Congressional Intelligence Committee Warns Against Doing Business With Chinese Telecom Firms

  /     /     /  
Publicated : 22/11/2024   Category : security


Congressional Intelligence Committee Warns Against Doing Business With Chinese Telecom Firms


Buying from or teaming with Huawei and ZTE is risky business for U.S. communications infrastructure due to nation-state implications -- but avoiding these firms still wont stop Chinese cyberespionage



The House Intelligence Committee today sent a strong message to U.S. companies: Steer clear of doing business with Chinese telecommunications companies Huawei and ZTE due to the possible security risks to U.S. communications infrastructure and threat of cyberespionage in light of their potential ties to the Chinese government.
In what some security experts consider a watershed report by the bipartisan Congressional committee on the national security implications of the two largest Chinese telecommunications companies -- Huawei and ZTE -- conducting business here in the U.S., the committee didnt mince words in its warning of the dangers of working with the companies, which it has been investigating for the past year. But even with the high-profile report calling out the companies lack of cooperation in the investigation and concerns about their relationships with the Chinese government, experts say it isnt likely to result in any lessening of computer breaches executed by Chinese cyberspy actors.
We have to be certain that Chinese telecommunication companies working in the United States can be trusted with access to our critical infrastructure, said House Intelligence Committee chairman Mike Rogers, R-Mich. Any bug, beacon, or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failures throughout our networks. As this report shows, we have serious concerns about Huawei and ZTE, and their connection to the communist government of China. China is known to be the major perpetrator of cyber espionage, and Huawei and ZTE failed to alleviate serious concerns throughout this important investigation. American businesses should use other vendors.
Richard Bejtlich, chief security officer at Mandiant, says the report overall isnt likely to make much of a dent on Chinas cyberespionage operations. I know there are many factions over there, Bejtlich says, so it isnt likely to change much in the big picture, even if the civilian side of the Chinese government were to make a move to back off. The more aggressive military side wouldnt be likely to stop its cyberespionage operations, he says.
[ How naming names of hackers and pinpointing the beneficiaries of cyberspying and cybercrime attacks translate into a new kind of defense. See
Turning Tables: IDing The Hacker Behind The Keyboard
. ]
This is the second major and very public call by the U.S. government to take a stronger stand against Chinas cyberespionage activities: The first was the Office of the National Counterintelligence Executives (ONCIX) report earlier this year that basically
identified China
as the most active and persistent economic espionage actor, points out Scott Aken, a former special FBI agent who worked on counterintelligence on cyberespionage cases.
Aken says while the content of the House Intelligence Committees report comes as no surprise to the intelligence community, its a significant message to the general public. This is the first time a [government] report is focused specifically on [Chinas spying in] cyberspace, he says. To me, the ONCIX report was really the start when they called China out on the mat for the first time publicly.
The House report takes it a step further by pointing out the potential of Huawei and ZTE being agents of the Chinese government, Aken says.
Its great they are starting to open aperture to the problem. But it isnt going to go away. Cyberespionage is certainly going to continue for [our] lifetimes, Aken say. By making this a well-known issue to those outside the U.S. government, now U.S. companies can make better decisions on who they purchase [equipment] from ... To me, its really important because this is the first time they are letting the general public know what maybe those in the intelligence community and DoD already know, he says.
Dmitri Alperovitch, co-founder and CTO of CrowdStrike, says the report doesnt really break much new ground, but it does shine a spotlight on how China operates in the business world. This is a watershed moment. People are going to start asking the hard questions about how Chinese companies are competing against the U.S., and whether they are doing so fairly, Alperovitch says. Cyberespionage is one part of it, and the Chinese government funding is another level of it.
The House committee says neither Huawei nor ZTE cooperated in the committees investigation, and never fully explained their ties and relationships with the Chinese government, as well as their U.S. business operations. There were reports of corruption, bribery, and immigration illegalities, according to existing and former employees of the firms, the report says.
One of the companies asserted clearly both verbally and in writing that it could not provide internal documentation that was not first approved by the Chinese government. The fact that Chinese companies believe that their internal documentation or information remains a state secret, only heightens concerns about Chinese government control over these firms and their operations, the report said.
Huawei reportedly shot down the findings in the report. Unfortunately, the Committees report not only ignored our proven track record of network security in the United States and globally, but also paid no attention to the large amount of facts that we have provided ... We have to suspect that the only purpose of such a report is to impede competition and obstruct Chinese ICT companies from entering the US market, the company said in a statement
published in a report by The Wall Street Journal
.
The House report also recommends that U.S. government agencies and contractors avoid Huawei and ZTE equipment in their procurements and systems, and that the Committee on Foreign Investments in the United States (CFIUS) block acquisitions, takeovers, or mergers involving Huawei and ZTE given the threat to U.S. national security interests.
It also urges Chinese companies to become more open about their operations, and that Congress consider legislation to address potential risks like this.
To date, there have been reports of backdoors in ZTE equipment. But the broader concern may not be the backdoors to date, but if [the equipment] is controlled by the Chinese, can you trust the next update to the systems, CrowdStrikes Alperovitch says.
The full committee report is available
here
(PDF) for download.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Congressional Intelligence Committee Warns Against Doing Business With Chinese Telecom Firms