also overall health of this sector. So the fact that you have Huawei, ZTE and then two financially weak options in Nokia and Ericsson, and that’s what you got. And that’s its own issue. I recently got back from the UK where I was with the National Cyber Security Center. And one of the arguments that they said is, look, you don’t want to have a duopoly where you eliminate Huawei and then you’re just left with Nokia and Ericsson. But then the push back is if you accept the premise that Huawei is a bad actor, isn’t it better to eliminate a bad actor and have two rather than a bad actor and two mediocre players? So I think this gets out a larger sort of systemic issue, which is the health of this overall industry.

I specialize in a Chinese tech and cyber policy and send a lot of time looking at the relationship between Chinese companies, the Chinese government. We talk a lot about what would Huawei be ordered to do by the Chinese government. And here I think it’s important to distinguish between two risks. One as Dr. Clancy mentioned is back doors, and the other is a hypothetical future war scenario or a crisis. So my view, and I would love to hear thoughts of the other panelists on this, is that the likelihood of having an intentional vulnerability universally deployed in equipment is, at this moment, very small because if it were found- it would be found out and it would be extremely damaging to Huawei’s corporate reputation at a time where it must have global markets outside of China. And so it would undermine trust in that.

The issue that I’m more concerned about rather than a sort of universal backdoor and the equipment- and we should say at this point there is no public and potentially even no classified evidence to support that- what does worry me is this hypothetical situation of what Huawei would be implored to do by the Chinese government. So here you get into a lot of debates, and I’ve heard there’s mentioned that China has a suite of laws that would require the way to assist the intelligence and security services from the national intelligence law, the cybersecurity law, the counter terrorism law. The list goes on. I do think it’s interesting though that the narrative shifts a lot. So a lot of the times people say, China’s not a country that has rule of law, but then now that we’re like combing these laws to find the smoking gun of what Huawei would be compelled to do.

The reality is the Communist Party of China uses law selectively as instruments as it sees fit. I don’t think we’re going to find an answer per se in these laws. The other thing is that the security obligations in the laws are actually quite vague and to that extent, I think that sometimes, and my team at New America, we sort of talk about this like sort of Rorschach test, in that if you want to see a threat and a reason to be concerned, you will find it, and if not, you won’t. And this is why when we look out internationally at the UK and Australia and the US, what we’re likely to find is a spectrum of approaches because of the sort of Rorschach test mentality. Depending on your risk threshold, if you want to find- the national intelligence law is extremely broad in terms of requiring- and it actually says all Chinese organizations and citizens, would be required to support a national intelligence investigation.

There are echoes of this in the cyber security law. Huawei’s lawyers will tell you, wait a second, the cyber security law only talks about network operators and Huawei’s not a network operator. I would push back and say, yeah, but that term really has no definition. So it’s what is your tolerance for risk given this sort of Rorschach test of factors. And I would argue that in a crisis situation, that’s where the risk becomes more significant. As we’re talking about now and what exists in that equipment, it becomes impossible to determine what is buggy code, what is an intentional vulnerability that can be exploited. And here I think we have to look at what does Huawei as a commercial company need to succeed in global markets having its interests. And I’d say right now it’s not in its interest to use those vulnerabilities, but maybe that could change in another scenario.

Harry Wingo: 00:24:03 Just want to jump in. Harry Wingo, National Defense University. Just have to underscore, these are just my personal observations, not representing Department of Defense on this, but I would say this is an age old issue. You have great power competition. We’re in the middle of it. And if you consider what did electricity mean? What did radio for communications mean? If you consider Detroit in a context of how that set the United States up to have a different outcome in WWII than they would have had if you did not have that industrial capacity. So we’ve touched on some very important issues, but I think one thing to cover is where 5G fits in the bigger role of economies, not just for individual nation states. Those are great power competitors. We happen to be focusing on the United States and China, but if you consider what does this mean for artificial intelligence, what does it mean for the advance of cloud?

And I would say Sam rightly brought up Ericsson and Nokia. But if you consider where they were in previous iterations of wireless as it was progressing and they had their day. It just happens that for 4G, the United States set itself up for LTE. I worked at the FCC before Senate Commerce Committee, and I’ve also been at Google, but I have a perspective from being in the Navy previously, but all of this- think of dual use, think of consideration that the national power that will be there. If you look at the various ways that this new technology can be used, I think the bigger picture is at some point, there are good reasons to do the initial, yes, we don’t want this on our networks that’s clear. But I think the bigger picture is at some point, the best argument against the cold north wind is an overcoat. The best argument against the deluge that could drown you is to learn how to swim. And here’s an interesting point on the policy side. If you look at- there’s a Defense Innovation Board draft piece that came out very recently that talks about what happens when you consider where the United States is going with respect to the part of the spectrum and that’s important.

So who here has heard of the issue of sub six? If you look at the band that’s lower down, six gigahertz, it’s able to penetrate buildings. It has further range. You don’t have to put as much equipment out in the network. And then if you go further up to where the United States is tending to focus on right now, you go up into the 30 gigahertz range, where are you going to have more security? It’s more a directed focus beam, but you have to put out more, smaller elements in the network. The issue is that China is looking at sub 6 GHz. And that’s where a lot of the world is looking at that sub 6 GHz part and there is a very robust debate going on to say if we don’t pivot the sub six, we may end up in a deep 6 GHz, if you will. And I mean by six feet under and the chance to catch up to what it means to have a first mover advantage in this area. It’s a complicated issue and I think we’ll get the cover some more points. But the bigger thing is to consider the global supply chain and where we’ll be if we’re able to expand our view, look at how we might share or make it easier for US companies and also our allies to get into the ecosystem and not just see the field for a very important part of the spectrum and the basis upon which this technology will be deployed.

