What’s Up With Cybersecurity and Chinese Telecoms?

Dave Johnson

Two items in the news: a congressional committee warns that Chinese telecom companies might be spying on us, and the Secretary of Defense warns about “cybersecurity.” One report even says that Chinese-made equipment used in businesses here sends data to China at night! What’s the story?

CBS’ 60 Minutes recently had a story about the Chinese telecommunications company Huawei. Huawei is a giant Chinese telecommunications company. Founded in 1987 by a Chinese military officer, the company started out making phone and data “switching” systems to handle the communication needs of businesses in China. Over time and, according to a 60 Minutes report, with “steady, extensive support from the Chinese government” and “industrial espionage,” Huawei has grown to become the largest telecommunications equipment maker in the world. (For example, several years ago Cisco sued Huawei for copying Cisco’s products (and then selling them for much lower prices) — even going so far as having the same typos in their instruction manuals. Huawei settled the lawsuit.)

Here is the 60 Minutes segment, Huawei probed for security, espionage risk

The 60 Minutes segment reported on a report by the House Permanent Select Committee on Intelligence that warned of potential cyber-espionage by Huawei and another Chinese telecom, and ZTE. The report follows an an 11-month investigation of the companies. WaPo: Chinese telecom firms Huawei and ZTE pose security threat, congressional investigators say,

Rep. Mike Rogers (R-Mich.) said committee investigators received “numerous allegations” from U.S. companies that equipment bought from Huawei sent unauthorized data to computers in China.

“That’s a serious problem,” Rogers said at a news conference to release the results of an 11-month investigation into Huawei and another Chinese tech giant, ZTE. “It could be a router that turns on in the middle of the night, starts sending back large data packs, and it happens to be sent back to China.”

Rogers declined to identify companies that had complained about suspicious data transfers. But he and Rep. C.A. Dutch Ruppersberger (Md.), the committee’s ranking Democrat, recommended that the U.S. government and American firms avoid using equipment from the Chinese firms for tasks that involve large amounts of sensitive data. The two lawmakers said the firms’ close ties to the Chinese government pose a threat to national security.

Let me repeat this: the committee warns of reports that some equipment manufactured by these companies, used in our business and other communications, turns on in the middle of the night and sends large amounts of data to China. The committee report also describes possible bribery used to get that equipment placed in certain key locations. And the report says the committee had obtained internal documents from former employees of Huawei showing that the company supplied services to a “cyberwarfare” unit in the People’s Liberation Army. (I’ll let the reader read between the lines here. Hint: the suspicion is that they get the equipment placed into key strategic locations, then the equipment stores up vital proprietary business and government communications during the day and then sends it overnight to China where they can mine it for trade secrets and other useful information.)

Another worry is that there may be hidden “back doors” in this equipment that would allow key switches to be turned off as part of a coordinated cyberattack on our country.

At the same time, Secretary of Defense Leon Panetta gave a speech warning about the threat of “cyberattack.” NY Times: Panetta Warns of Dire Threat of Cyberattack on U.S.,

Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government.

… “An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

… The most destructive possibilities, Mr. Panetta said, involve “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.” He described the collective result as a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”

Panetta is trying to get Congress to pass a bill requiring “new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.” But so far the Chinese Republicans have managed to block passage. From August, Cybersecurity Bill Is Blocked in Senate by G.O.P. Filibuster,

The bill’s most vocal opponents were a group of Republican senators led by John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and steadfastly opposed the legislation, arguing that it would be too burdensome for corporations.

The bill would have established optional standards for the computer systems that oversee the country’s critical infrastructure, like power grids, dams and transportation.

So who could be against strengthening our essential infrastructure from potential cyberattack? I mean, besides China? Yet, Senate Republicans went so far as to filibuster this bill saying it would cost American companies too much. It’s funny how often the interests of America’s giant corporations, the Chamber of Commerce and the Republican Party so often align against our own national interest, no? Wait, are we talking about this Chamber of Commerce?

Note – in the 1990s the Clinton administration, aware that certain non-US interests were monitoring the business communications of American companies, attempted to get a standardized encryption chip built into all voice and
email devices. Had this occurred anyone intercepting these communications could not decipher them.

Another note – maybe these companies know what they are doing. For a long time the airlines were able to block the government from requiring them to secure access to airplane cockpits because it would cost money to do so. Then came 9/11 – which was directly enabled by this ease of access to cockpits. How did that work out for the airlines? Let’s see, 9/11 Airline Bailout: So, Who Got What?

Propelled by … the airlines’ considerable lobbying clout, Congress, over the course of just two days, introduced, passed, and got presidential approval for a $15 billion bailout.

So the airlines got paid $15 billion for having blocked regulations requiring them to secure the cockpit! Maybe there is method to the madness of blocking cybersecurity requirements!

One last point: if you work in telecommunications, or if your company has sensitive information that you do now want stolen, please spend the time to read this report.

Comments