Just three months before it learned the National Security Agency had hacked into its networks, China’s largest telecommunications equipment maker, Huawei Technologies Co., met with senior U.S. government officials in an effort to demonstrate its commitment to security, FedScoop has learned.
Documents leaked by former NSA contractor Edward Snowden show the agency hacked into Huawei’s internal network at its headquarters in Shenzhen, China, may have compromised its intellectual property, and monitored the private communications of the firm’s executives.
The operation, codenamed “Shotgiant,” dates back to 2010, and stems from the U.S. intelligence community’s concerns about Huawei’s ties to the Chinese government and the potential for China to leverage the company’s technologies for espionage and sabotage.
But Huawei executives met with U.S. officials in January to discuss the company’s security efforts. FedScoop is honoring a request to withhold the details of the meeting and the circumstances surrounding its arrangement.
A source familiar with the meeting, however, characterized Huawei executives as “serious” and described the meeting as “worthwhile.”
A Huawei executive, who spoke to FedScoop on background, described the reaction inside the company to the latest NSA hacking revelations as one of “anger” and “shock.”
Since the company first fell under suspicion in 2012, when the House Permanent Select Committee on Intelligence concluded an investigation into the firm and recommended Huawei be barred from sensitive U.S. government contracts, the U.S. has not produced a single piece of evidence showing the company has been complicit in Chinese government-sponsored cyber-attacks against U.S. companies or agencies, the executive said.
Company executives were angered by the congressional investigation because much of the data the company provided to the committee never made it into the final report. Publicly, Huawei issued a statement that said it appeared the committee was “committed to a predetermined outcome.” Privately, however, the executive went as far as to raise the possibility that the investigation was cover for what is now known to have been a massive NSA intelligence operation targeting the company.
“We’re trying to be good corporate citizens, and we’re hoping to normalize perceptions of the company at this point as we continue to meet personally with U.S. officials to discuss the progress we’ve been making on security,” the executive said. The executive described those meetings as positive.
Huawei has been working with a third-party test and evaluation firm to have its software and products undergo rigorous security evaluations. In fact, Huawei recently submitted software code related to several of its 4G LTE wireless products for security evaluation, the company executive said.
John Suffolk, Huawei’s global cybersecurity officer, has said in public media reports that Herndon, Va.-based Electronic Warfare Associates Inc. is one of the companies behind the Huawei security evaluations. EWA counts NSA, the Department of Homeland Security and multiple military services among its clients.
The strategy Huawei is pursuing in the U.S. is similar to what it has successfully done in the United Kingdom with that country’s GCHQ — Britain’s equivalent to NSA. There, Huawei has set up the Cyber Security Evaluation Center, where security engineers from GCHQ can work with Huawei engineers to test the company’s software for vulnerabilities, bugs and even back-doors that would allow hackers to penetrate the U.K’s critical network infrastructure.
But while Huawei says its actions are proof it is willing to bend over backward to show the U.S. it is serious about security, America is a small fraction of the company’s overall market share, the executive said. For example, the U.S. accounts for only $1.2 billion of the company’s $38.6 billion in annual revenue it generates across 150 countries. In a way, the U.S. market isn’t that important to the company’s balance sheet.
“It’s a big world,” the executive said. “And major companies, including tier 1 Internet infrastructure providers, are increasingly telling their government clients that they are buying Huawei technologies and that they just need to deal with it.”
A former CIA officer who now provides strategic cybersecurity consulting to the government said he is not surprised by Huawei’s approach and outreach, but he still believes the ties between the company and the Chinese military are “very close.” Former Chinese military officer Ren Zhengfei founded Huawei in 1987.
But Huawei tells a different story, arguing that almost every security issue the company has dealt with from a product perspective was the result of vulnerabilities discovered in one of the many components it buys from other suppliers, including suppliers in the U.S. and Europe.
The real issue, the executive said, is the lack of motivation on behalf of the U.S., its European allies, and other countries, including China, to tackle the thorny issue of supply chain security in the telecommunications and Internet industry.
“Even the recently released NIST Cybersecurity Framework, which is great and which we contributed comments to, doesn’t say anything about supply chain security,” the Huawei executive said.
“If they [the governments of the U.S. and China] would just sit down and come to some agreement on standards and rules of behavior, we could get beyond this,” the executive said. “The issue of trust and supply chain security is hurting the global Internet and U.S. economic competitiveness.”
In light of the news that NSA had hacked into its network, compromised the company’s intellectual property and monitored the private communications of its executives, Huawei is conducting a full-blown damage assessment to determine exactly what happened.
According to NSA documents leaked by Snowden and recently published by The New York Times, the ultimate objective of operation “Shotgiant” was to determine the plans and intentions of Huawei’s leadership. “If we can determine the company’s plans and intentions, we hope that this will lead us back to plans and intentions of the [Peoples Republic of China],” the documents state.