And before I end this first initial thoughts on this, I would say there’s a concept. I’m at the National Defense University. We’re right here in town, Fort McNair. I’m at the College of Information and cyberspace and our chancellor, John Wingfield, has a way of thinking of the challenges that come here. Think if you will of three concentric circles, a Venn diagram if you will. At the outer edge, consider the laws of physics or what’s possible. That’s technology, whatever we know how to do. And there’s technology involved with spectrum and microelectronics, but that’s out here. Inside of that nests the law and at various different nation states. China has their laws, we have our laws and some of the United States are nested within what’s possible. You have the law circle if you will. And that’s what’s permissible. You have things like ITAR, you have things that promote spectrum sharing, how long it takes, what Verizon gets what AT&T gets how spectrum auctions go. And then in the tightest circle you have policy and we could be flexible on policy, but that has to go through a lot of different things and if you consider the federal policy it’s necessary, and how we have to agree at the national level to address the challenges like the sub six issue that I just mentioned. China is in a very different place than we are, and that goes to how we do innovation, how we do acquisition. So I just wanted to underscore the picture of where this fits into the economy. Yes, there is a dual use issue, but in some ways the best security will be getting into the game in a way that matters globally. So we did not see the very important part of the global supply chain on this critical technology.

Scott Wallsten: 00:29:25 When you say that we’re, you didn’t say ignoring, but we’re not paying enough attention to mid band in spectrum and is that at the policy level, at the FCC level, or the firms here are not focusing on it enough because they’re worrying more about the small cells, where’s the failure?

Harry Wingo: 00:29:25 I wouldn’t start with failure as much as this is hard. And again, if you look at how the puzzle pieces fit or the chess game that plays out over a period of time, nations are in different places with respect to our democracy. How we- and I worked at the FCC, I was a spectrum auction advisor before I worked at the Senate Commerce Committee- the amount of time that it takes, how we look at competition, that’s one of the things that is a strength in the United States. But also, we have to act within that framework. If you look at China and if you look at Xi and his roadmap for 2025, Belt and Road and their ambitions for how this is going to apply, and then some of the restrictions that are facing them are not the same at all. And then if you look at the rest of the players around the globe, South Korea is making a run for this, you’ve got Japan and then you have the western nations, but the rest of the world, which way are they going to go? And considering where the United States has been on technology for that 4G sweet spot, I wouldn’t say as much as ignoring, but as much as we may have to wake up to how some of the choices that we made are playing out in the near term because the first mover advantage on this is absolutely important.

Scott Wallsten: 00:31:10 Let’s come back to the question of supply chains and sort of the competitive nature of the industry. If there are only two other major players, Nokia and Ericsson and they’re not particularly strong, it seems like there are several effects of not having Huawei. One is that prices will go up because there are fewer suppliers. There’ll be less competition. Those two companies might be subject to less competitive pressure to innovate. And you talk about AI as well. China’s market is obviously much bigger than ours, and if they’re also serving Africa and other countries, that makes their market even bigger, which gives them more training datasets for AI. Does this risk leaving us even further behind? I mean, this is of course setting aside the security issues, which I don’t know how you put those into account, but how do we, how do we deal with that protectionism? And I’m not saying this necessarily for protectionist purposes, but it’s not good for innovation.

T. Charles Clancy: 00:32:12 When you think about the supply chain, you can’t just think about the OEM that’s getting you the final product. There’s a really complicated supply chain that sits behind that. And in particular, companies like TI and Qualcomm and others are sort of the existing North American powerhouses that sit earlier in the supply chain. Now, of course, they don’t as much impact as they used to, and in particular, as China improves their chip fabrication technologies, in the next decade probably Huawei would be able to have the new process technologies in order to compete directly with the fabrication processes that some of the North American chip vendors are using.

You also need to keep in mind that 5G, the whole core network is a cloud first mentality. They redesigned all of the core network services. So instead of being telecom equipment that is rack mounted in a data room, it’s just apps essentially that live in the cloud and that makes it very elastic. The ability to do all kinds of load balancing and move around inside of a cloud environment. And to a certain extent, the skills needed to really get involved in the 5G supply chain is not as heavy a lift, it’s not a hardware. So to the extent that Silicon Valley is really good at pumping out software startup companies, I think there’s some interesting opportunities there for them to be able to get more involved in that ecosystem. Like I said, there’s a lot of focus on the final end of this, but of course we saw just last year with ZTE when there was the embargo on their use of Qualcomm. That was 40% of their handsets were using that chip set. In terms of creating a fourth option if you will, or bolstering the options that we have, it’s a little bit squishier than that because it’s a much more complicated and dynamic ecosystem right there.

Scott Wallsten: 00:34:17 I think you’re saying is barriers to entry are not as high as we might think they are

T. Charles Clancy: 00:34:23 In terms of the time it takes to actually build a piece of code that does function x, the barriers are lower. Now, on the other hand, you’ve got about a decade of technology innovation that happens before XG, before 6G comes out. Behind that is R&D that leads to intellectual property that leads to best practices and use cases that leads to standards that leads to products that lead to deployments. What we’ve seen, particularly with China’s impact in the standards community, they’ve been able to ensure that they have a much bigger piece of that royalties stack than they have in the past, which gives them an economic advantage and it also gives them more control over the intellectual property licensing needed to join that ecosystem.

Harry Wingo: 00:35:13 Just want to add on something that Charles mentioned. For example, I mentioned the focus that China has and in the so called sub six part of the spectrum that’s relevant. And there’s a difference when you’re there. One of the recommendations of the preliminary draft Defense Innovation Board report was to look at Qualcomm. Let’s say they have portion of the spectrum that they could go after, that if they were, if we were to pivot and have a focus, so you have some install base already, you have the ability to start competing and get in there in that part as well as the middle wave portion of the spectrum.

As far as AI goes, why would that matter for 5G, one of the key points on this type of technology, you consider what you can do with your phone now, imagine 10x or 20x, that capability sourced speed, low latency. And for artificial intelligence, the ability for smart city technology, if you will, think of self-driving cars or drones that can deliver things around cities and to rural areas. Once you can have the compute and have all of that connected and the capabilities and the information flow and how you can use that, that is really critical right now and cloud’s already here. But once you add that onto it, that’s really important. So it was the rest of the world goes there, the scale and the scope of that you’re able to get to faster than others, it may be very difficult to close that gap. Jamil made a point about state support for Huawei that is absolutely a critical piece here. If you look at the 25 years for that company to grow, nations act in their own interest. You had China looking at what the United States was doing, where the lead was, and through various means, unfortunately including IP theft and that support from the state. It’s been there, but that is what it is. That’s an age old story between nation states. And again, one of the most important things that we can do is take the field and compete, but in a way with an eye towards the new world competition that we have, it’s a challenging environment.

