US lobby group calls for open standards to fight Huawei 'threat'
There's an 'undeclared war' going on
A US lobbying group is calling for open standards as a solution to the supposed security threat posed by Huawei.
The not-at-all-creepily named Global Cyber Policy Watch (GCPW) is calling for more investment from the US government to fund research to help it catch up. But it believes open, interoperable standards are the only hope to help increase the number of 5G providers and improve security.
The group has no doubt that Huawei, respite its many protestations otherwise, is an arm of the Chinese government and is a real and present danger to US interests.
GCPW is also concerned by noises coming out of US President Donald Trump's administration that it is treating Huawei as an economic rather than security issue. They welcomed bi-partisan efforts by Senators Marco Rubio and Mark Warner to warn Trump not to treat Huawei as a bargaining chip in trade negotiations.
The effective ban on American companies selling software, hardware and services to Huawei is as a result of the administration placing it on the so-called Entity List earlier this year. The US last month granted yet another "extension" to Huawei, allowing it to continue to buy and use American components and software, despite being on the ban list, amid supply chain concerns.
The senior spies – including ex-secretary of Homeland Security Tom Ridge, Nate Snyder, also ex-Homeland Security, and Chris Cummiskey, former under secretary for management at the US Department of Homeland Security – accepted the huge potential of 5G networks but described Huawei as an instrument of state and "a massive, massive security threat" to US national interests.
The group offered no specific evidence of Huawei backdoors and admitted to reporters, including The Reg, there was no smoking gun linking Huawei to Chinese police surveillance on protesters in Hong Kong. But they said given China's previous willingness to steal technology secrets, allowing Huawei into critical infrastructure was too big a risk – a view not entirely supported by the likes of Germany or the UK, among others.
Excluding Huawei from UK's 5G will harm security, MPs warnREAD MORE
GCPW also pointed to the work of the Linux Foundation-hosted Open Network Automation Platform (ONAP) – ironically, Huawei is a major contributor (see here and here) – and the Open Radio Access Network (O-RAN) Alliance, which promotes open standards around networking kit. The former government folk describe Huawei as "the lone holdout" on O-RAN. The Chinese firm said earlier this year that it did not plan to join and that it was unconvinced of the merits of white-box hardware and standardised interfaces.
To put this in context, OpenRAN fans hope to allow radio area networks to be built from different vendors' systems – and any network wanting to shut out Huawei completely would need standardised interfaces and interoperability everywhere.
Huawei owns about two-thirds of 5G-related patents. Ridge told reporters that Huawei's offer to license its software was not sufficient to guarantee "security". He was unwilling to answer a question as to why he'd recently joined NSO Group, which sells hacking tools to break encryption, except to say that governments needed to listen to enemies, rather undermining the main message.
The group's documents claim that mobile networks using Huawei kit are locked in and that "the entire network will need to be ripped out if a bug or security flaw were to be identified". Which doesn't sound like a typical network made up of hodge-podge kit and software from dozens of vendors.
The O-RAN Alliance claims many members ranging from mobile operators like BT, Orange and T-Mobile to kit makers including Broadcom, Ciena, Cisco, Intel and Qualcomm, as well as academics, such as Kings College London.
The Reg has asked Huawei for comment. ®