Huawei won a contract in Oz. Of course there's a whispering campaign

Comment Huawei has won another sizeable contract, this time in Australia, and with it come the all-too-common accusations that the company is a national security risk.

The contract in question is an LTE-based 1800MHz rail radio network worth AU$136m (£76.4m) for the State of Western Australia's Public Transport Authority (PTA). Huawei will build and maintain (but not operate) the network. Physical infrastructure will be constructed by a local partner called UGL.

On a global scale, Huawei appears well-suited to provide the kit – its carrier customer list includes BT, Vodafone, Orange, Bell Canada, Clearwire and others – but it has copped political criticism on security grounds, as exemplified in this segment of respected current affairs radio program the Australian Broadcasting Corporation's PM.

Ever since the era of the Barack Obama presidency, when use of its products was slammed in a US Congress House intelligence Committee report, the United States has worked to cap the Chinese giant's ambitions. Under the even more hostile administration of current president Donald Trump Huawei's been a banned from selling to the US military.

In 2012 Australia unofficially barred Huawei from participating in its National Broadband Network project; that ban was made official in 2013. Since then, there has been a persistent whisper campaign against any ambitions the company might have to sell 5G systems to Australian telcos.

One thing all those incidents have in common is the absence of a detailed brief against the company, in public, supported by testable technical information.

Boo! It's be-hind you!

That's a sad state of affairs because Western Australia opposition leader Mike Nahan hit the airwaves to say that there's a security risk in this contract. That assertion was not only repeated, but backed by the Australian Strategic Policy Institute, whose analyst Tom Uren told ABC the company is subject to Chinese government demands for co-operation; and that security is given too little prominence in assessing contracts of this kind.

The second assertion may well be true, although Western Australia's Public Transport Authority said it asked the federal government to approve the contract on security grounds, twice, and received an all-clear.

The first statement – to quote Uren, "Certainly Chinese intelligence law requires companies to assist in national intelligence efforts" – is hardly remarkable. It's a frequent requirement by governments democratic and otherwise.

To cite just three examples of government interference in telecommunications:

• All telcos in Australia are required to provide assistance to law enforcement, at least all the way up to the Australian Security Intelligence Organisation (there isn't a hardware vendor community to regulate, to any significant degree).
• In the US, as we've previously confirmed with the FCC, international cable owners can't land their services without signing an agreement with the FBI to support its activities, all the way up to warranted surveillance.
• The UK's Investigatory Powers Act – currently under a High Court challenge – mandates service provider assistance to the state, all the way up to breaking encryption.

The lack of usable information leaves one side of the non-debate, national security, able to speak unchallenged, and as we can see in the international debate over encryption, such agencies are actively advocating for the end to encryption of personal communications.

It's hard to keep a secret on a network

From both a feasibility standpoint and a tactical standpoint, an attempt to create some kind of state-sponsored vulnerable network for the PTA – or any customer – is flawed.

For example, look at Layer One – the physical transmission of messages. The PTA is buying a radio network. Anybody with a suitable receiver can at least detect the messages.

Doing something with what you receive is probably another matter: the Perth system is based on the 4G LTE standard, and LTE communications are encrypted (if the operator chooses to enable it).

If you want to see the various layers of encryption applied to LTE, here (PDF) is a good backgrounder in a presentation given to the 2015 RSA conference.

But Huawei is the supplier, it can see all the messages

It's true that an "insider" is in a privileged position to control an LTE network – and, as we reported at the end of June, LTE is riddled with vulnerabilities.

However, if it's responding to a government demand, the insider needs to be in a position to do something with what it collects – and here, it's vulnerable from a tactical point of view.

Exfiltrating data from compromised hardware demands you assume that nobody will ever notice the outgoing traffic, even if that traffic is traversing networks and equipment beyond Huawei's control.

I don't buy it, because I doubt China's security services would take the risk of sending a stream of packets somewhere. Such actions are not hard to detect.

Can't the vendor cripple the network?

Crippling the network makes discovery a certainty.

Huawei didn't win a contract to operate the network – only to build it and maintain the equipment. Sure, a maintenance worker could do something to the kit that breaks the network, but when the trains stop, someone's bound to notice.

Attack from outside – a mythical "death packet" taking down the network – is also high risk because at any point in the chain, competent security might either block the traffic or, worse, see it taking place (the Australian National University, the ABC reports, has suffered a breach, but it's worked hard to avoid letting the attackers know they've been detected).

Yes, this is a theoretical discussion – but that's the only debate that can be had at the moment, because the infosec community maintains its long-standing refusal to put debatable facts on the table. ®