Samm Sacks: 00:37:19 So going back to the issue of competition among the existing players, I really wish that we had data on Nokia and Ericsson the same way that we have it on Huawei because the oversight board report that was a scathing indictment of buggy code in Huawei- we have no baseline to understand. Right now the narrative kind of benefits Ericcson and Nokia to say that Huawei is particularly buggy, but we don’t have any other data like it in the world. 

Scott Wallsten: 00:37:19 We don’t know about Nokia and Ericsson are equally buggy.

Samm Sacks: 00:37:19 We don’t know. I mean I would be interested to hear other thoughts on this, I mean maybe Huawei can use their state subsidies to pay for similar tests to be done on the others, which would maybe help his case or not.

Harry Wingo: 00:38:05 There’s an actually example, on the report that I mentioned and it’s pretty easy to find at the National Defense University, but Sam, it’s interesting. On page 25, there’s a direct quote of Nokia. They’re calling out Nokia Android handsets that had a backdoor. This is something that happens in a lot of places, but I would say again, there is absolutely a cybersecurity threat from China and as far as the risk or vulnerabilities and if you’re putting software, handsets, all the elements of what goes to the network, it’s a dangerous environment. Another way to look at this is if we are unable to look at a pivot or if we look at the challenges of just resetting or looking at a different approach to to really address what’s happening in this space, you also have to get ready for a world where perhaps the United States, for a time, is behind China on this. What that could mean for risks and you can mitigate risks but that, that whole approach is a different way. You’ll hear people talk about zero trust networks and approaches. It used to be you had a perimeter and then people got past that, that layer defense. But I call it the night watchman and crutch. You locked the doors but you’re always scanning and they just assumed that somebody is there trying to compromise you. And sometimes that can be friendly mistakes as well.

Jamil Jaffer: 00:39:34 Samm made a really good point earlier about this question of laws and the laws in China and the laws of the United States. The reality is that we have requirements as laws too. Our telecommunication providers have to comply with CALEA, the Communications Assistance to Law Enforcement Act. We have the Foreign Intelligence Surveillance Act. We require providers all the time to comply with both court orders and other orders to provide intelligence information and broad surveillance information. This is not some new thing the Chinese invented that we should be scared about. The reality is that we have those orders and those capabilities. At the same time, we’ve also benefited dramatically over the last two, three decades of building a global telecommunications infrastructure that’s home here in the United States, where communications across the globe at times trans-United States, as we learn through the debate over a US surveillance programs, that was a benefit to the United States and one that we carefully crafted.

The reality is we should expect the same for our competitors and our peer competitors. When it comes to this technology and the current phase is China and they’re laying out a predicate for doing the same thing. They’re putting in place the legal capabilities, whether you think that are compliant with their laws, it’s because they have a closer relationship in that country of what we think of a separation between the public and the private sector. Whether it’s illegal or a simple wink nod. And we have, by the way, have those relationships in industry too. That’s not something that’s exclusive to China. But that being said, when you’re looking at it from a US national security perspective, it doesn’t change the fact that whether we have laws like that or not, or we build a system that looks at that or not, when it’s our competitor doing it, we have a legitimate reason to be concerned about it and express that concern, try to keep that concern at bay and encourage our allies to do the same. There’s nothing surprising about what we see taking place here. And there’s nothing sort of unusual or different, it’s simply what our reaction to it is being on the other side of the receiving end of that fight.

What I will say though is unusual, and has been unusual for the last decade or so, is the use of access, to do something different than what nations have always done to one another. There’s this old song that gentlemen or gentlewoman don’t reap each other’s bales. Everyone knows that’s not true. Everyone does do it. And that’s sort of the great game and everyone gets it and everyone sort of puts up with it. What is not historically true, but what has been true in our peer to peer or near peer competition with China is that they have used that access not just for national security gain, but for economic gain. And that typically was not the methodology that, I should say at least, respectable nation states utilize. And so we’re now in a different world. Maybe that’s just the point of the realm and we have to get used to it, but the US isn’t playing that game today, at least not as far as we know. That’s a question of, is that the way the game is going to be played from here going forward and if so, great. Let’s play.

Harry Wingo: 00:42:22 Absolutely agree with that. I also wanted to point out what this technology will mean for infrastructure. So if you consider two of the key critical infrastructures that we have, in the United States, we can break it down into 16, for Department of Homeland Security purposes, but consider the electric grid and consider the telecom networks. If you look at where using cloud and artificial intelligence and smart grid for example, to get wind and solar power more integrated into the grid, 5G is absolutely going to be important in that respect. And if we’re forced to have to incorporate these types of critical infrastructure where we have a great power competitor, we have no other option that has some serious implications. Other things consider, I mentioned self-driving cars, think of tele-medicine. China is really moving fast on demonstrations of this capability, but the ability in United States to reach rural areas to- just the impacts on health care, and you can see the impact that this type of technology will have across the board. And again, the first mover advantage is absolutely essential. So in addition to economic advantage, you’re setting up infrastructure that goes through the heart of so many activities for any nation so the stakes are high.

Scott Wallsten: 00:43:32 We should go to question,; I want to make sure people have the chance to ask, but it sounds like the conversation is shifting more to this being punishment. They stole our IP, therefore we’re going to keep them out, and that doesn’t seem to me to be- actually I should have said, and maybe it is a good response to stealing IP, but is that part of the policy?

