Exploding the myth of Huawei’s 5G security risk

0
22

Huawei has passed all international 5G standard and security evaluations, giving the lie to America‘s bogus backdoor claims

by Michael MacDonald –Asia Times

Huawei is in the crosshairs of US President Donald Trump’s tech war. Image: Facebook

BANGKOK – Once known for shoddy manufacturing of low-cost goods for American markets, China has grown against the odds into a true innovation powerhouse. Now, as the American economy descends into a downward spiral, the China-led digital economy is under unprecedented siege.

Leading Chinese technology vendors now face a US campaign to block their wares wherever and whenever they are deemed as too competitive. The precipice of this political attack is 5G, based on a disproven narrative that Chinese technology poses security threats.

Chinese 5G vendors including Huawei have openly submitted their products and codes for independent review over and over again, only to have unintentional coding problems labeled by American officials and echoed by media as intentional “backdoors” designed to subvert Western security.

The reality, however, could not be further from the truth. In May 2020, Huawei was awarded the world’s first Common Criteria (CC) Evaluation Assurance Level (EAL) 4+ certificate for 5G products.

The certificate indicates that the security of Huawei 5G base station products reaches the world-leading level and can provide trusted security assurance for 5G wireless access. The Common Criteria, in effect since 1999, is an internationally recognized security certification evaluation.

The criteria originated from and unified three top standards, namely Europe’s ITSEC, Canada’s CTCPEC and America’s TCSEC, and was developed by the governments of Canada, France, Germany, Netherlands, UK and US – Western nations the US is now pressing to ban Huawei from their 5G rollouts for alleged security reasons.

There are seven EAL certification levels, with EAL 4+ being the highest for the telecom industry. It requires that the source code be tested and certified by independent analysts.

In July 2020, Huawei was also the first to pass the 5G cybersecurity test by China’s IMT-2020 (5G) Promotion Group. These test specifications are based on the 3GPP for 5G security assurance.

3GPP is an umbrella term for a number of global standards organizations with its headquarters at the European Telecommunications Standards Institute in France.

Huawei was the first in China to complete a recent 5G equipment security test with a 100% pass rate. This test is based on the IMT-2020 (5G) Promotion Group’s 5G security standard, which is based on the 3GPP 5G safety and security international standard (SCAS).

Most recently, in August 2020, Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG, UDM, UNC, UPCF) and LTE eNodeB passed the GSMA’s Network Equipment Security Assurance Scheme (NESAS). GSMA represents the interests of some 750 mobile operators worldwide.

NESAS is a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, together with major global operators, vendors, industry partners and regulators. It provides an industry-wide security assurance framework to facilitate improvements in security levels across the mobile industry.

It is a voluntary scheme through which network equipment vendors subject their product development and lifecycle processes to a comprehensive and independent security audit against the currently active NESAS release and its security requirements.

GSMA NESAS, which is widely accepted across the industry, ensures that the relevant equipment meets the scheme’s 5G network security and reliability requirements.

In the last three decades, Huawei has provided more manpower and resources to such international bodies than any other company and is the top contributor of 5G security proposals that have been accepted and adopted by the industry.

In March 2019, Huawei opened the Brussels Huawei Cyber Security Transparency Centre specifically to communicate with key stakeholders on cybersecurity practices, explore and promote the development of security standards and collaborate with industry organizations (GSMA, C4C WEF), standard organizations (3GPP, IETF, ITU-T) and EU cybersecurity verification organizations (ENISA, BEREC).

Currently, Huawei products and solutions have obtained more than 270 security certificates, including CC, FIPS, and CSA. Countering US efforts to further block Chinese technology from other like-minded countries’ networks, China has even launched its own initiative to set global standards on data security.

With the intention, according to Chinese Foreign Minister Wang Yi, to “develop a set of international rules on data security that reflect the will and respect the interests of all countries”, China is tackling head-on America’s bogus narrative that Chinese technology presents security risks.

That is fortified by the fact that numerous technical organizations have concluded that there are no intentional measures or “backdoors” in these products to subvert the technology or open the way for surveillance or remote-controlled shutdowns.

In the past, Chinese vendors have eagerly submitted their equipment to these testing organizations to validate that they meet international security requirements as collaboratively established by leading groups.

Still, the American political machine continues to steamroll ahead and force allied nations into a polarized “with us or against us” choice between China and the world.

To be sure, security in 5G is paramount as the latest generation in mobile networking will play an ever-increasing role in the digital economy and power critical vertical industries including finance, manufacturing, healthcare, logistics and others.

5G will extend on the mobile economy of previous generations and add the scale, bandwidth and low latency required for more demanding enterprise applications.

5G at its core leverages cloud-native technologies with a microservices-based architecture. This will introduce new security concerns that simply didn’t exist with 4G. But this model brings with it unprecedented scalability, reliability and integration into a whole new world of digital applications.

Having recently passed the first phase of the GSMA/3GPP security accreditation, leading Chinese 5G providers are already ahead of the pack, even in the face of an American campaign to limit China’s global telecoms influence.

The Chinese government’s formation of another security standard highlights its commitment to delivering products and solutions that are trustworthy and reliable; Huawei and ZTE have already proven their capabilities to drive innovation.

Combined with Europe’s security standards, China’s efforts illustrate a greater concern that while security is paramount, we’re living in a state of fear over the nascent digital economy and letting that paralyze us from enjoying the benefits of ubiquitous high-speed communications that will enable billions to have access to information in real-time.

While the rest of the world pushes ahead with mantras of “connecting the unconnected”, and bringing “digital to every person, home and organization for a fully connected, intelligent world”, America is attempting to thwart those aspirations and the technology-driven march of progress.

The US has let its technology leadership slip on the assumption that the rest of the world couldn’t possibly take up the torch and bypass its slowfooted companies and engineers.

But the torch has irrefutably been passed from the US to China and it’s high time that America stops trying to snuff out the ignition of an emerging 5G digital economy and all it means for the betterment of humankind.

Michael MacDonald is Chief Digital Officer at Huawei Asia Pacific

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here