A House committee report that found telecom equipment manufacturers Huawei and ZTE pose a cyber-espionage threat to U.S. communications has legitimate concerns and signals a more aggressive approach towards China, experts say.
The House Intelligence Committee recommended Monday that the U.S. government and corporations not do business with the companies, saying they could not guarantee that their products would be free from spyware. Experts believe China is a hotbed of cyber-espionage activity.
Huawei and ZTE denied the allegations, with the former claiming the panel's findings were based on "rumors and speculations." Huawei, the world's second largest supplier of telecom networking gear, said the committee's 11-month investigation "provided no clear information to substantiate the legitimacy of the committee's concerns."
However, experts believe the report raised important points. "I don't think there's an immediate threat to the level that as soon as Huawei equipment is installed in the U.S., American data will begin to be harvested," John Grady, an analyst for IDC, said in an email. "Rather it's the longer view towards what could potentially happen, which I think is a valid concern."
Dave Aitel, chief executive of penetration testing company Immunity and a former research scientist for the National Security Agency, said the committee indicated that the government was taking a stronger stand against cyber-espionage emanating from China.
"You're starting to see the United States government get much more activist with this," he said. "I'd say software vendors are next. If they catch a software vendor doing similar things, then they're going to blackball them."
The committee report claimed that Huawei and ZTE did not provide enough detailed information or internal documentation to convince the panel that their relationship with Chinese authorities did not pose a threat to the nation's communications infrastructure.
"Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems," the report said.
The Defense Department has claimed that China is home to "the world's most active and persistent perpetrators of economic espionage."
"Chinese attempts to collect U.S. technological and economic information will continue at a high level and will represent a growing and persistent threat to U.S. economic security," the Defense Department said in a report to Congress this year.Ã'Â
China has denied he allegations, and Huawei said there was no proof of its involvement in cyber-espionage. "The report released by the Committee today employs many rumors and speculations to prove non-existent accusations," the company said.
Huawei claimed the report was an excuse to prevent the companies from competing in the U.S. market. "We have to suspect that the only purpose of such a report is to impede competition and obstruct Chinese ICT companies from entering the U.S. market," the company said.
Grady acknowledged that competition between U.S. and Chinese tech companies couldn't be discounted.
"I do think that a lot of this is driven by the fact that it's China," he said. "We can point to many examples of ties between network or security companies and militaries and governments around the world, but those militaries and governments aren't China, so reports like this haven't been written."
ZTE, the world's fourth largest mobile phone maker, said the committee's finding that it may not be "free of state influence" could apply to any company operating in China.
Nevertheless, The risk posed by companies like Huawei and ZTE is that a government plant could insert spyware within firmware that would still pass regression testing by a quality assurance team, Aitel said.
"In this case, the American government is worried about Chinese major manufacturers from the top down targeting particular segments of the United States infrastructure," he said.
Huawei has significant portions of the worldwide enterprise and carrier markets for networking equipment. The company is strongest in Asia and Europe, but is not an important player in the U.S., Gartner analyst Kathie Hackler said.
The committee report could damage efforts the company has made recently to increase U.S. sales, if the classified evidence the panel has is made public and is proven to be true.
"It will definitely impair great success in the market, because there's going to be that fear, uncertainty and doubt, and certainly within verticals that are very sensitive about security," Hackler said, citing government and financial institutions as examples.
Rep. Frank Wolf, who chairs the House Appropriations subcommittee, has inserted language in an appropriations bill pending in Congress that would prohibit the purchase of telecom equipment produced by Chinese state-owned or state-directed companies.
"I was pleased the report's first recommendation directs all federal agencies to similarly prohibit these risky products moving forward," Wolf said in a statement published by Fairfax News.
Read more about network security in CSOonline's Network Security section.