Samm Sacks: 00:44:32 I don’t know if it’s part of the policy, but I will say that I oftentimes I hear a lot of confusion about what the specific risk with Huawei is. To keep our narratives straight, you have IP theft, you have sanctions violations, and then you have espionage. I think policymakers are blurring the lines a bit in thinking about the narratives. I recently got back from a trip to Zhejiang University and they caught, they published a book on manage the management culture of Huawei that was fascinating, and they have very deep ties with Huawei. My take away from it as look, this is a company that has benefited from massive IP theft, state subsidies, but they’ve layered on top of it an extremely innovative commercial model. You have a lot of state on enterprises in China that has benefited from those exact same things and would not able to compete for a second outside of China. So what is it about Huawei? I think it’s like a hybrid of commercial innovation, IP theft, and subsidy all rolled into one ball at a moment where there is an existential crisis in the US about technological leadership and the relationship between China and the United States. And I think that is also a factor fueling a lot of the discussion.

Scott Wallsten: 00:45:29 And it seems like then it’s the US that will really suffer the harm from not allowing that innovation.

Samm Sacks: 00:45:32 I want to actually highlight two other second and third order- when we talk about sort of what are the second and third order consequences that just need to be considered as part of this conversation of what a ban does or doesn’t entail. So first one we talk about Qualcomm and TI and sort of the powerhouses in the US in this space. I think as much as 60% of some of their revenue comes from China. This isn’t just about selling out but that revenue, because we don’t have a model of sort of public support in the R&D space in this, that money from the China market is then plowed back into R&D which is part of their leadership and the 5G space.

We also have to talk about the tradeoffs in terms of world connectivity and Dr. Clancy and I, the first time we met was on a Congressional hearing last May, House Energy and Commerce Committee. And one of the key questions that was on the table was this FCC proposal that would deny carriers in rural areas access to federal subsidies if they used Huawei or ZTE in their network. There is a real trade off involved with cutting off connectivity in these areas where it’s not economical to do it. So just to throw that into the mix of factors that have to be weighed.

Eric Geller: 00:46:53 I would also say, the rural thing’s interesting to me because one of the points that was brought up at that hearing and that I know that Congress is very interested and the DOD is very interested in is you have a lot of military bases in rural areas and if the only way they can get connected to the Pentagon and to other bases is through telecommunications infrastructure that is vulnerable to Chinese interference, that’s a nonstarter for them. And so I think you’re going to see in the future, lawmakers, especially in districts that have those bases, getting a lot more interested in this issue. If the Pentagon says, the next time we do base realignment and closure, we’re going to close down or relocate bases, who’s only internet comes from a Huawei based network. That’s when members of Congress get interested.

Harry Wingo: 00:47:38 I’m so glad you said that Eric, because we consider the origins of the Internet back to Arpanet or Darko and Penn Surf and Qualcomm and those protocols. But how critical that was, implications were commanding control at the national level for absolutely the most important things ever. And look where AT&T, Bell, and it just where that was in our nation’s national security. If you go over to the military side of things, from my perspective, this is signal. This is command and control. I mentioned the dual use part. That’s what makes it tough. And so this is so new and China, they are moving so fast in this area. It would be a different issue if this was like Linux or you had open architectures and there was a different field. But even there, one of the most important changes is where the military is with respect to its ability to come to field, how it relies on commercial technologies and industry, and to not have the US globally across the board and to have to rely so much on a great power competitor like China. That’s the heart of it. Even more, that’s even more direct and saying it’s punishment.

Jamil Jaffer: 00:48:51 I think just one point to what Harry said there, which is part of the challenge with Huawei and ZTE is they’re a black box. We had Congressional hearings, we had them come and testify back in 2011, 2012, and almost no information was provided. You look at the House Intel Committee report back in 2012, they refused to provide basic information about how their company works, how it’s organized, what its responsibilities to the government are the relationship between the government infrastructure and the corporate infrastructure. And that goes all the way from governance to technology. And yes, there are studies done about their corporate culture and the like. But you scratch, it’s an inch deep and a mile wide. Part of the challenge is we’re used to in this country and in the West, very open corporate cultures that talk about- sort of that our companies that books are open to the public. You can see exactly what’s going on. They’re all publicly traded companies.

You don’t have that same level of transparency when it comes to companies like Huawei and ZTE. That creates its own level of distrust. And so, if these companies want to compete in the global environment and they’re going to do it on a peer competitor basis, well then we should expect them to be as open about their infrastructure and their finances and their relationship with governments and the like. To a fault, the US government talks about what it does, what authorities it has and what it doesn’t have. At times that results from public revelations about classified programs, but by and large, we know that the US government’s doing, and we know what companies have to do to comply with those orders. Not always, to be clear, I’m not suggesting it’s universally transparent, but it’s not unusual to expect that we would demand that of other companies if we’re going to let them into our core infrastructure.

Scott Wallsten: 00:50:25 Do you think their approach has changed at all since 2011 or 2012?

Jamil Jaffer: 00:50:30 Certainly they’ve become more open and more willing to talk about it. That being said, are we the point where they’re like a public traded company in the United States? Absolutely not. It’s part of that new response to this pressure that’s been put on them. Absolutely. And so does that mean lay off the pressure? I think maybe not. And I’m not convinced by this sort of, well, we’re going to lose a massive amount of innovation if we keep this at bay. I do think I’m more convinced by the argument, it’s like saying it’s a tide, than I am by you’re going to lose massive innovation if you don’t take this technology, and I think we’ve got the most innovative economy in the world today. That continues to be true even as we see lots of our data being stolen, and as we see it being repurposed. We still continue to innovate rapidly. Will we always hold that advantage here? The answer’s probably no, we already see that gap eroding dramatically. But the question becomes is it about technology innovation, is about national security, or is it a balance between the two? And if it’s a balance, it’s not crazy to say we are willing to trade some for the national security benefit.

Scott Wallsten: 00:51:29 We should take some questions. Somebody must have a question. If you don’t, I’m going to keep asking.

Harry Wingo: 00:51:32 Scott can we ask the questions?

Scott Wallsten: 00:51:43 Yeah go ahead! As technology is developed that is cloud based and they’re apps, those moving more and more for its software rather than hardware. It seems like that is going to have two effects. One is that, like you said, entering is easier because the code facilitates Silicon Valley style innovation perhaps, but it also seems like these problems we’re talking about are bunch of words because it’s more things that you have to check, the more different types of software to check. Is there a long term solution to this kind of problem?

