Can you build a Great Wall round Chinese vendors?
07 February 2019 | Alan Burkitt-Gray
Some people seem to want to isolate the two Chinese vendors from the rest of the network. What are the reasons, asks Alan Burkitt-Gray. And what is the evidence?
If you’re one of those who think it is possible to build a Chinese wall between the parts of the global telecoms systems that use Huawei and ZTE technology and the rest, consider this. Many companies in the industry are gradually adopting the Open Networking Automation Platform (ONAP), an open-source networking project that was formed in February 2017 when two open-source projects merged.
One was an open version of AT&T’s ECOMP and the other was the Open-Orchestrator project, backed by the Linux Foundation – still the home to ONAP – with three lead contributors: China Mobile, Huawei and ZTE.
I repeat: China Mobile, Huawei and ZTE merged their open-source project with AT&T’s, a company banned from using Huawei or ZTE hardware and software in its home market. Complicated, isn’t it?
To be fair, if you’re reading this you’re almost certainly in the telecoms industry and so you understand how integrated everything is. You’re more likely to believe a wall is the answer if you’re a politician.
But its not just in open-source telecoms that Huawei and ZTE have a pivotal position. The two companies are leading the global programme to create the next generation of mobile, 5G.
And consider this: research by Berlin-based intellectual property company IPlytics shows that the top 10 owners of critical 5G patents have 6,632 patents between them. Huawei, ZTE and the China Academy of Telecommunications Technology have 2,081 patents – 31% of the total. IPlytics also analyses what companies are contributing. Huawei comes out on top, and it has a higher attendance at 5G meetings than anyone.
If you cut Huawei and ZTE out of 5G, the industry would lose access to much of its intellectual property. That’s the quandary that the international telecoms industry finds itself in, just as it commits to billions of dollars of investment in 5G, a technology that is widely held to be about to transform the business, bringing huge new markets.
The Cell in Banbury
This is all happening just as Huawei in particular is fending off accusations that its networks have security vulnerabilities. These accusations have been around for a long time, which is why five years ago it set up the Huawei Cyber Security Evaluation Centre (HCSEC) in the UK. Nicknamed the Cell, it is overseen by the UK’s own spooks but is funded entirely by Huawei. It shares an industrial estate in Banbury with giant sheds occupied by a tool hire company, a catering supplier and a dozen others. There’s a McDonald’s on the corner.
In mid-2018 the HCSEC reported a problem: something that it judged may pose threats to telecoms networks in the UK. No backdoors, but “shortcomings in Huawei’s engineering processes ... have exposed new risks” that provide “long-term challenges”.
I’ve talked to people who know. What seems to be the problem is that engineers tweak software too often. It’s a challenge that’s appeared in other areas of telecoms – hardware takes months to change; software can take hours. Those trying to ensure security are unsettled by this, as each change needs more checks. Huawei said in December that it will spend $2 billion or more improving its software engineering.
As well as the Cell in the UK, there are other units in other countries. Canada has a facility run jointly by Bell, Rogers and Telus. In Germany, Huawei has a lab in Bonn – close to Deutsche Telekom’s HQ – so that customers can test hardware and software, including source code. In Australia, Telstra has its own security team that tears apart any equipment and software that’s being considered for its network to hunt for vulnerabilities. Talk to the CTOs of telcos, however, and most do not express concern.
In November Huawei held a mobile broadband exhibition and conference in London, where BT’s EE mobile unit was showing off 5G services powered by Huawei. The event was also attended by Telefónica UK, CK Hutchison’s Three UK and Vodafone UK. Visitors included Bell Canada: an executive lauded Huawei’s ability to supply base stations that brought mobile broadband to the Arctic.
CTOs keeping heads down
I contacted a dozen CTOs of major companies across the industry. Most – even those who only recently told me how delighted they were with Huawei – just kept their heads down. One phoned me on my private number. “I don’t want to email – I think they read my emails.” The telco’s management, that is, not anyone more sinister. This person was speaking without the sanction of their company. “All vendors’ software has holes, but no one is testing the others,” meaning non-Huawei software. “At least in UK it’s done by an independent agency,” said this person, meaning the Cell.
