China's Huawei and ZTE grilled by U.S. committee over spying concerns

U.S. lawmakers are concerned networking equipment from the companies could be used to spy on U.S. activities

A U.S. congressional committee appeared to come away still in doubt about the security of networking equipment from Chinese firms Huawei Technologies and ZTE after holding a Thursday hearing in which the two companies tried to dispel allegations that they were tied to the Chinese government.

"I'm a little disappointed today. I was hoping for more transparency, more directness," said the Chairman of the U.S. House Intelligence Committee, Representative Mike Rogers. "There is a sphere of government influence in your companies of which you either can't identify their roles and responsibilities or won't. Either way, its unacceptable."

Thursday's hearing was held as part of an investigation launched by the U.S. House Intelligence Committee to find if Huawei and ZTE posed a security threat to the nation given the increasing cyber attacks allegedly coming from China. U.S. officials are concerned networking gear bought from Huawei and ZTE could in fact be used by the Chinese government to spy on U.S. activities and steal sensitive information.

Both Huawei and ZTE, however, have tried to clear their reputations and on Thursday executives from the companies denied they had any ties with the Chinese government, stating that their firms would never sabotage a customer's network. Both companies are also committed to improving cyber security, and following U.S. laws, they added.

"Huawei is an independent private employee-owned company," said Charles Ding, a corporate senior vice president with the company. "Neither the Chinese government nor the PLA (People's Liberation Army) has an ownership interest in our company, or any influence on daily operations, investment decisions, profit distributions or staffing."

"The Committee's central question has been: would ZTE grant China's government access to ZTE telecom infrastructure equipment for a cyber attack?" said Zhu Jinyun, ZTE senior vice president for North America and Europe. "Mr. Chairman, let me answer emphatically: No! China's government has never made such a request. If such a request were made, ZTE would be bound by U.S. law."

During the congressional committee's nearly year-long investigation, Huawei and ZTE have tried to answer questions regarding their operations and financing. But despite the efforts, Rogers said in the opening of Thursday's hearing that the companies had provided "little actual evidence" to resolve the committee's concerns, which included refusing to provide certain documents because they would violate China's state-secret laws.

"It is strange the internal corporate documents of purportedly private sector firms are considered classified secrets in China. This fact alone gives us a reason to question their independence," Rogers said.

But Huawei's Ding said in a written statement for the hearing that the company had already provided a "wealth of information." Some of the information asked for would have also been impossible to provide under the three-week time frame the committee had given the company, he wrote.

"The requests also sought highly sensitive, proprietary business information, which, we respectfully submit, no responsible company, foreign or domestic, would voluntarily produce," the statement added.

During Thursday's hearing, committee members also grilled Huawei and ZTE's representatives with questions on their relationships with the Chinese government. These included inquiries as to whether the Chinese government directly funded any company activities, and whether the companies were selling products at a loss in the U.S., which executives from both Huawei and ZTE denied.

U.S. Representative Adam Schiff, however, said a key question was whether Huawei and ZTE had the independence to "say no" to the Chinese government. He then cited a Chinese state security law that would allow the Chinese government to inspect the communication equipment belonging to any company or individual.

Both company executives said they were unfamiliar with the law, but added that they would never harm a customer's networks. Schiff, however, said that despite the companies' good intentions, Chinese law and state of the country's courts would prevent them from denying authorities access to such equipment.

"The plain language of Chinese law would require you to make your equipment available to the Chinese government upon their request, and I see no opportunity for you fight that in the Chinese court system," he said.

Both Huawei and ZTE have been trying to expand their business in the U.S., but the companies, especially Huawei, have seen a resistance to their business activities. Last year, Huawei was denied participation in building a national wireless network because of security concerns, according to the U.S. Department of Commerce.

U.S. Representative Dutch Ruppersberger said in his opening remarks on Thursday that the investigation against Huawei and ZTE was not "political jousting" or "trade protectionism masquerading as national security," and pointed to how China is hacking into U.S. networks and stealing intellectual property from the nation.

Huawei, however, contends its difficulties in the U.S. stem from misconceptions that have distorted the company's record. To illustrate this, Huawei commissioned Dan Steinbock, an expert on U.S.-China trade relations, to write a report on the company, which was released the day before the hearing. In it, Steinbock argues U.S. lawmakers have yet to provide firm evidence to support their concerns against the company

"Today, Huawei is one of the most misunderstood companies in America," the paper said. "Huawei's activities in America are not a threat, but an opportunity to the United States."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place