T. Charles Clancy: 00:52:38 As the supply chains get more complex, the software gets more complex. In general, the complexity level in 5G is an order of magnitude greater than the 4G because of all of the new capability it seeks to deliver as part of particularly phase two of 5G. An interesting example from some of the fallout of the UK report, there was an analysis done looking at OpenSSL. So OpenSSL is a library that provides cryptographic functions. It gained visibility a few years ago when a massive bug was found- the Heartbleed bug that allowed the recovery of private keys remotely from a system.

If you look at the Huawei system that, again, there’s this whole question of how you do source code review. One of the other issues in there was what’s known as binary equivalent. So even if you have the source code, knowing that that source code is the actual binary code that’s on the system right now is pretty much impossible. There was a study that was done on those binaries and they found like four different versions of OpenSSL had been compiled into the code on the Huawei system, one of which was old enough that it actually was vulnerable to the Heartbleed bug in particular. This just gives you a view of how complicated the software supply chains are. The software supply chains are coming from open source products, from a commercially available license code, to software that’s developed in house. And being able to verify and check all of that is extremely difficult.

Companies have challenges doing that on their own products. For example, when DOD has a program where they want to see a higher level of vetting and verification of that code, it can triple or quadruple the cost of that software development effort because the time and all the additional layers that are on top of that. I guess my concern is that if here in the US we focused on trying to- we wouldn’t be competitive in cost or schedule if we try to apply a greater level of software engineering rigor to that. Certainly we’ve seen time and time again that open source isn’t necessarily the solution to the need of transparency that prevents the bugs because again, we keep finding major vulnerabilities in open source software. Again, I don’t know if that answers your question, but I’m just trying to get at how the complexity and the software focus creates a whole set of challenges, and a different set of challenges, but creates a lot of complexity that is not clear the best way to address.

Harry Wingo: 00:55:16 Just one point on complexity, great points, again, consider self-driving cars as an example. Something we’re really pushing for, not just in cities but the trucks and what that means for commerce and our way of life. And the integrated- the chip sets, the way that that service will interact with this type of system. Wow. And that’s just one example. Telemedicine is another. I think the details are hard. The attack surfaces that open up. But again, the most important thing is to make sure that we set sail as well. And this is an age old story. If you go back, there’s been examples of this type of challenge in competition on technology throughout history, but we have to remember the impact of the laws and maybe even more importantly, how nimble we are in policies and we have to make sure that we’re not holding ourselves back from being nimble enough to take the field as well.

Audience Question: 00:56:24 My name is Peter Fotelnig, I’m working for the European Union Delegation Group. The question for the panel would be: imagine your country and maybe a set of other countries would stop using the equipment of a certain manufacturer. Can you play through the scenario? What would that world look like? What would that mean for the international telecom operators, which are global companies in many cases? What would that mean in terms of security? How would the network look different? What would that mean? For instance, you’ve spoken about innovation for 6G. So how would that differ from what we have today if you would make that assumption?

Harry Wingo: 00:57:32 Peter, I’ll jump in. I think that’s an excellent question. And that’s one thing that makes it so difficult is we’re watching this play out in front of us as we speak, that’s part of the challenge. Going back again to the draft report that the Defense Innovation Board had, there are three suggestions at the end of it. One of which I thought was very interesting on the policy side, which would be to say some things can be open and maybe take an approach where you look at tariffs and you actually look for things like bad past behavior, not being open or transparent and that you look at a tariff regime especially amongst, say NATO partners or countries, that’s a different way to encourage that type of activity. But as far as to your question directly, what if we were to not go with a specific technology?

I think you’d have to distinguish, again, the dual use aspect of all of this. That’s what makes it so tough. You have with the United States and with China, the decision of what 5G needs as far as with national security on that aspect. And that’s hard to unpack. So as far as how it plays out, we haven’t seen yet how this will be global as we move forward even faster than China. China is starting to deploy billions of dollars in investment. I think all of this- we’re going to no more than a couple of months on this issue as far as where the questions going other than we know now. But I’m sorry that doesn’t exactly answer this right now. I’m curious, how do you think this plays out in the short term?

Audience Response: 00:59:22 It’s true, I also forgot my crystal ball at home.

Samm Sacks: 00:59:22 I would add to that, that we could be in an environment where third party countries are in a position of choosing between Chinese and non-Chinese vendors. To some extent, a lot of extent, from a pure segregation perspective, it’s going to be impossible in many ways. When you think about having to connect with networks that are supplied by Huawei, the standards setting process where potentially as many as 25% of standards could be coming out or other Chinese telecom companies. To the extent that type of segregation is even possible, but I do think that we are looking at an environment where you could have the choice, which means in Chinese or not Chinese vendors and getting, to this supply chain issue.

T Charles Clancy: 01:00:07 Just a quick comment on what it would look like here in the US- first I’ll note that Huawei has an extremely small market share in the US, so a ban at this point would not have a significant impact on Verizon and AT&T in particular, because they already have their 5G roadmaps that are built around Nokia and Ericsson equipment. There is of course the FCC rule making ongoing around use of universal service fund subsidies. So the issue here is that many rural carriers need subsidies to afford the capital investment of deploying a new generation of technology. The universal service fund is money that’s set aside at the FCC specifically to help subsidize those carriers. And there’s a rule making under way right now that would ban Huawei and ZTE products there.

And so, many rural carriers have basically indicated that without those subsidies, they wouldn’t have the needed capital to deploy 5G. It might be a slower 5G deployment just because of higher costs in rural areas. The other thing I want to highlight is this Defense Innovation Board report has been mentioned a couple of times. I just want to provide a little bit of context on some of what the Pentagon has been working on for the last several months. There are four different panels at the Pentagon that had been doing studies on 5G. The Defense Innovation Board just released their recommendations six days ago. And you can find them online, just Google Defense Innovation Board 5G study. They have their set of recommendations there. And we’ve talked some about the different recommendations that that are that are a part of that. The Defense Science Board is going to be releasing their study soon, which from what I understand has a lot more detail and some more provocative proposals around what we might do. The Defense Business Board is also working on a study, I’m not quite sure when theirs is going to be complete, but it’s supposed to be done soon-ish. Then all three of those studies roll into the Defense Policy Board study, which is supposed to be released in June, which will integrate and synthesize all this into what should be an overall strategy, at least on the Defense side, of 5G. So I thought that might be helpful context given the Defense Innovation Board study has come up a couple times.