“Yes, the Chinese government backs Huawei – but other governments back their companies,” said this CTO, who lamented the disappearance of many Western telecoms suppliers from the market – Lucent, Nortel, Siemens, Alcatel, Marconi and others. “Then people wonder why we have to go to Shenzhen,” the home city of both Huawei and ZTE.
Telstra is also a fan of both Huawei and ZTE. Australia’s government has accepted US demands that it ban Chinese network equipment – that means Telstra, Optus, Vodafone Hutchison and TPG. Telstra was the first Western operator to use Chinese mobile equipment in a big way, when it went to ZTE for Hong Kong’s CSL, before it sold it to PCCW’s HKT. So impressed was Telstra that it built an experience centre in Hong Kong, so that potential clients of ZTE could see networks in action after visiting Shenzhen. I visited it myself back in 2004.
“We had 200 telcos from around the world come to visit,” a Telstra executive told me. The same executive added that they would really like to use ZTE equipment for Telstra’s 5G network in Australia. But the Australian government said “No”. The executive said: “We will use Ericsson instead, but it’s too f***ing expensive.”
Some years ago AT&T acquired a pair of Mexican mobile operators, at least one of which was a Huawei customer. It then upgraded the network to 4G and at Mobile World Congress in 2016 I spoke to Ralph de la Vega, then the AT&T Mexico VP. He confirmed to me this was the first time it had Huawei equipment in any of its network. Huawei was a supplier to Mexico before AT&T’s entrance, but it was clear there had been a substantial re-equipment programme over the previous year.
“It should be seamless,” de la Vega told me in 2016. “You should be able to take a car from Canada to Mexico and you shouldn’t drop a call.” I asked him how the Huawei kit was performing in Mexico. “So far, excellent. Huawei is a good supplier.”
Last year was challenging for both Shenzhen companies, not over security but over Iran. ZTE admitted to using illegal means to export US hardware and software to Iran. That shows, by the way, how important and powerful IP law is. If you can’t include chip and software technology from the US, you’re stuck – and ZTE nearly closed down before it agreed to pay a $1.4 billion fine and accept a US lawyer as overseer.
The year ended with the arrest in Canada of Meng Wanzhou, Huawei’s CFO – again over US allegations concerning Iran, which she denies. Security concerns have not featured. The US followed in late January with charges personally against Meng and against the company alleging bank fraud in connection with illegal sales to Iran through a front company, Skycom.
Lying to banks, says the US
Matthew Whitaker, acting US attorney-general, explained: “When a bank’s customers lie to it about their sanctions-related business, that exposes the bank to the risk of violating the law, especially when they continue to provide those bad actors access to our US financial system. Our sanctions on Iran are the law of the land in this country – and we’re going to enforce the law, with both civil and criminal penalties.”
Is there a security risk in Huawei and ZTE systems? In December 2018 the Germany government IT security agency, Bundesamts für Sicherheit in der Informationstechnik (BSI), said there was no evidence. It said there are “currently no reliable findings”. BSI president Arne Schönbohm said: “For such serious decisions as a ban you need evidence.”
I talked to Bengt Nordström, CEO of the Northstream analysis company. He said: “I don’t know how real these security concerns are. My concern with the situation is that we’re all losers – the outlook is negative for the whole telecoms sector.”
He compared the situation with the financial crisis that started when Lehman Brothers collapsed in 2008. “We realised how interlocked the banking sector is. If a major player falls it has implications across the whole value chain.”
Competition is “the reason we walk around with a supercomputer in our hands costing €500 – because we’ve had super-intense competition between all players”, said Nordström. “The only reason Huawei and Ericsson and Nokia are spending so much on R&D is because of access to global markets.”
He warned: “If operators can buy from only Nokia and Ericsson they will put up their prices. If network equipment costs more you buy less.”