Costs and Benefits of Banning Huawei

TPI recently convened a panel of experts to discuss the costs and benefits of banning Huawei equipment from telecommunications networks, particularly new 5G networks. Huawei has become the leading global manufacturer of networking equipment, with Nokia and Ericsson trailing behind, although its share of the U.S. market is much smaller. Huawei also manufactures handsets and software platforms, raising concerns that its influence in 5G networks around the world could become a powerful asset for Chinese industrial policy.

Our five key takeaways from the event are:

1. The underlying issues Huawei and ZTE are making us confront are not new. Determining the best responses to other countries’ industrial policies is an age-old national security and foreign policy problem.
2. Huawei became a market leader through government subsidies, IP theft, and their own R&D. They remain strong and continue to grow because network operators, especially in low-income countries, highly value the low-cost, off-the-shelf networks (“network in a box”) Huawei can provide.
3. Identical approaches to risk analysis can yield different conclusions. Huawei is a bigger part of European networks compared to U.S. networks. Because the cost of a ban is likely higher in Europe than in the U.S., European countries may be more likely to accept the risks.
4. It is difficult to assess the relative security threats from Huawei equipment because its primary competitors, Ericsson and Nokia, have not subject to the same level of public testing yet.
5. For the U.S., long-term solutions include additional public and private investments in R&D and a better understanding for why Silicon Valley companies have not entered the relevant markets in meaningful ways, especially as networking migrates from hardware to software solutions.

Further explaining the five points:

1. The underlying issues Huawei and ZTE are making us confront are not new. Determining the best responses to other countries’ industrial policies is an age-old national security and foreign policy problem.
   
   Harry Wingo, chair of the Cyber Security Department of the National Defense University, College of Information and Cyberspace, noted that the question of foreign technology suppliers is an age-old issue. This discussion is occurring in the middle of a great competition between the U.S. and China, but we have faced similar issues in the past. Signal communications have always been of critical concern in warfare and national security. He cited examples of industrial policy in World War II, nuclear policy in the Cold War, and even further back to shipbuilding among the Greeks and Persians.
   
   
2. Huawei became a market leader through government subsidies, IP theft, and its own R&D. The company remains strong and continues to grow because network operators, especially in low-income countries, highly value the low-cost, off-the-shelf networks Huawei can provide.
   
   Jamil Jaffer of the National Security Institute and Antonin Scalia Law School noted that for many countries, buying a “network in a box” is convenient, and for China, the Huawei business model is an economic, strategic, and in some cases, security strategy.
   
   Eric Geller, Cybersecurity Reporter for Politico, noted that China’s Belt and Road initiative in Africa has successfully delivered inexpensive Chinese equipment to underserved areas.
   
   Samm Sacks of the New America Foundation in the Cybersecurity Policy and China Digital Economy program noted that Huawei has grown as a private company to achieve market share where other firms have not found business reasons to manufacturer cheap equipment, leading to the rise of a strong Chinese competitor.
   
   Sacks warned against conflating Huawei with the Chinese government. The Chinese government isn’t as monolithic as it appears; Tencent, Alibaba, and Huawei have influence as private firms to shape policy while also being influenced by government objectives.
   
   
3. Identical approaches to risk analysis can yield different conclusions. Huawei is a bigger part of European networks compared to U.S. networks. Because the cost of a ban is likely higher in Europe than in the U.S., European countries may be more likely to accept the risks.
   
   British Telecom has Huawei gear in its network and the UK reviews the code in each component, as described in a recent UK report, says Jaffer. He mentioned that it’s unusual to see the US and UK diverge on security-related issues, but they have different approaches toward Huawei. The UK believes it can mitigate the risks of using Huawei equipment, while the US prefers to exclude the company’s products from U.S. networks. Economic security is national security, particularly when critical infrastructure is implicated.
   
   Geller notes that African countries have similarly weighed their reliance on China’s private sector against security risk. Computer bugs were allegedly found in early 2018 in African Union government buildings wired by Huawei, for example.
   