Jamil Jaffer: 01:02:44 One last thing on the segregation and the markets. It’s not something that is all that unusual. As Charles pointed out today, we have a segregated system. Certain Western countries simply don’t adopt Huawei gear, most notably the United States and Australia, and the rest of the world does. And so we have that scenario today and we’re putting people to that test at some level. There’s been discussions of not sharing intelligence if people are using Huawei, I tend to think those are overblown and probably not realistic, but those conversations are being had for this very reason.

At the same time, it’s not like this is the first industry in which we’ve talked about segregated hardware. Our defense industry buys American predominantly. Now, that fades away when we start going down deeper into supply chain, start talking about chip sets, start talking about trusted foundries. You start getting into a very murky area where some of the same problems you would have a software of apply in a hardware scenario too. So our supply chains may have significant problems anyhow, but the idea that countries or allies in a given marketplace don’t buy from segregated marketplaces and it works just fine. It doesn’t destroy innovation. It doesn’t create a marketplace that’s unable to interoperate. I think it’s a concern that’s somewhat overblown. That being said, I think we have to recognize, again with this whole idea about standing on the beach at high tide, that the vast majority of the world is buying Huawei gear and is adopting and implementing it for the same reason that we’d given before, which is that it’s cheaper and it’s benefits from all of subsidies and it works.

Harry Wingo: 01:04:28 And on that last point, I want to thank Charles for putting things in context as far as the Defense Innovation Board and what’s coming after. That point about market share and the rest of the world is key because other nations, they’re thinking, hey, we need to buy something and this works. And so this is the point about looking hard at how we’re doing things here, having some humility about our share of the market and the size and the world we’re going into. Really this is a tough technological and policy question of how do we, again, not miss the boat, not stay out of it. And it’s not easy to design that. So the stakes, they’re so important because of the role that information plays, or at least the technology that allows information and in this world of cyberspace- not all critical infrastructures are created equal. And if you look at telecom, it is dual use to the biggest degree. It matters absolutely for economics, but it is the stuff that wars are fought with as well.

Audience Question: 01:05:48 Jennifer Zeng from the Epoch Times. My first question is, despite the US government repeatedly saying against Huawei, I think, a risk of security. [Inaudible] Huawei is still able to get contracts, I think from six or eight countries. So my question is, why the repeated warning from the US government has not stopped Huawei from gaining its momentum and is Huawei already unstoppable? If not, what will it take to stop gaining more inroads in this 5G network? And my second question is, I must admit I don’t understand much of what you are talking about because I’m very ignorant on the technical side. So my question is, could you give us a very simple summary of what exactly are the costs and the benefits of banning Huawei? Thank you.

Samm Sacks: 01:06:55 I’ll take the first question on why other countries are moving forward with Huawei contracts. I mentioned earlier that the risk that I’m the most concerned about is in a crisis, in a war scenario, what could Huawei be compelled to do by the Chinese government, which is sort of a hypothetical unknown. There are other governments that are less concerned about a war or having China as an adversary and so that’s a risk tolerance that they are willing to take because it seems a more remote possibility if that is the greatest concern.

T. Charles Clancy: 01:07:37 I would also say though, in writing about the way that China has been able to get so much market share both through its companies then also just political market share, what you’d find is, if you haven’t talked yet about Africa, the Belt and Road initiative has been phenomenally successful for the Africa where there are many more incentives to buy inexpensive equipment that can create this lifeline for communities that, to a degree that is, inconceivable for most of the people in this room, that is just lacking throughout that continent. You see time and time again the choice to buy inexpensive because most of the risk is hypothetical. I would also say that we have seen some instances where that risk has become real. So for example, China helped to build the headquarters of the African Union. And a few years ago during a security sweep, they actually discovered that the facilities had been bugged, that there was a security vulnerability in infrastructure in the building. And so that’s the one that we know about.

Samm Sacks: 01:09:00 Can I actually ask, is it possible, and I don’t know, maybe for Dr. Clancy, is it possible that that data could have been sent to Shanghai without Huawei’s knowledge or what’s the typical perspective on the African Union case?

T. Charles Clancy: 01:09:00 Good question. So I don’t know all the specifics of that case. Certainly there are plenty of ways that third parties could have done things like that, with or without support. But I’d have to review the technical specifics to be able to comment on that directly.

Jamil Jaffer: 01:09:20 But the larger point is that China’s spending a lot of money around the globe to buy influence and to buy credibility and to buy economic opportunities and to buy access, whether that access is intelligence access or political access. Africa is a great example- across the entire continent, China’s building parliament buildings. Just go to Djibouti, where for a long time there, the US, the French had a military facility there. Trying to build a military facility right next door and they built the parliament building there in Djibouti. Is that parliamentary building wired for surveillance? I don’t know. Is it reasonable to expect it might be? Sure. Is that a risk the Djiboutian are willing to take because they knew China’s going invest a ton of money and build a parliament they could afford? Sure.

These are tradeoffs that countries to make all the time. As Samm pointed out, it may be partly an economic calculus of who’s our friend and who is our enemy and are we really a competitor? Are we really going to find a plan of war with China? Of course not. And so does it matter to us, do we have that much information that we care about? Maybe not. Does it matter a lot to the US government that the Djiboutian parliament where we built a military base and conduct operations from is Chinese owned? Absolutely. Is that okay? Sure. Is it okay for us to be concerned about that and raise objections and put pressure on them to not take that money and not take that building? Sure. Again, we act as though 5G is some sort of new thing that nobody’s ever seen before or that the role of China and using its companies to get into other economic markets or like it’s something new that just happened in the last five years. This game has been played for decades, if not hundreds of years. We have played it better than most. It’s part of the nature of business, but the idea somehow that should pretend like it’s not a real thing and then we’re not concerned about it and not act on our own national security would be blind also.

