Huawei: A Formidable Threat to US Telecom Infrastructure

Huawei: A Formidable Threat to US Telecom Infrastructure
Company logo at the office of Huawei in Beijing in a file photo. (Reuters/ Thomas Peter/File Photo)
James Gorrie

The arrest of Huawei CFO Meng Wanzhou in Vancouver last December for allegedly violating U.S. sanctions against Iran confirmed what experts in the telecom industry, some members of Congress, and the U.S. defense establishment have long suspected: Huawei and its subsidiaries represent a tangible threat to the United States.

The Chinese tech giant also has been accused of intellectual property theft involving phone testing robot technology owned by T-Mobile. And in January of this year, a Huawei employee was arrested in Poland on espionage charges. Other accusations also attach to the second biggest smartphone manufacturer in the world.

But these incidents—though serious—haven’t disrupted Huawei’s business relationships with Europe and Asia. Today, Huawei operates in more than 170 countries, supporting more than 500 telecom providers. What’s more, Huawei technology and infrastructure will play a key role in deploying the next generation of mobile communications, the 5G network, for much of the world. But the Huawei story is much more complex than sanctions violations and spying employees.

Huawei’s Biggest Espionage Coup?

Yet even as U.S. President Donald Trump attempts to limit Huawei’s expansion into the global 5G market, some experts fear that it may already be too late. Defense and telecom authorities assert that Huawei may have already accomplished its biggest espionage coup of eavesdropping on America’s Strategic Nuclear forces and other major defense installations located in the Western states.

According to telecom expert Gary Frost, in the early 2000s, smaller, rural customers in states such as Nebraska, Wyoming, Montana, South Dakota, and Colorado were overlooked by equipment giant Cisco and others. These underserved states created an opportunity for a low cost, good quality infrastructure provider to step in. Huawei was happy for the opportunity to install its own cheaper versions of Cisco-type equipment—routers, switches, and other telephone and internet infrastructure—and gain customers in these rural communities.

Today, not all of the states in question are entirely dependent on Huawei, but up to 25 percent of rural wireless carriers use the company’s equipment, with Montana highly dependent upon it and Wyoming almost not at all. But Frost points out that although there’s no Huawei fiber to his knowledge, Huawei equipment sits adjacent to fiber carrying nuclear and highly sensitive defense data to launch command sites and defense facilities located throughout the states mentioned.

Have there been compromises? It’s unknown for sure, and it’s not clear there has been any investigation.

CALEA Makes Spying Easier for Everyone

A key enabling factor in creating these vulnerabilities was the establishment of the Communications Assistance for Law Enforcement Act (CALEA), which was passed in 1994 and became effective on January 1, 1995. CALEA mandated that for national security reasons, both telecom companies and manufacturers of telecom equipment must add built-in access for lawful surveillance to eavesdrop on suspicious communications. This can be done remotely.
When CALEA was established, it was likely assumed that all relevant infrastructure and access points to be used by CALEA were specific and identified. If that was true, it wasn’t for very long. Quick expansion of both CALEA and infrastructure demands meant that packaging of switches became hybrids of various technologies—creating multiple vulnerabilities. Today, all telecom manufacturers have remote access monitoring and update capabilities. These also have been targeted by Huawei since they are embedded into the telecommunications architecture.

China’s Involvement

Some of those vulnerabilities were exploited and the evidence points to China as the culprit. It’s a bit technically complex to explain in detail here, but essentially, when access points are used to steal data, that data is sent to a determined destination for it to be received and analyzed. In other words, a hacking or eavesdropping event on switches and other infrastructure leaves a trail and reveals where data was sent.

In the hacks that Frost references, both the data flows hitting interfaces to CALEA equipment and the IP addresses where the data went, were Chinese. They were so-called “brute force” attacks, which, in layman terms, means overwhelming the security of a program or piece of equipment with multiple interactions or instructions all at once or over a period of time. It’s not a particularly clever technique, but the attacks worked.

