The Huawei bogey

Spread the love

The Huawei bogey

India needs to prove company aids Chinese government, or risk playing into US hands.

Source: https://indianexpress.com/article/opinion/columns/huawei-ban-india-united-states-china-5755232/

Why in news?

  • The Trump administration has not only passed orders restricting the US government and its departments from procuring networking equipment from Chinese companies, but is exerting considerable pressure on other countries to follow suit.
  • These events have also sparked a larger debate about the security of India’s communications infrastructure, an industry powered by foreign imports.

Background

  • The fear that Huawei and ZTE will aid Chinese espionage and surveillance operations has become common even though there has been no compelling evidence to suggest that Huawei’s equipment is substantively different from its competitors.
  • Suspicions about Huawei: These arise from the fact that it was founded by an engineer who has earlier worked in PLA and is also a member of the Communist Party of China.
    • Journalist Richard McGregor, the author of The Party: The Secret World of China’s Communist Rulers, had claimed that Huawei has received state support at crucial points in its development.
    • The concerns are over a perceived security risk posed by Huawei to countries it is operating in.
    • For example, as per a report in Bloomberg quoting security briefing documents from 2009 and 2011 of Vodafone, which was using Huawei equipment, Vodafone had identified hidden backdoors in the software that could have given Huawei unauthorised access to the carrier’s fixed-line network in Italy.
    • According to the report, Vodafone had asked Huawei to remove backdoors in home routers in 2011 and received assurances that the issues were fixed, but further testing revealed that the security vulnerabilities remained.
  • India: Commentators have not shied away from suggesting that India ban the import of network equipment.
    • A point was made by retired GOC-in-C Indian Army Northern Command D S Hooda in his piece, ‘At digital war’.
      • He pointed out threats that arise from using untrusted software and hardware all over the stack: From Chinese networking middleboxes to American operating systems and media platforms.
      • As a method to establish trust in ICT infrastructure, Hooda recommends indigenising Indian cyber space.
    • In India, though, we seem oblivious to the vulnerabilities that exist in our critical networks due to foreign hardware and software.
      • Over 60% of software and hardware being used by BSNL is sourced from either Huawei or ZTE. This is despite Huawei being probed for hacking a BSNL network in 2014.
      • In September 2017, BSNL signed a memorandum of understanding with ZTE for research and commercialisation of future 5G technology.
      • Even Australia, with a billion lesser population than India, has banned Huawei from supplying equipment for 5G mobile network, citing national security risks.

Indigenising Indian cyber space: Challenges

  • Expensive, elaborate process: The path towards indigenised manufacturing of networking equipment is an expensive, elaborate process.
    • Restricting certain foreign companies from operating in the country without evidence would be a knee-jerk reaction solely based on cues from US policy, and would undermine India’s strategic autonomy.
  • Information asymmetry: At the heart of threats from untrusted software or hardware, lies an information asymmetry between the buyer and seller.
    • It is not always possible to audit the functioning of every product that you purchase.
    • Open technical standards, developed by various standards development organisations (SDOs), govern the behaviour of networking software, and remove this information asymmetry: They allow buyers to glean or implicitly trust operational and security aspects of the equipment.
  • Government and industry dominance at the 3GPP: Government and industry dominance at the 3GPP has ensured that telecom technologies include security vulnerabilities that are euphemistically termed as “lawful interception”.
    • It is clear that various governments including India have repeatedly failed to advance privacy and security in the 5G standards, which are developed at the 3rd Generation Partnership Project (3GPP) — the organisation developing standards for telephony.
    • From an architectural perspective, 5G does not contain any significant vulnerabilities that were absent in older telecom standards.
    • Unfortunately, these vulnerabilities are indifferent to those who exploit them: A security exception for law enforcement is tantamount to a security vulnerability for malicious actors.
    • As the report from UK’s Huawei Cyber Security Evaluation Centre Oversight Board confirmed, there is perhaps no technical way to mitigate the security risks that 5G poses now.
    • But there is still no evidence to suggest that Huawei is operating differently from say Ericsson or Nokia.

Way forward

  • India needs to establish that Huawei is aiding the Chinese government through their products (5G or otherwise) before reacting. That Chinese companies are rarely insulated from Beijing’s influence is indisputable.
    • However, the legal requirements placed on Chinese companies by Beijing are equivalent to de facto practices of countries like the US, which has a history of intercepting equipment from American companies to introduce vulnerabilities, or directly compelling them to aid intelligence operations.
    • Such influence should be fought back by pushing for international norms that prevent states from acquiring data from companies en masse, and domestic data protection legislation.
  • In the long term, the Indian government and its defence wings would benefit from understanding the argument Lawrence Lessig has made since the 1990s: Decisions of technical architecture have far-reaching regulatory effects.
  • A long-term strategy that focuses on advancing security at technical SDOs will prove more effective in ensuring the security of India’s critical infrastructure than the economically expensive push for indigenisation.

33total visits,1visits today

About the author

roottn

Add Comment

Click here to post a comment