Harry Wingo: 01:11:20 Great question Jennifer. I would say, let me start with the benefit first. The benefit upfront is that there are real risks and run or abilities that you stop. Jamil made this point earlier by saying you have a ban. I think the cost, however, maybe that answer may make it easier for us to kind of narrow our vision and not fight for it. This is contested space. I agree. This goes back, this is how business is done and to think that that is going to be the sum of the answer- I think there’s a risk, or the cost might be that we don’t realize how much this is a struggle, something that we have to fight for it and contest and earn on a global marketplace. And we shouldn’t be afraid of. But we have to absolutely recognize that the way our policy now, the spectrum policy, and how we have already set the field, you know, with our major players, telecom companies, that makes it hard. But my concern, I think the cost of that ban maybe that if we have kind of a narrow vision and don’t realize it, just as we’ve fought for many technologies, we have to convince the rest of the world. And I think part of what’s coming out in these reports that have been mentioned goes to some of the suggestions for that. And that’s important.

T. Charles Clancy: 01:12:47 I’ll just throw out an interesting anecdote along the lines of some of the comments so far. I think an interesting case study would be looking at in Iraq. When the US invaded, we pretty much destroyed the majority of the telecom infrastructure to the extent that there was telecom infrastructure there. The US reconstruction effort was funding the deployment, of at the time, Nortel equipment as the Western solution to really try and bring the infrastructure of the country back online. We were doing that kind of from our power center in Baghdad. Meanwhile, China and Huawei came in the north in the Kurdish region and began using their subsidies to push Huawei equipment out as part of the reconstruction effort of the country and their own efforts.

And so there was this really interesting environment where you had two competing national interests and two competing technology bases looking to vie to get this country back online, as sort of a proxy almost a decade ago for the struggle that we’re in today. I think what’s interesting is ultimately the decision was that these two ecosystems needed to work because it was more important for Iraq to have a functioning telecommunications backbone than it was for any one particular technology company or national entity to win this proxy battle. So at the end of the day you kind of have half the country run by Huawei and half the country run by Nortel. Now of course, ironically Nortel has since gone out of business, because of the consolidation in the telecommunication space. But again, it’s just an interesting anecdote from about a decade ago of where we’ve this play out.

Samm Sacks: 01:14:12 And interestingly, if you read Chinese military, Chinese PLA writings, suggests that a lot of time doing the Iraq situation has been, I cannot mistake how influential that has been in shaping Chinese military thinking in terms of the importance of what they call integrated electronic warfare and how taking out the telecommunications infrastructure gave the US such a great advantage. And that has been really instrumental in their planning. So I think that’s a great anecdote on many levels.

Jamil Jaffer: 01:14:56 I think your point is exactly right. Our success and our advantage in using technology and telecommunications, has informed their understanding of how they have to lead in that space. So again, this is just another aspect of what’s old is new. And this idea, I keep coming back to this idea that somehow we’re in this new totally different environment where we didn’t play this game before and oh, it’s so shocking. It’s not shocking. It’s also not shocking that we’re responding to what we know they’re doing right. These responses, and it’s back and forth, I think it’s what you would expect in this environment and it’s not unusual. And in debates we’re having over should we convince our allies not to buy it? This is exactly the debate that were had decades ago about how to put your influence in a place. And here we started through technology. It’s no different than building up roads or ship channels or any other mercantile policy from back a hundred years ago

Harry Wingo: 01:15:54 Again, we live in a world where- cyber war and uncertainties on where that’s going. We could spend a whole other session talking about where those norms are developing, the idea of how we’re going to shape those values and this go straight to that because the challenge is when you’re talking about this type of infrastructure. It is the very place where future wars- I mean there’s activities now- but if you consider that’s the challenge of putting infrastructure in your nations and then that’s where you’re forcing and there’s this pressure to pick sides. If we could conceive of different ways, sort of have some type of space where, different flowers bloom if you will, but the reality goes to how important signal communications, all those aspects have always been in warfare. But now you layer on top of that things are going to happen in this domain. Artificial intelligence in an example, when you have the speed, the low latency, the ability to talk to machines and gather data and have the very system itself being an important part of cloud and compute. You can see why it’s a tough issue to parse out.

Audience Question: 01:17:10 Richard Wang with Voice of America, I’m a reporter. Thank you very much for the wonderful discussion. I guess my question is kind of echoes Jennifer’s question, is Huawei unstoppable? In particular I want to ask, do you think the US strategy sustainable right now? The US is trying to push Huawei out, convince its allies not to use Huawei products. I think not too long ago they did an interview with a CBS reporter. Basically, he claimed that it is impossible for the US ban Huawei because their products are so good and at a very good price. And I want to know what the eventual equilibrium will be. And is the US thinking of giving into Huawei?

T. Charles Clancy: 01:18:10 My perspective would be that I think in 5G in particular, the ship has sailed to a certain extent. We have three vendors and it’s going to be a tug of war between Nokia, Ericsson and Huawei for control of market share in 5G. I think where there’s opportunity is really around 6G, as I mentioned earlier, these technologies take- you’ve got a decade to create a new generation of cellular technology. And as 5G is getting deployed, now people are beginning to set their sights on, well, what is 6G? I think if the US is looking to have a disruptive strategy, it needs to bring new vendors to the market and even more OEMs. The US needs to kind of get back into the game with 6G by showing national leadership and by launching large scale, federally funded research and development programs, those are the sorts of conversations that are beginning to happen, but they’re not quite mature yet, I will say.

Harry Wingo: 01:19:09 Great point, I agree with that. We’ve mentioned AI a couple of times, but what hasn’t been mentioned is how AI can actually go towards things like 6G or even the sharing that will be required now, how can that change to all the spectrum that’s out there? And if you look at where the United States is, the military had this portion of that lower band and you could have a different type of deployment that’s happening. The technology, I agree that’s interesting to look at it. But again, I would also say that how important this issue is. In the near term, it’s critical. Maybe a different way to look at this also is all the good that can be done with deployment, period. My point, both nations are going to try to convince the world about the importance of this debate. We’re having a national security discussion and that’s- the hard part is this has implications for national security. And that’s why there’s this huge concern that’s there.

