Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime
Lawmakers Share Huawei Concerns with US State Department
GOP Senator, Congressman Send Letter to Secretary of State on Huawei Cloud ServicesRepublican lawmakers have expressed additional concerns around Chinese telecommunications giant Huawei to the nation's top diplomat. In a letter to Secretary of State Antony Blinken, Sen. Tom Cotton, R-Ark., and Rep. Mike Gallagher, R-Wis., outline the global proliferation of Huawei's cloud services and request answers on the Biden administration's handling of the company, long believed to be tied to the Chinese Communist Party, or CCP, and previously sanctioned by U.S. agencies.
See Also: Seven Experts on Protecting OT Environments Against Targeted Cyber Attacks
In their letter to Blinken dated Sept. 22, Cotton and Gallagher, who is a member of the Cyberspace Solarium Commission, say Huawei's cloud services run in more than 40 countries, providing potential system access to the CCP. This includes projects in countries "of immense geopolitical importance" to the U.S., such as Egypt, Indonesia, Malaysia, Mexico, Saudi Arabia, Turkey and the United Arab Emirates, they say.
The GOP lawmakers echo ongoing security and privacy concerns related to the telecom giant and cite a nearly 170% revenue increase for Huawei's cloud offerings in 2020. This "undermines U.S. efforts to curtail [its] power, influence and financial strength," they add.
The lawmakers ask Blinken to outline the department's related actions/plans, including efforts to prevent other governments from adopting Huawei technologies, and similarly, whether alternatives can be presented in those cases.
Both the U.S. Department of State and Huawei could not immediately be reached for comment Thursday. Huawei has previously denied allegations that it poses a national security threat.
Assisting China's MSS?
"The international threat to data and integrity posed by Huawei extends far beyond 5G," Cotton and Gallagher say in the letter this week. They cite an alleged incident of China reportedly spying on the African Union headquarters through Huawei-made cameras it installed in 2012 - alongside the AU's information and computer systems. The lawmakers claim China installed backdoors in the systems and reportedly obtained sensitive information. Huawei has denied the allegations.
"If allowed to proliferate, Huawei's cloud services could give the Chinese Communist Party similar access to additional governments, companies, and other important institutions," the GOP lawmakers write.
Rosa Smothers, a former technical intelligence officer and cyber threat analyst for the Central Intelligence Agency, tells Information Security Media Group that China's National Intelligence Law, enacted in 2017, created legal responsibilities for Chinese companies to provide "access, cooperation or support for Beijing's intelligence collection needs."
Noting that, Smothers, the senior vice president of operations at the security firm KnowBe4, says, "Huawei and other Chinese companies that can serve as a force multiplier for the Ministry of State Security will do so."
E-Government Services
Cotton and Gallagher contend that Huawei Cloud's e-Government services, which streamline digitization, tax services, national ID systems and elections, may expose its clients to "the prying eyes of the CCP."
They add, "When Huawei's client is a country, its entire population and political structure sits in the crosshairs."
The threat, they add, could lead to CCP access to the personal data of visiting U.S. citizens, service members, businesspersons and diplomats.
"Our FCC designated Huawei as a national security threat last year, and I expect the [current] administration will maintain that stance," KnowBe4's Smothers says. "But anything we can do to dissuade other countries from leveraging Huawei's cloud products is better not just for our national security but the security of the 40 countries where these cloud services are currently in use."
'Clean Network' Program
Cotton and Gallagher also address the "Clean Network" program launched by former Secretary of State Mike Pompeo and former Undersecretary of State Keith Krach, which they say helps address "the long-term threat [that] malign authoritarian actors pose to data privacy, security and democratic values." They press Blinken on whether the program will proceed during the Biden administration.
The alliance of democracies yielded digital trust and democratic values commitments from more than 60 countries and 200 telecom companies, among others, after its launch in 2020. At the time, it was a departure from then-President Donald Trump's "America First" economic strategy.
"We must combat Huawei as a whole and target each of the company's commercial units, including their 5G, cloud services, mobile-phone, and underwater cable businesses," the letter's authors maintain.
Sanctions
In the National Defense Authorization Act for 2019, the U.S. banned federal use of equipment from Huawei and fellow Chinese telecom company ZTE. In May 2019, the Department of Commerce added Huawei to its Entity List for its dealings with the Iranian government, restricting U.S. companies from doing business with the multinational giant without a special license.
Additionally, in 2020, the U.S. extended its ban to include semiconductors. And in June of that year, the Federal Communications Commission officially classified Huawei as a national security threat and later prohibited approvals of Huawei equipment in U.S. telecom networks.
In July, the FCC finalized a $1.9 billion plan that will assist smaller, rural telecom carriers in paying to rip and replace Huawei and ZTE technologies from their networks.
Also in July, Sens. Mark Warner, D-Va., and Cotton, looked to place additional restrictions on the use of telecom equipment from Huawei and ZTE by introducing a still-pending bill that prohibits the use of funds from the $1.9 trillion American Rescue Plan stimulus package to buy such equipment (see: Senate Bill Proposes Further Restrictions on Huawei, ZTE).