14 Jun 2018
The technical reasons why Huawei is too great a 5G risk
By Tom Uren
The Chinese government has conducted aggressive and wide-ranging cyber-espionage operations for decades and their intelligence laws oblige companies to assist these efforts.
Placing Chinese telecommunications company Huawei at the centre of Australia's 5G network is just too risky.
The 5G network and the NBN will together form the spinal cord of the Australian economy – high-speed low-latency networks that will enable our information and digital economy to grow. As the Australian economy increasingly relies on high-speed internet connectivity to function, these networks will become increasingly important. That means we need to have the highest levels of trust in the reliability and security of these networks.
One of the defining features of the internet and modern telecommunications systems is that they are highly complex and were not necessarily built with security in mind. This combination of complexity and lack of security means that there is a never-ending cascade of security vulnerabilities being discovered – the US National Vulnerability Database lists over 1100 for June so far – and it is impossible to be 100 per cent confident that any product is secure.
When building critical telecommunications infrastructure in this environment, security and reliability must be top of mind. Although no company makes perfectly secure products – Western telecommunications manufacturers have had their share of security vulnerabilities – Huawei presents unique additional risk beyond the "normal" risk of buying complex equipment.
China has demonstrated a long-standing intent to conduct cyber-espionage.
China is thought to be behind data breaches in United States, United Kingdom and Australian government departments, including into the Bureau of Meteorology, CSIRO, and the Australian Parliament email system. But beyond what we'd call "legitimate" government espionage targets, China has engaged in the cyber-enabled theft of intellectual property, trade secrets, and commercial-in-confidence material from Western companies such as BHP, Rio Tinto, Fortescue Metals, Yahoo, Google and many more.
The US Trade Representative's Section 301 report from March this year details the very close cooperation between the Third Department of China's People's Liberation Army (3PLA is a military hacking unit, also known as Unit 61398) and Chinese enterprises. The 3PLA was not only stealing commercial information on behalf of Chinese companies, it was also building secret databases to hold their corporate intelligence.
Coupled with the intent to conduct cyber-espionage, China's intelligence law provides the capability to compel Huawei to assist with the state's efforts. Article 7 of China's Intelligence Law obliges organisations and citizens to support, assist and cooperate with intelligence work.
It is not hard to see how this law could be used to Australia's detriment. The equipment that will comprise the 5G network is not just a passive piece of infrastructure. It has total visibility and control of all the connections within the network – it sees who calls who, when, from where, and controls what route data is sent down. There are a multitude of ways this equipment could be subverted.
At one extreme, Huawei could be asked to incorporate "backdoors" into their equipment that would allow Chinese government access for either espionage or sabotage. Phone calls or messages could be intercepted and passed on in a way that blends in with normal network traffic to be difficult to detect. A mechanism to sabotage a network might not be found until it was triggered, by which time it would be too late of course.
Vulnerabilities may already exist.
This may not be the most likely possibility – it seems too overt – but given the close collaboration between 3PLA and other Chinese companies it is certainly a possibility.
A more moderate approach might simply be for Chinese intelligence to ask Huawei to provide engineering assistance and training to examine their software and hardware. It is very likely that vulnerabilities already exist in Huawei's kit without being deliberately placed there – such weaknesses are present in all sorts of other hardware and software – and this inside information could allow Chinese intelligence to develop the capability to subvert Huawei's equipment.
This has the great advantage that it provides Huawei with plausible deniability and they could truthfully say: "We don't write deliberate backdoors."
Huawei also uses deployed engineers to install and configure their equipment when building and installing a network. So at the "mild" end of the spectrum, even if corporate Huawei isn't compelled to assist, there are still many opportunities for Chinese intelligence agencies to ask or compel their citizens to assist in undermining our 5G network's security. This might include, for example, access codes or perhaps network configuration information, both of which could enable espionage or sabotage at a later time.
China has a proven and demonstrated intent, and their laws provide them with the capability to compel Huawei. This credible threat cannot be placed within the centre of our critical 5G network.