Frank Cilluffo is codirector of the Cyber Center for National & Economic Security at George Washington University.
The investigation by the House Intelligence Committee into whether Chinese firms should be blocked from the U.S. telecommunications market was appropriate because they had an obligation to shed light on a growing and significant set of national security issues facing our country today and into the future.
China is an important and sophisticated actor in a number of domains, including cyberspace. A recent report of the U.S. National Counterintelligence Executive proclaimed that "Chinese actors are the world's most active and persistent perpetrators of economic espionage." And according to Keith Alexander, director of the National Security Agency, the theft of intellectual property through cyberespionage and cybercrime constitutes the greatest "transfer of wealth in history." Consider what's at stake: jobs, economic competitiveness, and national security. This is the wider context in which the case of Chinese tech companies Huawei and ZTE should be evaluated.
The U.S. telecommunications sector is a critical infrastructure upon which modern societies are completely dependent. The potential exists to insert malicious code into hardware, firmware, and software to undermine the integrity and reliability of our telecom networks and systems—"back doors" to facilitate espionage or attack (i.e., shut down or degrade critical systems) and exploitation (i.e., theft or disruption).
Huawei is the world's second largest router company and supplier of telecom gear. The company ascended incredibly fast, and in one of the seven sectors defined as "strategic" by the Chinese government. Suspicions of dumping and receiving state subsidies to underprice and undercut rivals exist. But even more significant than suspect business practices are the potential national security implications of Huawei's rise.
With a rapidly expanding global market share and desire to grow their presence in the U.S. market, the key question is whether Huawei and ZTE are vehicles for Chinese espionage. Both companies failed to answer crucial questions regarding their independence and the House report concluded they "cannot be trusted to be free of foreign state influence."
Canada and Australia recently excluded Huawei from competing on major government communications contracts due to cybersecurity concerns. And despite the United Kingdom's unique relationship with Huawei through the Cyber Security Evaluation Centre—a partnership often touted by Huawei executives—recently retired U.K. Major Gen. Jonathan Shaw, who was responsible for cybersecurity at the Ministry of Defence, called the British approach shortsighted: "The economy is in such a mess that the government feels that it has to compromise on security in favour of continued economic freedom …There is the very real fear that the extent of Huawei's current telecoms penetration could mean that in the long term we shall have lost so much intellectual property by the time we put our house in order that there will be no economy left to recover."
To compete in the United States, these companies must be more transparent and adhere to U.S. intellectual property laws. Though Huawei and ZTE are an obvious place to start, the case also raises broader questions and red flags about supply chain security and security risks related to providers of technologies to our critical infrastructures. Now is the time to begin baking security requirements into the design of our systems and networks, such as in the energy sector.
If Huawei and ZTE can meet U.S. transparency standards, more power to them. Game on.