Despite a particularly rough 2018, Chinese telecommunications hardware maker Huawei has tried to keep selling arguably insecure networking gear around the world — an effort openly opposed by the United States as its allies build early 5G networks. But in a subtle but meaningful shift, the U.S. is apparently relaxing its requirement that intelligence-sharing allies ban Huawei by name from their 5G networks, instead allowing those allies to adopt such strict 5G security standards that no questionable company will be allowed to participate.
The dispute between the U.S. and two Chinese networking gear makers, Huawei and smaller rival ZTE, reached a boiling point in 2018 after simmering for years, as U.S. agencies accused the companies of everything from sanctions violations to creating hardware with backdoors for China’s government. While ZTE ultimately settled with the U.S. and paid a massive fine, Huawei continued to deny the accusations and sued the government, claiming that both it and its hardware were trustworthy.
U.S. officials disagreed and, citing the potential for espionage, mounted an international campaign to keep Huawei gear out of any foreign 5G network that might carry sensitive U.S. intelligence. While some countries signaled that they would heed the U.S. warnings, others — including Germany — appeared reluctant to either single out Huawei by name or completely eliminate previously purchased Huawei gear from their networks.
While the United States hasn’t retracted or reduced its allegations against Huawei, Germany’s Frankfurther Allgemeine Zeitung reports that senior U.S. officials have embraced a German-developed plan to make domestic 5G security standards “so strict regardless of the provider that unreliable companies have no chance.” Under this plan, Germany will reject 5G components from any hardware provider that could be forced by a foreign power to undermine German security, and use parts solely from “trusted suppliers.”
Practically speaking, it’s hard to believe that any country will actually succeed in keeping parts from “unreliable companies” completely out of their 5G networks, as trust can shift over time. Additionally, since much of the United States’ publicly stated concern over Huawei is based on a Chinese law requiring telecom providers to cooperate with government surveillance efforts on request, all it might take is a change in Chinese law to make Huawei’s gear more “trustworthy,” and another change to go in the opposite direction.
The matter is further complicated by ongoing questions as to Huawei’s security engineering capabilities. Multiple countries have reached different conclusions as to whether Huawei’s hardware can be made secure enough for 5G; the U.K. has recently concluded that Huawei’s software is “very shoddy” and out of date, regardless of a multi-billion-dollar “transformation program” designed to improve network security.
In the absence of Huawei options, European rivals Nokia and Ericsson have emerged as leading international suppliers of 5G gear. Samsung, Cisco, and numerous smaller companies have all been developing 5G solutions ranging from end-to-end networking hardware to specific infrastructure components.