   Sacks noted that the bifurcation of Chinese and non-Chinese suppliers around the world may be one result of these concerns and different weights applied to risk analysis.
   
   
4. It is difficult to assess the relative security threats from Huawei equipment because its primary competitors, Ericsson and Nokia, have not been subject to the same level of public testing yet.
   
   Sacks asked whether studies existed comparing Nokia or Ericsson equipment security to Huawei? If backdoors and vulnerabilities come from buggy code and under-secured updates, we should know how all the providers stack up. Jaffer responded that it’s important to note differences in the U.S. and Chinese business transparency. The U.S. requires providers to implement security and share information as needed with compliance and security standards. Huawei and ZTE have been black boxes from explaining governance to technology, when they could have been open to Congress and the public in their accounting statements and documentation. We don’t have that transparency with those firms, leading to distrust. We don’t see transparency from Chinese firms like publicly traded companies in the U.S.
   
   T. Charles Clancy of the Virginia Tech’s Hume Center for National Security and Technology and Professor of Electrical and Computer Engineering noted that the U.S. Department of Defense will be releasing more detailed analysis of 5G network vulnerabilities soon. There are 4 panels at the Pentagon studying 5G. The Defense Innovation Board has already released a report, the Defense Science Board will release their study soon, the Defense Business Board will write a report, and the Pentagon will formulate a strategy in this area.
   
   
5. For the U.S., long-term solutions include additional public and private investments in R&D and a better understanding of why Silicon Valley companies have not entered the relevant markets in meaningful ways, especially as networking migrates from hardware to software solutions.
   
   Sacks noted the thin market of existing suppliers of the relevant equipment: “Who else is there other than Huawei, Ericsson, and Nokia?” This relatively small number of firms and lack of any major U.S. providers presents long-term problems that require long-term solutions.
   
   Wingo emphasized the need to have a robust debate on Huawei but to look ahead at what’s to come. The importance of having first mover advantage in 5G, artificial intelligence, and cloud-based networks should not be underestimated. The best security is to be global leaders in the marketplace. Wingo cited President Xi’s 2025 plan and ambitions in China’s Belt and Road initiatives where the country is focused on building the future around the world. The U.S. leads in 4G networks, but should be concerned about what it 5G first mover advantage might mean.
   
   Clancy elaborated on what competitiveness in 5G and beyond looks like. The supply chain is increasingly based on cloud computing and software, not hardware. The skills to get into the 5G supply chain are now software-based. The ecosystem is complicated, he said, citing the ZTE embargo on the Qualcomm chipset. A decade of innovation happens before the next generation, like 6G, is released, and China has made sure that it’s getting a bigger part of the IP stack than before through the standards-setting process. Hopefully, he notes, this change should make it possible for Silicon Valley-style innovation to bring new entry into this critical market.

Additionally…

Clancy cited the recent UK Report that explained concerns about 5G standards, the technology ecosystem, backdoors, and Huawei’s buggy code that could allow third party access to increasingly software-based telecommunications networks. Source code review is one way for governments and private firms to manage risk.

Wingo argued that the U.S. is ignoring the sub-6 GHz bands in favor of millimeter wave bands. China is actively developing technology for the sub-6 GHz bands.

Geller noted that U.S. rural broadband networks have relied on Huawei equipment and this may affect how Congress treats rural broadband policy.

Clancy noted the importance of software-updates in Huawei networks. He cited that in one case, there were 4 different versions of OpenSSL found on a Huawei network after updates. One of those 4 versions was vulnerable to HeartBleed backdoor code. Buggy open source software is very much part of the conversation in the complexity and challenges in secure 5G networks. Supply chains for 5G are more complicated than other supply chains. He noted that immediate concerns with 5G networks include buggy code and being able to distinguish between nefarious code or innocent bugs. One easier mitigating factor is not to go to war with China.

For more in-depth analysis of the latest policy questions in technology and telecommunications, follow TPI on Twitter and tune in on Facebook!