For years, Chinese telecommunications giant Huawei has feared that its products have backdoors designed to facilitate Chinese spying operations abroad. In the US, long-running tensions surfaced this May, when the Trump administration banned the use of Huawei equipment in US telecommunications networks.
Now, the future of Huawei’s relationship with the West is in doubt as policymakers attempt to determine whether the company poses a threat to national security interests. Can Huawei products be a threat to your business? It really doesn’t matter. Why here?
But for global business leaders, the answers to Huawei’s questions can’t come soon enough.
While the outlook for Huawei’s network business is uncertain, the company remains the largest telecommunications equipment maker and second largest smartphone maker in the world. For better or worse, any business that operates in the U.S.
operates outside the U.S., it stores or processes some of its data on Huawei products. The company was responsible for approximately one in five smartphone shipments and one in twenty global server shipments in the first quarter of 2019.
Much of Huawei’s conversation has focused on security surrounding the rollout of 5G infrastructure. However, if even a fraction of the company’s products were found to be vulnerable to state hackers, the data security of thousands of businesses around the world would also be in question.
Corporate leaders now have to decide whether Huawei products are a threat to their cyber security. Unfortunately, when it comes to assessing vulnerabilities in the global IT hardware and software supply chain, this is only the tip of the iceberg.
Huawei threat assessment
Huawei’s representatives have consistently denied Chinese state interference, and one could argue that such interference is in the best interests of the Chinese government (especially in the U.S., which is by far China’s largest trading partner). would be against. Any definitive evidence to prove that the Chinese state is taking advantage of consumer electronics to spy on US citizens would be disastrous for the Chinese economy.
Huawei’s relationship with the Chinese security state apparatus.
Again, definitive evidence in cyber espionage is rare, and while it remains elusive in the Huawei case, circumstantial evidence abounds. A report submitted to the Senate Intelligence Committee found that China was involved in more than 90% of all economic espionage cases handled by the Justice Department over the past seven years. Huawei’s report card isn’t much better
It may take years for us to understand the full scope of Huawei’s relationship with the Chinese security state apparatus. For now, these questions miss the larger point. As law professor William Snyder argues in The Verge, the greatest threat to global cyber security is not a single corporate or government entity, but the entire supply chain of IT hardware and software.
supply chain yanking
A January story in The Intercept cites several classified reports that identify supply chain vulnerabilities as “central aspects of a cyber threat”, noting that the intelligence community has no “reliable detection of such operations”. doesn’t have the necessary access or technology.” Last May, Wired published a story on the hacker collective Barium, which has accessed the computers of hundreds of thousands of users by exploiting software distribution channels.
China is far from the only country suspected of supply chain attacks.
Evidence indicates that barium hackers are Chinese-speaking, but China is far from the only country suspected of supply chain attacks.
Many will remember journalist Glenn Greenwald’s 2014 allegations against the NSA, alleging that the US intelligence agency routinely intercepts IT network equipment being exported by US companies, and products with backdoor surveillance equipment. implants. The fundamental separation between state-level interests and a globalized economy means that national intelligence agencies will always be tempted to engage in supply chain intervention.
protect your business
Ultimately, it doesn’t matter whether Huawei products have been tampered with by the Chinese state. As of 2011, China was responsible for manufacturing 90% of all personal computers and 70% of all mobile phones worldwide.
Remove Huawei from the equation, and Chinese intelligence agencies will still have enough targets for supply chain interference. Remove China from the equation, and we will still face supply chain attacks from state-sponsored and black hat hackers.
Supply chain attacks have always been difficult to detect.
Supply chain attacks will always be difficult to trace at the source. Modern IT hardware can consist of millions of micro components; Software often contains billions of lines of code. However, business leaders can still take action to protect their companies.