Huawei: Separating fact from fiction

So just how bad is Huawei?

Chinese telecom provider Huawei was hardly a household word a few months ago, but it's had lots of negative publicity of late, from an Economist cover story to a 60 Minutes piece.

And now the US House Intelligence Committee has issued a report recommending that Huawei and ZTE, another Chinese telecom company, be viewed "with suspicion."

Huawei customers defend their security after congressional report

As the president of a third-party test lab, I've had some experience dealing with Huawei, its competitors, and its customers. And as a U.S. history buff, I'm also aware that this is hardly the first attempt to drum up fear of "The Other" in the name of patriotism and national security.

While some claims about Huawei are valid, others are unsupported. Let's sort through these. (I'm focusing on Huawei here because I know it better than ZTE.)

1. Huawei is succeeding because of Chinese government backing

This is true. Beijing is a huge customer and subsidizer of Huawei's development efforts.

Then again, Huawei has lots of company. Toyota's popular Prius wouldn't have happened without a hand from the Japanese government. Airbus and its majority shareholder EADS wouldn't exist if Western European governments hadn't encouraged defense contractors to merge.

We have hugely successful public/private endeavors in the U.S., too. Some of our most important scientific and engineering achievements - things like atomic energy, space travel, human genome mapping, and the Internet itself - came out of government research programs.

The problem we have is too little R&D spending, not too much. Scream about waste all you want, but there's a baby/bathwater problem here. There's been a long-term slump in U.S. R&D funding while China is increasing its funding 10% year over year. We're not doing enough R&D spending to keep pace.

2. Buying Huawei is unpatriotic; it means replacing US/Australian/British/name-your-country gear with Chinese stuff

All telecom providers, including US. ones like Cisco, make at least some gear in China.

It's true that Huawei's profits go back to China. Then again, it's also common practice for U.S.-based multinationals not to "repatriate" their overseas profits for tax reasons.

This goes beyond factory locations. All major networking companies are multinationals, and all their engineering groups look like the United Nations. This can complicate matters for U.S. companies holding defense contracts with citizenship and security-clearance requirements.

Ironically, some manufacturers are scaling back in China as wages rise. These days we see more components coming into the lab from places like Malaysia and Vietnam.

3. Huawei doesn't care about intellectual property rights

Huawei tried to enter the U.S. market a decade ago with an effort that would have been hilarious if it wasn't so ham-handed.

Visitors to Interop 2002 Las Vegas saw the Huawei booth next to Cisco's, with Huawei routers like the 2600, 3600, 4700, and 12000 GSR on display, all in Cisco's familiar olive paint. Although the Huawei command-line interface (CLI) said "HOS," it had the same bugs as a contemporary IOS release.

Cisco sued in a federal case that was settled out of court. As one Cisco engineer told me, "They don't get to copy our bugs."

Huawei has long since rewritten its router code. In my experience with it, I'd say its CLI is too strange to be purloined. Perhaps because of the earlier experience, Huawei seems to have come up with a different synonym for every single Cisco command.

4. Huawei equipment has secret backdoors

This one is unproven, like similar allegations made a few years back about supposed backdoors in Israeli firewalls.

This claim can be tested empirically. One can capture any device's traffic externally (putting it in a Faraday cage if it's wireless) to see what comes out. Network operators routinely do these tests, and as far as I know they haven't found any backdoors.

If backdoors are proven to exist (and, again, I haven't seen evidence that they do), perhaps it's because Huawei was provided with a good example. Nicholas Kristof, who won a Pulitzer Prize for China reporting, notes that the U.S. used telecom equipment sales to China in 1980s and 1990s to spy on the Chinese.

5. We're already under attack from the China

Security analyst Richard Bejtlich and others have provided numerous examples of China-based cyberattacks. While these attacks pose a real threat to U.S. infrastructure, they aren't tied to commercial vendors like Huawei. It'd be a stunningly stupid business practice if they were.

There is actual evidence of bad behavior, and there is hand waving for political purposes. When assessing networking equipment, it helps to remember that these are often different things.

Disclaimer: Huawei and Network Test Inc. have no current or former business relationship.

Newman is a member of the Network World Lab Alliance and president of Network Test, an independent test lab and engineering services consultancy. He can be reached at

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Newman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place