Jamil Jaffer: 01:20:36 One thing that Charles said, which is I think really important point, which is that we as Americans tend to be very innovative as we think about next month, next week, next year, maybe five years out. We’re not looking at the 10, 15, 20 year strategy. But China certainly is tried to look at a 50, 80 year strategy to the extent that we’re going to get ahead of this problem, whether it’s on AI or 6G, we’ve got started investing, as Charles correctly says, in basic research in the next generation not just 6G, 7G and going further out. We have as a country, forgotten how to do that. Our budget decisions don’t go in that direction and the government has gotten out of that business, in large part, in favor of private industry and private industry has a motivation to make money tomorrow and next year and not worry so much about five years. It will have to innovate out of that. And so I think there really is an important point to make, particularly in this town and to Congress, which that it’s one thing to talk about banning Huawei, it’s one thing to talk about banning Kaspersky, but if you’re not investing in the long term future of this country, whether it’s STEM education, which Harry has written a lot and talked a lot about, or the investments in basic research that Charles is talking about. We’re not going to end up surviving this and it’s just a matter of being swamped in the long run. If you’re going to get ahead of this, you’ve got to play the long game and we’re not good at playing the long game.

Harry Wingo: 01:21:53 I absolutely agree with that and history has many examples. I’m a Navy person, one of the oldest had to do with the struggle between those Xerxes and the Greeks. And there was a strategist, Themistocles, who convinced his nation to develop a new type of war ship. Persians who are on their way had a certain type, Greeks took the field. It changed everything, the course of history. More recently, look at the bold type of move that you had Winston Churchill who realize you need it in 19 inch guns instead of 17 inch on battleships and as a necessity, you had to move from coal, to oil. He didn’t even have oil in place in the mid-east at that point, but it was such a big investment in the future and it changed everything. And he was right about that investment. You could look at nuclear and the United States, somebody like Rickover, very much a dual use technology, or even going further back Manhattan project, how much that cost out of GDP. Maybe even a better example was the origins of the type of cyber compute world that we live in, Bletchley Park and the allies in WWII. And look at the difference that made and that underscores how important this realm of microelectronics and information, and the stakes are very high. But as Jamil said and I absolutely agree with this, we have to invest, we have to take the field, but do it in a way that recognizes we have a great power competitor who’s giving us definitely a run for our money.

Audience Question: 01:23:29 Hi, my name is Jens, I work at the German embassy. Thank you for being here, it’s really very helpful. Could you talk a little bit about mitigation? You said at some point it’s not possible to check your network, but what can we do inside the network? Also given the situation that some allies, and you mentioned Europeans, will not completely skip a Huawei deal with some Huawei networks. Can we work on mitigation? Can we concentrate and focused on critical infrastructure for example? What’s your take on that?

T. Charles Clancy: 01:24:07 So from the mitigation perspective, of course there’s all sorts of different best practices around mitigating risks and vulnerabilities. I think what we’ve seen so far demonstrated particularly in the UK report is that the immediate concern is really buggy code, and buggy code can lead to exploitation. In terms of mitigation, being able to monitor and detect and know when faults have happened, whether they are the result of any sort of direct nefarious action or just a random- that something crashed, being able to detect and recognize when that’s happened and be able to have plans to quickly recover, and mitigate those is what is needed from a mitigation perspective. I guess the other, to get back to Sam’s point earlier, the other mitigating factor would be don’t go to war with China. And then you don’t need to worry about all the rest of it. Although again, that’s challenging.

The real concern is not what the systems can do today, but what they could do if the capabilities were augmented through software updates or other mechanisms to add malicious content. Right now, Huawei has a third, I’m sorry, 28%, market share as part of the global telecommunications infrastructure. That’s enough of a global platform that they could launch wide scale Internet disruption and take down the entire Internet if there was a motivation to do so as part of any kind of global conflict. Banning future growth- I mean, they already have enough of the Internet to be able to do things of that nature. Certainly we see a few times a year where Chinese telcos accidentally hijack large segments of the Internet to demonstrate their ability to reroute the core traffic flows of the Internet. So again, they’re already sufficiently connected in many of these cases that if we’re in a warfare scenario, I’m skeptical that there’s any mitigation that will be feasible just given the global presence. That’s not a very positive outlook.

Samm Sacks: 01:26:13 I should also say, despite what I said about Iraq and electronic integrating network warfare, that the PLA are sort of planning for, I think we also have to get away from just the DOD narrative of looking at the issue and China also does not want to go to war with us. I hear oftentimes a lot of discussion of China’s intentions, China’s doing this. China is not monolithic, and when I look at the private sector in China, I think a lot of people that, oh, there is no private sector in China, it’s all the government. That’s actually not true. I would argue that even, Huawei aside, even companies like Alibaba and Tencent are probably more powerful than many government ministries. And in fact, oftentimes butt heads with their own government because their ambitions in many ways can be undermined by Beijing. And so let’s just keep that in mind that this is not a monolithic entity that we’re talking about.

Harry Wingo: 01:27:03 You also have just the type of cybersecurity mitigation efforts that are out there in a current now state of the art, you can look at things like segmentation. You can look at the zero trust approach that I mentioned. You’ll see this with some of the very large players in the space. I worked at Google for a couple of years, I know that, Beyond Corp is an example of an effort that they have. You can find that it’s Beyond C-O-R-P. You can go research things out there. Look at Amazon. Just the headlines which you can read in the papers about it. There was, a couple of days ago, the story about Amazon and other companies that want to go after business with having cloud that will be relevant for one of our intelligence agencies and how that approach when you realize you’re going to be on zero trust networks and how do you look at the engineering of people, processes and technology? How do you stay agile? But one thing that we can’t do is have this old top down very static type of approach because the world moves a lot faster than that. So again, we have to set sail, we have to be agile and I think we’re mitigating the world have of choices, we have to take that, it just goes with the territory.