The sigh of relief from those who hold an interest in Australia’s security was almost audible as news hit the press this morning that Huawei and ZTE would be blocked from rolling out the national 5G network [1].

Both entities have been in the media extensively over reported links back to, and control exercised by, the Chinese Government (despite the protestations of both). In the United States for example, Huawei responded to the Federal Communications Commission’s (FCC) notice of proposed rulemaking (NPRM), by taking the line that the US would pay more for its infrastructure under other providers, as if there’s a price limit on assuring a country’s security and sovereignty.

According to the article, “The FCC had used the NPRM to suggest that it ensure Universal Service Fund (USF) funding not be spent on “equipment or services from suppliers that pose a national security threat to the integrity of communications networks or the communications supply chain”, with the FCC including direct references to Huawei and fellow Chinese company ZTE.”

That the Chinese would even be positioned to be bidding on main-line communications networks and systems anywhere outside of their own territories should be a concern to the populations who are placed at risk, based on significant reporting on the matter.

The weight of evidence uncovered by companies like US-based cyber consultancy Mandiant, paints a rather grim picture of the Chinese threat; highlights of a report released by The Mandiant Intelligence Centre in 2013 [2] found:

• Evidence linking Advanced Persistent Threat (APT) 1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
• A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
• APT1’s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
• The timeline and details of over 40 APT1 malware families.
• The timeline and details of APT1’s extensive attack infrastructure.

There has been a steady stream of supporting evidence in the period since 2013. The UK Government only recently highlighted the fact that there were a range of shortcomings in Huawei’s engineering process, which it said “…have exposed new risks in UK telecoms networks” [3]. What was noteworthy in that article was that suggestion that, as the “…world’s biggest producer of telecoms equipment and…major supplier of broadband and mobile network gear in Britain”, Hauwei was introducing 3^rd party software and components that were not subject to “…sufficient control”.

In fairness, this is not necessarily limited to Chinese suppliers though, and discrete pieces of equipment and software introduced to any secure network represents a risk that must be managed.

At the very least, the lack of transparency around the relationships between the Chinese Government and its commercial entities abroad make it an unsafe proposition where the national security of another country is at risk. Australia is no exception, and it brings into doubt any platforms, solutions, equipment and software that these companies control.

It also begs the question, what on earth was the Western Australian Government thinking when it recently awarded Huawei a $136M 4G telecommunications contract for Perth trains? [4]. This decision comes on the back of the 99-year leasing of the pivotal Darwin Port to a Chinese owned company for $100M [5], and what you would have expected was clear advice around the security risks involved in critical infrastructure investments by foreign entities. Evidence of the latter is clearly in the Federal Government’s decision announced this morning.

The ongoing security concerns that have been raised by multiple Western Governments cannot be placated by the conflicted assertions by John Lord, the Australian Huawei chairman, that “There’s no reason for us to pass lots of data back to China…” [6]. And the fact that Huawei Technologies was reported to be “…the biggest corporate sponsor of overseas travel for Australian politicians…” [7] can only heighten fears that attempts are ongoing to undermine the interests of Australia.

One needs only to look to the Labor Party’s disgraced Sam Dastyari, who resigned his position in the Australian Senate after being accused of repaying Chinese financial favours with favourable political positions, for an affirmation of how things can be perceived to work.

So good on the Federal Government for sticking to the security script on this one. Unlikely, but one would hope that this really was a pragmatic decision based on security risk management, and not one influenced by political expediency in view of the current political malaise in our country.

Either way, this is only one victory for common sense; let’s hope there are many more.

Yours in security,

Konrad Buczynski

Industry Risk is Australia’s shining light in solutions for Protective Security and Business Resilience. We welcome opportunities to assist entities in getting to a security baseline, then helping guide them in more advanced endeavours.

[1] https://www.theaustralian.com.au/business/huawei-banned-from-rolling-out-australias-5g-network-due-to-security-concerns/news-story/f8cd0faa71d5fd510c2360cc6c4dc9af

[2] https://www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html

[3] https://www.bbc.co.uk/news/technology-44891913

[4] http://www.abc.net.au/news/2018-07-09/huawei-wins-wa-telecommunications-rail-contract-security-fears/9957258

[5] http://www.abc.net.au/news/2016-03-07/darwin-port-deal-funds-quick-hit-to-nt-economy/7228000

[6] http://www.abc.net.au/news/2018-06-27/huawei-boss-defends-telco-foreign-interference-debate-continues/9915164

[7] https://www.arnnet.com.au/article/642957/huawei-top-sponsor-aussie-politicians-overseas-trips/

Header image courtesy of http://www.businessnews.com.lb/cms/Story/StoryDetails.aspx?ItemID=6116