Customer choice: All countries should have at least one mobile network free from Chinese tech like Huawei and ZTE
The debate about the security of telecom network equipment has grown in recent years with focus on suppliers like Huawei and ZTE. Strand Consult has produced many reports and analyses to provide the needed facts and transparency to understand the issue. The report Understanding the Market for 4G RAN in Europe: Share of Chinese and Non-Chinese Vendors in 102 Mobile Networks provides a fact-based accounting of the amount of Huawei and ZTE equipment in European mobile networks. This is important information for consumers to make informed decisions about which mobile operator they choose.
Increased importance of network security
Telecom networks are the foundation of the digital society. COVID19 proved that telecom networks are essential, as they have allowed people to work, learn, shop, and get healthcare from home during a period of lockdown and social distancing. Consequently, the importance of security and resilience of these networks is heightened. Policymakers are justifiably concerned about the vulnerabilities of these networks. The want to examine the network elements–their vendors, supply chains, and protocols and adopt measures to secure them.
Many countries have implemented restrictions on Huawei and ZTE. These restrictions have followed extensive investigations which have uncovered many red flags including but not limited to the inability to establish the technical baseline that the systems are not compromised by backdoors, inability to demonstrate that the Chinese government and military are not integrated with the enterprise, lack of operational and financial transparency and disclosure, illegal and unethical business practices, and violation of international law. These investigations also follow the hardening of the Chinese regime under General Secretary Xi Jingping and the demonstrated aggression and repression against the people in Hong Kong, Xinjiang, and Tibet in addition to the widespread implementation of surveillance technologies and practices on the Chinese people. Thus restricting the implicated firms and technologies is a prudent response from a nation which wants to protect the privacy, sovereignty, and security of its people and assets. This is hardly a new concept; NATO has never purchased Chinese fighter jets or Russian submarines or Huawei telecom equipment. It follows that in a world with a new threat landscape, policymakers need to review and update the standards for telecom network equipment.
Consumers are increasingly savvy and concerned about the privacy and security of their data; moreover they expect their suppliers to demonstrate ethical behavior and good governance. Telecom operators and governments are well-aware of this, but they have responded differently. There are three categories of response: some recognize the threat and remove vulnerable elements like Huawei and ZTE from their networks; others which recognize that Huawei and ZTE are problematic but believe that the risk can be managed; and finally, those which do not believe there is a problem and continue to use Huawei and ZTE. For the customers of the networks in the last two categories, they cannot exercise their right to limit their exposure to Huawei and ZTE unless (1) there is transparency of the elements and (2) there is a safe network alternative.
Indeed private and corporate customers increasingly demand that telecom operators improve security of networks. They want to limit if not eliminate the risk of theft, espionage, surveillance, sabotage, and other compromise of their information. As such, many operators choose not to renew their Huawei and ZTE contracts, or they launch a rip and replace effort to upgrade networks with secure equipment. See Strand Consult’s research note The pressure to restrict Huawei from telecom networks is driven not by governments, but the many companies which have experienced hacking, IP theft, or espionage
Consider Belgium, the headquarters of the European Union, NATO, and many firms in the defense, pharmaceutical, and other advanced technology industries. Until now, it was impossible to choose a telecom operator which had not exposure to Huawei or ZTE. Fortunately, in late 2020 Proximus and Orange moved to upgrade their networks with secure, non-Chinese equipment. This is not just an issue for Brussels or big cities; consider Puurs, Belgium, the European epicenter for the COVID19 vaccine. Pfizer and BioNTech will likely demand additional measures to secure their networks, as China’s state-sponsored hackers have targeted vaccine-related information. Strand Consult details this in its note
Telecoms operators’ next big challenge is the 100,000 Chinese hackers attacking their corporate customers every day.Simply put, all customers deserve secure networks, and people should have the option to choose at least one network which does not have Huawei or ZTE equipment. In any event, regulators are already demanding tougher network security standards, and telecom operators find that a secure network strategy built on non-Chinese equipment is a competitive advantage in the market.
Huawei is not the only risk
It does not take a rocket scientist to conclude that eliminating Huawei and ZTE in themselves is sufficient to make networks secure. There are other vulnerable vendors, and moreover, other parts of the networks are also vulnerable. While securing safe transport of data is laudable, network operators must also consider how data is processed, stored, and accessed within the network—indeed these operations may be even more vulnerable. This means that it is not enough to opt out of Huawei for routers, switches, and base stations. The choice of servers, software, and end user devices must also be scrutinized. A wise network strategy reviews all the network elements for their vulnerabilities and upholds the same standards. Smart and clean network strategies will opt not for technologies produced by entities owned and affiliated with the Chinese government and military, like Inspur, Hikvision, Lenovo, Alibaba, and Tencent. Indeed these firms have been restricted in federal networks in US for some time, but they pose the same risks to consumer and companies.
A related issue is the development of artificial intelligence, facial recognition, and other technologies under unethical, if not illegal, conditions, which are subsequently integrated into consumer and enterprise products and services. In December 2020, the Washington Post described a chilling patent application by Huawei, the Chinese Academy of Sciences, and Megvii for the identification of Uighur Muslims at large in China and automatically reporting them to the police. The widespread deployment of Megvii’s Face++ technology in consumer products such as smartphones made by Huawei, Xiaomi and Vivo; “smile-to-pay” terminals by Alibaba; and laptops made by Lenovo (in addition to Lenovo seeding Face++ development) have caused reputational headaches. China’s development and use of surveillance technology for repression of human rights has sparked a global backlash from the US Department of Commerce Entity List designation on Megvii; condemnation by Human Rights Watch, and bans proposed by Council of Europe.
China in the world today is no longer the “responsible stakeholder” of the early 2000s. The rise of Xi Jingping has been coupled with aggressive urgency to control and militarize; and information technology is critically integrated in its global strategy for geopolitical and economic domination. Look no further than China’s Great Firewall, in which it has unilaterally blocked the media and internet from abroad, both to force the use of domestic tech champions as well as to prevent its people from consuming foreign ideas of freedom and democracy. Strand Consult has described this in You’re Not Welcome: An Analysis of Thousands Foreign Technology Companies Blocked by China Since 1996 While there is still trade and exchange with China, it is prudent and rational to review and restrict those products and services which are critical to privacy, security, and sovereignty—not the least of which are the elements of telecom networks.
Fortunately, the efforts to rip and replace Huawei and ZTE have not increased the cost of 5G or slowed its rollout. There any many competitive vendors from safe nations. Indeed by restricting Huawei and its anti-competitive practices has made a space from entrants like Samsung to compete in the network equipment space. However, policymakers must be on guard for attempts to hijack the efforts to build clean networks and safe alternatives. Already 44 Chinese companies have joined the OpenRAN effort, a strategy to reduce Huawei’s presence in 5G, and some telecom operators cite OpenRAN as an excuse not to remove Huawei equipment, saying that they will wait until OpenRAN equipment is ready, which may be 5 or more years in the future.
To learn more about this complex issue, see Strand Consult’s many reports about China and cybersecurity.