Thus, Huawei leveraged the opportunity to bring rural America into the digital age and Rural Telephone Associations and Rural Wireless Associations (RTAs and RWAs) in those sparsely populated states were more than grateful. Over the years, Huawei has become embedded in the telephone and wireless associations. Huawei officials have sat on RTA boards for years and have helped steer additional infrastructure build-outs as needed. But in the process, Huawei—and, according to Frost and other experts, the Chinese regime—have been eavesdropping via built-in access points in America’s telephone and internet infrastructure in rural areas.

To be clear, it’s not likely that there is Huawei fiber in sensitive installations. So-called “last mile” communication lines serving those areas are protected by “armored fiber pairs.” This hardened equipment is then installed by vetted telecom contractors. But at some point, some distance away, those installations are connected to vulnerable equipment manufactured and installed by Huawei. And it’s not simply listening in on conversations. As Frost explains it, Huawei may potentially be able to even remotely change or block data and communication transmissions to strategic U.S. sites.

How could such oversights occur time after time over the years?

A Series of Errors

For one, not all relevant federal agencies were looking for espionage vulnerabilities. The main interest of the U.S. Department of Commerce and the Federal Communications Commission was to certify that new equipment will not harm the existing system and would perform as advertised. And the main interests of rural telecoms, at least at first, was to enter the digital age with the low cost, high functionality of Huawei’s equipment. Preventing spying wasn’t a major concern at the time.

But the way in which cable and fiber pairs are laid out opens up the possibility for access that shouldn’t be allowed. There may be several fiber pairs existing side-by-side within the same cable, with the defense pairs adjacent to Huawei equipment—where its technicians could potentially “tap” into the defense infrastructure. This could mean that Huawei and the Chinese regime have been able to hack and track data transmissions of America’s most sensitive installations for decades. That’s why it would appear to be no coincidence that Huawei focused its first efforts in the state of Nebraska. Nebraska is where the Offutt Air Force Base is situated, and, more to the point, where the U.S. Strategic Air Command headquarters is located.

Huawei’s strategy to gain access to the crown jewels of U.S. defense installations was as simple as it is brilliant. By offering great equipment at low cost to underserved regions in America in a technologically vulnerable environment, it was able to embed mission-critical equipment in rural telecom infrastructures. That positioned it to exploit the vulnerabilities that surround America’s most strategic defense operations.

Overcoming Lax Attitudes Is a Challenge

This apparent sloppiness of U.S. defense officials regarding our strategic communication infrastructure is more than troubling. As of yet, there’s no serious evidence that the Huawei vulnerability is being reviewed at the granular level necessary by the Department of Defense. They seem to be much more focused on the potential threats of the as-of-yet non-existent 5G network deployment instead of dealing with the current threats.

As for mitigating responses on the part of relevant authorities, some believe the Trump administration’s animus to Huawei could result in rural markets losing their Huawei equipment. But that has yet to occur. In the meantime, the reason among officials for such laxity is not clear, although Frost regards it as a holdover attitude from the Obama administration since a considerable portion of the civil defense and administrative positions remain occupied by Obama appointees. Frost also notes that defense officials in the current administration are aware of this resistance, which is something that Trump is faced with in various departments.

Almost all of this is public knowledge and no one questions the motives of the rural telecoms. They needed telephone and internet coverage and Huawei supplied it to them. The risk is with the equipment itself, and can’t be overstated. It can potentially intercept data sent to and from nuclear launch sites. And yet, the federal government has not removed the threat.

Why not?

It should be removed and replaced immediately.

Unfortunately, the belief among the neoconservatives and globalists was that modernizing China would lead to more openness and greater access to the country’s massive markets. Perhaps it still is. This is the reason why China was quickly given access to the U.S. market. But the very real threat from Huawei, as well the current trade climate between China and the United States, both prove the folly of that policy.

James Gorrie is a writer based in Texas. He is the author of “The China Crisis.” 
James R. Gorrie is the author of “The China Crisis” (Wiley, 2013) and writes on his blog, He is based in Southern California.
Related Topics