Huawei denies security risks of Chinese ties

Huawei this week released a security whitepaper claiming it had “never damaged any nation”, never intended to steal state or corporate secrets, and would not tolerate illegal activity.

The document (pdf) came after a decision by the Federal Government to ban Huawei from bidding on National Broadband Network work, and criticism from the US Government about the organisation’s alleged close ties to Bejing.

Governments said those ties could result in the network giant allowing Chinese organisations to commit espionage by accessing data within Huawei infrastructure.

Although the report did not cite the allegations, it took pains to outline that ostensibly trusted companies like rival Cisco, Intel, Alcatel-Lucent and Ericsson had significant interests in China.

Huawei asked if comments by Cisco chief executive John Chambers about Cisco “becoming a Chinese company” was tantamount to being “foreign developed”.

More broadly, the report claimed global companies -- like itself -- would risk collapse should they engage in acquiescing to government requests to commit espionage.

Huawei’s global security officer John Suffolk, who authored the 16-page report, blamed “politically or competitor-inspired negative commentary about cyber security” for government suspicion.

“While worry about breaches of cyber security is understandable and legitimate, the rhetoric risks distracting from the wide range of challenges our industry faces,” Suffolk said.

“Achieving an effective, global, industry-wide solution is going to demand sober and fact-based dialogue, not commercial or political jousting.”

Technology infrastructure was built and sourced from nations all over the world, Suffolk said, adding that it was “no longer possible with today’s complex technology ecosystem and architecture [to] stop all threats from all threat actors”.

He appeared to take aim at the US Government by citing the use of the Stuxnet espionage malware which was credited as the clandestine Olympic Games project of the Pentagon.

Stuxnet and other state-developed malware had pushed the world to a technological “precipice”, he said.

“If we accept this route, then we must stop complaining and accept the consequences of the cyber race to the bottom of the pit and the return of the Wild West," he said.

"Or should we collectively step back from the precipice, as we have done in other forms of warfare, and establish laws, norms, standards and protocols – accepting that trust has to be earned and continually validated and also accepting that a lack of trust exists between some stakeholders when it comes to cyber security.”

Copyright © SC Magazine, Australia