A Congressional panel has concluded that Chinese telecom firms Huawei Technologies Ltd. and ZTE Corp. pose a significant risk to U.S. national security, and recommend that American companies avoid any and all business relations with the technology giants.
House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger issued a report which examines the possibility of "cyber espionage and predatory disruption or destruction of U.S. networks" after an investigation failed to alleviate concerns over close ties between the Chinese government and the two communications technology vendors.
"We have serious concerns about Huawei and ZTE, two Chinese telecommunications companies looking to gain market share in the United States, and their connection to the communist government of China. We warn U.S. government agencies and companies considering using Huawei and ZTE equipment in their networks to take into account the affect if could have on our national security,” said Ranking Member Ruppersberger in a committee press release.
The House Intelligence Committee initiated a full investigation in the fall of 2011 after a preliminary review of Chinese espionage operations uncovered evidence of threats aimed at the U.S. technology supply chain, critical infrastructure, and proprietary information.
“We have to be certain that Chinese telecommunication companies working in the United States can be trusted with access to our critical infrastructure,” said Chairman Rogers.
Concerns about the companies were further heightened after former Pentagon analyst F. Michael Maloof wrote that the Chinese government may have backdoor access to as much as 80 percent of the world’s telecom traffic, and that the mechanism for this “pervasive access” is made possible by Huawei and ZTE which supply equipment to nearly all of the fifty largest telecom operators in over one-hundred and forty countries around the world.
Huawei also raised some eyebrows earlier this year at a conference in Dubai with the disclosure that the company remotely monitors data transmissions on their networks by way of Deep Packet Inspection (DPI) techniques. Huawei insists that the practice is only conducted for the purpose of identifying malicious code and illegal activity and not for illicit surveillance, but the acknowledgement of the capability is nonetheless cause for alarm.
The House Intelligence Committee report stated: “Any bug, beacon, or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failures throughout our networks. As this report shows, we have serious concerns about Huawei and ZTE, and their connection to the communist government of China. China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation. American businesses should use other vendors.”
The House Intelligence Committee report includes the following five recommendations:
- US government systems and US government contractors, particularly those working on sensitive systems, should exclude any Huawei or ZTE equipment or component parts. Additionally, the Committee on Foreign Investments in the United States (CFIUS) must block acquisitions, takeovers, or mergers involving Huawei and ZTE given the threat to U.S. national security interests.
- U.S. network providers and systems developers are strongly encouraged to seek other vendors for their projects.
- Unfair trade practices of the Chinese telecommunications sector should be investigated by committees of jurisdiction in U.S. Congress and enforcement agencies in the Executive Branch. Particular attention should be paid to China’s continued financial support of key companies.
- Chinese companies should quickly become more open and transparent. Huawei, in particular, must become more transparent and responsive to U.S. legal obligations.
- Committees of jurisdiction in Congress should consider potential legislation to better address the risk posed by telecommunications companies with nation-state ties or otherwise not clearly trusted to build critical infrastructure, including increasing information-sharing among private sector entities and expanding a role for the CFIUS process to include purchasing agreements.
The investigation of Huawei and ZTE included a trip by Ruppersberger to Hong Kong last spring meet with ranking officials from both companies, as well as testimony by company executives before the Committee in open hearings.
“It is our responsibility on the Intelligence Committee to protect our country’s national security. That is why we launched this investigation in the first place. We depend on our nation’s networks for so much of what we do every day," Ruppersberger said.