Asia Time Online - Daily News
Asia Times Chinese
AT Chinese

    Greater China
     Oct 13, 2012

Page 1 of 3
US digs in for cyber warfare
By Peter Lee

Recently the US House of Representatives Intelligence Committee took a meat-ax to Huawei, the Chinese telecommunications giant, and its little brother ZTE in a 60-page report on national-security issues posed by the two companies.

The conclusion:
  • They're commies.
  • We can't trust 'em. Or, as the executive summary put it:
    The United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies. [1]
    Specifically, the committee recommended that the government


    not purchase any Huawei or ZTE equipment.

    The committee rubbed further salt in the wound by recommending that private companies not buy any Huawei or ZTE telecommunications equipment either.

    It also invited the legislative branch to expand the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) to enable it to block procurement of Chinese telecommunication equipment by US customers, in addition to exercising its traditional powers of blocking foreign investment deemed harmful to US security. CFIUS had previously blocked Huawei's participation in a deal to take 3Com private - which was brokered by Mitt Romney's Bain Capital - and recently denied Huawei's attempt to buy 3Leaf, a California cloud computing company.

    Certainly not the clean bill of health that Huawei was hoping for when it invited the US government to investigate its operations.

    It is clear that the Chinese companies were given the Saddam Hussein treatment. Just as the Iraqi despot was put in the impossible position of proving a negative - that he did not have any weapons of mass destruction - Huawei and ZTE executives were called upon to prove their companies were not untrustworthy.

    Mission unaccomplished, for sure.

    The public committee report is little more than a litany of complaints about unclear answers, insufficient disclosure, inadequate clarification, failure to alleviate concerns, making non-credible assertions, failure to document assertions, failure to answer key questions, refusal to be transparent, and so on and so forth. Huawei, in particular, was dinged for "a lack of cooperation shown throughout this investigation".

    The committee's conclusion:
    Throughout the months-long investigation, both Huawei and ZTE sought to describe, in different terms, why neither company is a threat to US national-security interests. Unfortunately, neither ZTE nor Huawei [has] cooperated fully with the investigation, and both companies have failed to provide documents or other evidence that would substantiate their claims or lend support for their narratives.
    To drive a stake into the heart of any dreams that Huawei or ZTE had of providing "mitigation assurances" - bureaucratese for acceptable measures to allay US security concerns - the committee made the interesting decision to dump all over the British government.

    Keen on Chinese investment in its backbone telecommunications networks, the British government accepted the reassurance provided by a cyber-security center, funded by Huawei and staffed by UK citizens with security clearances, with the job of vetting Huawei products for hinky bits.

    The US intelligence committee dismissed these efforts as futile given the complex, opaque and frequently updated character of telecommunications software:
    The task of finding and eliminating every significant vulnerability from a complex product is monumental. If we also consider flaws intentionally inserted by a determined and clever insider, the task becomes virtually impossible.
    In terms of specific evidence of Huawei and ZTE malfeasance, there is little meat on the bones of the public document.

    On the technical side, the evidence supporting Huawei and ZTE infiltration of the US telecommunications software presented in the public report was less than earth-shaking:
    Companies around the United States have experienced odd or alerting incidents using Huawei or ZTE equipment. Officials with these companies, however, often expressed concern that publicly acknowledging these incidents would be detrimental to their internal investigations and attribution efforts, undermine their ongoing efforts to defend their systems, and also put at risk their ongoing contracts.

    Similarly, statements by former or current employees describing flaws in the Huawei or ZTE equipment and other potentially unethical or illegal behavior by Huawei officials were hindered by employees' fears of retribution or retaliation.
    Presumably, the confidential annex to the committee report makes a more compelling case, but one has to wonder.

    According to The Economist:
    Years of intense scrutiny by experts have not produced conclusive public evidence of deliberate skulduggery, as opposed to mistakes, in Huawei's wares. BT, a British telecoms company that buys products vetted in [the cyber-security center at] Banbury, says it has not had any security issues with them (though it rechecks everything itself, just to be sure). [2]
    In a sign that no existential smoking cyber-guns had been revealed, the worst punishment for Huawei's lack of cooperation that the committee could apparently mete out (other than trying to destroy Huawei's US business) was threatening to forward information to the Justice Department concerning possible corporate malfeasance in the routine areas of immigration violations, fraud and bribery, discrimination, and use of pirated software by Huawei in its US operations.

    It can be taken as a given that the People's Republic of China (PRC) is intensely interested in cyber-espionage - diplomatic, military, and commercial - against the United States and cyber-warfare against US government, security, and public infrastructure if and when the need arises.

    However, the case that Huawei is a knowing or even a necessary participant in these nefarious schemes is unproved.

    Nevertheless, Huawei's attempts to generate a clean bill of health for itself with Western critics are pretty much futile.

    That's because government weaponization of communications technology is a given - for everybody, in the West as well as in China.

    Beneath the freedom-of-information rhetoric, the West is converging with the East and South when it comes to protecting, monitoring and controlling its networks.

    In the United States, providing government law enforcement with back-door access to networks, aka "lawful intercept", is a legal requirement for digital telecom, broadband Internet, and voice-over-IP service and equipment providers under the CALEA (Communications Assistance to Law Enforcement Act) law. The Federal Bureau of Investigation (FBI) is currently lobbying the US administration and the Federal Communications Commission to require that social-media providers such as Facebook provide similar access so that chats and instant messaging can also be monitored in real time or extracted from digital storage.

    In Europe, similar law-enforcement access is institutionalized under the standards of the European Telecommunications Standards Institute.

    Particularly in the environment after the attacks of September 11, 2001, law enforcement has expressed anxiety about "going dark" - losing the ability to detect and monitor communications by bad actors as data and telecommunications moved from fixed-wire analog systems to digital, wireless, and band-hopping protocols.

    The situation is aggravated by the availability of theoretically unbreakable public/private key 128-bit encryption.

    (I say "theoretically", by the way, because creation of the private key relies on a random-number generator on the encrypting computer. A recent study found that some programs were spitting out non-random random numbers, raising the possibility that a certain spook agency of a certain government had been able to diddle with the programs to generate certain numbers preferentially, giving said spook agency a leg up to crack the private keys through otherwise ineffective brute-force computing techniques.) [3] 

    Continued 1 2 3

  • The clean-tech trade war gets down and dirty (Oct 12, '12)

    CNOOC's Nexen deal brings out China bashers
    (Oct 6, '12)

    The horizon collapses in the Middle East

    2. Romney sings Da Doo War War

    3. Overwrought empire

    4. Anti-Iran hawks maintain PR offensive

    5. West blinks at Wahhabism's dark side

    6. Bo: political implications of a non-political crime

    7. Kazakhstan to upgrade refinery production

    8. Taiwan shaken by US conference confusion

    9. China's shake-up to shape foreign policy

    10. Agent Orange is Okinawa's smoking gun

    (24 hours to 11:59pm ET, Oct 11, 2012)


    All material on this website is copyright and may not be republished in any form without written permission.
    Copyright 1999 - 2012 Asia Times Online (Holdings), Ltd.
    Head Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East, Central, Hong Kong
    Thailand Bureau: 11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110