In February six us Intelligence agencies warned Americans against using cellphones made by Huawei, a Chinese manufacturer. They warned that the company is “beholden” to the Chinese government and that we shouldn’t trust their electronics.
Recently Sen Liz Cheney introduced a bill into Congress that would prohibit the US Government or any contractors working for it to use electronics from Huawei or from another Chinese company ZTE Corp. Additionally, any US military base would be prohibited from using any telecom provider who has equipment from these two vendors anywhere in their network.
For anybody who doesn’t know these two companies, they manufacture a wide array of telecom gear. ZTE is one of the five largest cellphone makers in the world. They also make electronics for cellular networks, FTTP networks and long-haul fiber electronics. The company sells under it’s own name, but also OEMs equipment for a number of other vendors. That might make it hard for a carrier to know if they have gear originally manufactured by the company.
Huawei is even larger and is the largest maker of telecom electronics in the world, having passed Ericsson a decade ago. The company’s founder has close ties to the Chinese government and their electronics have been used to build much of the huge wireless and FTTP networks in China. The company makes cellphones, FTTP equipment and also is an innovator in equipment that can be used to upgrade cable HFC network.
This is not the first time that there has been questions about the security of electronics. In 2014 Edward Snowden released documents that showed that the NSA had been planting backdoor software into Cisco routers being exported overseas from the US and that these backdoors could be used to monitor internet usage and emails passing through the routers. Cisco says that they had no idea that this practice was occurring and that it was being added to their equipment after it left their control.
Huawei and ZTE Corp also say that they are not monitoring users of their equipment. I would assume that the NSA and FBI have some evidence that at least the cellphones from these companies can be used to somehow monitor customers.
It must be hard to be a telecom company somewhere outside of the US and China because our two countries make much of the telecom gear in wide use. I have to wonder what a carrier in South America or Africa thinks about these accusations.
I have clients who have purchased electronics from these two Chinese companies. In the FTTP arena the two companies have highly competitive pricing, which is attractive to smaller ISPs updating their networks to fiber. Huawei also offers several upgrade solutions for HFC cable networks that are far less expensive than the handful of other vendors offering solutions.
The announcements by the US government creates a quandary for anybody who has already put this gear into their network. At least for now the potential problems from using this equipment have not been specifically identified. So a network owner has no way of knowing if the problem is only with cellphones, if it applies to everything made by these companies, or even if there is a political nature to these warnings rather than a technical one.
Any small carrier using this equipment likely cannot afford to remove and replace electronics from these companies in their networks. The folks I know using ZTE FTTP gear speak high praises of the ease of using the electronics – which makes sense since these two companies have far more installed fiber customers worldwide than any other manufacturer.
Somebody with this equipment in their network has several quandaries. Do they continue to complete networks that already use this gear or should they somehow introduce a second vendor into their network – an expensive undertaking. Do they owe any warnings to their own customers (at the risk of losing customers). Do they do anything at all?
For now all that is in place is a warning from US intelligence agencies not to use the gear, but there is no prohibition from doing so. And even should the Senate bill pass it would only prohibit ISPs using the gear from providing telecom services to military bases – a business line that is largely handled by the big telcos with nationwide government contracts.
I have no advice to give clients on this other than to strongly consider not choosing these vendors for future projects. If the gear is as bad as it’s being made to sound then it’s hard to understand why the US government wouldn’t ban it rather than just warn about it. I can’t help but wonder how much of this is international wrangling over trade rather than any specific threat or risk.