If you can encrypt your data
before it hits a compromised component like a network router or a server, he said, you’re probably okay: Yes, the adversary gets a copy of your 1s and 0s, but they’re scrambled, with no way to decipher them. (Unless you were dumb enough to keep your encryption key in the same place as your data, he noted). But if the bad guys actually get their hardware or software on your
input device – if they can track which keys your fingers hit, or record the audio of your phone call, and see your raw input before it gets encrypted – well, good luck with that.
That’s why cyber hawks say there’s no safe way for the US and its allies to have Huawei products in their networks. Once the enemy is inside the gates, it’s too easy for them to slip from one part of your network to the others, exploiting the very connectivity that makes networks so useful in the first place.
As former NSC staffer
said during Smith and Keiser’s public briefing at the Capitol Visitors’ Center, “in cyber, any one node is all you need[:] If you can get in anywhere you can get in everywhere.” Modern ships survive collisions, when the
Titanic did not, because they’re divided into watertight compartments that can be sealed off completely from one another, Bahar said: We need to start building our networks that way.
As it stands now, however, saying your network is a little bit compromised is a bit like saying someone is a little bit pregnant.
Even the Defense Department, which is forbidden by law from buying Huawei products, is concerned about the larger private-sector networks its data must often traverse.
“You have to ask yourself where are you touching the commercial side … what products like Huawei’s might be in there?” the Pentagon CIO, Dana Deasy, told the Senate Armed Services Committee on
. “We have a very good understanding for CONUS [the Continental United States] what that looks like and what those vulnerabilities are. For OCONUS [Outside Continental US], as you can imagine, it’s a lot more complicated, because those networks sit with providers outside of the US.”
Bahar, the ex-NSC staffer, put it more bluntly: “If you’re talking on somebody else’s lines, assume they’re listening,” he said. “Unless …. you control everything from end to end and you encrypt it with your home-grown encryption, you have that to assume somebody else is going to hear.”
Global Stakes
The stakes here are even larger than the Chinese government’s ability to snoop on other countries’ cellphone and internet traffic through bugged Huawei components. Huawei is the Chinese Communist Party’s
in a campaign to remake global communications by introducing new technologies,
, and capturing a
than mere assembly-line world for Apple. That campaign, in turn, is part of a
to trying to
that Beijing sees as deeply tilted against China – for example, by questioning its claims to Tibet, Taiwan, or the South China Sea. One Hong Kong politician even
the Huawei sanctions to the19th century Opium Wars.
While the Communist Party has leverage over all Chinese companies, which are legally required to cooperate with security services and, often, to have Party members on their boards, its influence is particularly evident with Huawei.
“Huawei founder Ren Zhengfei started his career in the Chinese military, reportedly serving as director of the People’s Liberation Army (PLA) Information Engineering University, which trains PLA technical specialists in cyber attack and defense,”
, a cyber expert at the Center for a New American Security. “Huawei’s former chairwoman, Sun Yafang, once worked for the Ministry of State Security, China’s premier intelligence agency, later leveraging those connections to support the company.”
So what happens to Huawei and other Chinese companies, like ZTE, if the US convinces most major economies not to let them bid to build 5G? “They are likely to continue to survive and grow within China regardless,” said
, also a CNAS senior fellow and author of a
on Chinese AI strategy. “The Chinese telecommunications market is large and growing rapidly. Preventing these companies from growing internationally would not threaten their solvency in the same way that US semiconductor export bans threatened ZTE.”
(The Trump administration lifted a ban on US manufacturers selling ZTE essential components and has
tabled any proposal to enact a similar ban on Huawei, which would be far more damaging than the Executive Order now in the works).
“However, restricting or even just delaying growth has major implications for the stock value of these companies, [which are] based on the assumption of major international growth,” Allen said.
Of course, the goal isn’t to hurt Huawei for the sake of hurting it: It’s to protect Western security and economies. “What does winning look like? Winning is having a Western-valued company that actually makes this stuff,” Keiser said. “Huawei was on a trajectory to put everyone out of business” – which would have left even the US with no alternative for 5G.
“In many ways,” said Bahar, “
is the new gold bullion or the new oil that countries around the world are basically competing for.” Just as the UK and then the US kept the sea lanes open for commerce for over 200 years, he said, we now need to “keep the global sea lanes of data open.”
