A Concise Guide to Huawei’s Cybersecurity Risks and the Global Responses

10/03/2019

|

Jonathon Marek and Ashley Dutta | National Bureau of Asian Research

This backgrounder from Jonathon Marek and Ashley Dutta of NBR’s Center for Innovation, Trade, and Strategy examines the criticisms leveled against Huawei and how governments have responded. It provides a framework and key examples through which readers can better understand the policy challenges surrounding the company.

Huawei Technologies Co. Ltd., a Chinese telecommunications company with global revenues of over $100 billion and products ranging from smartphones to advanced 5G network equipment, has faced growing criticism from security experts and governments regarding cybersecurity and espionage risks. In recent months, Huawei’s network security deficiencies and the international response to the company’s meteoric rise have been headline news worldwide. The company faces severe restrictions from the U.S. government, which have heightened broader Sino-U.S. tensions. This backgrounder will examine the criticisms leveled against Huawei and how governments have responded.

CONCERNS

Private cybersecurity experts, intelligence agencies, and political leaders have argued that Huawei’s products, especially if used in 5G networks or associated critical infrastructure, pose significant security risks. Citing Huawei’s previous assistance with state intelligence operations, an incident involving the company’s servers transferring data directly to China, and overall poor cybersecurity standards, they argue that Huawei’s cybersecurity practices render users vulnerable to cyberattacks and data breaches. China’s political system, which legally obligates companies to actively support Chinese Communist Party (CCP) espionage efforts and blurs the distinction between public and private entities, amplifies these concerns.

Ties to and Support from the CCP

Huawei claims it is an “independent, privately-held company…owned by [its] employees through an Employee Stock Ownership Program,” which allows it to pursue long-term growth without shareholder pressure and to act independently of CCP direction. However, significant evidence exists directly tying both Huawei and founder Ren Zhengfei to the CCP and People’s Liberation Army (PLA). This has raised concerns that the CCP could access Huawei clients’ data or compel it to support the party’s espionage work.

Ren, who retains veto power over strategic decisions and strong operational control, served in the PLA prior to founding Huawei. U.S. officials claim that this included a stint with a military intelligence unit. Ren is a CCP member, attended the 12th National Congress, and was honored in 2018 as a leading private entrepreneur who safeguarded CCP leadership.

The links, however, run far deeper than Ren’s personal ties. A 2005 report described a “digital triangle” linking nominally private Chinese tech companies, including Huawei, to state-backed research institutions and the PLA. In 2013, former head of the CIA and National Security Agency (NSA) Michael Hayden stated that there is tangible classified evidence that Huawei has engaged in CCP-directed espionage activities.

In June 2019, a report found that Huawei employees, operating in their personal capacities, collaborated with the PLA on surveillance-related military research that is apparently not connected to Huawei’s legitimate operations. Additionally, earlier in 2019, a Huawei employee in Poland was arrested on suspicion of working as a Chinese intelligence agent. While the charges appear unrelated to the employee’s work, numerous Huawei employees believe that Chinese intelligence agencies regularly embed agents in their offices and monitor their conversations. In July 2019, Czech Huawei employees reportedly passed information on clients directly to the Chinese embassy.

Furthermore, refuting Huawei’s ownership claims, research suggests that employees are only involved in a profit-sharing program. Huawei is potentially “in a non-trivial sense state-owned” inasmuch as the company is formally held by a trade union committee that Huawei acknowledges is organized under the CCP-controlled union structure.

Beyond direct ties with the CCP, Huawei has received significant state financial support, including land subsidies, R&D grants, and tens of billions of dollars of financing from Chinese banks for international customers. State banks have also indirectly funded Huawei by loaning between $200 million and $4 billion to employees to purchase the aforementioned company “stock.” State support thus has allowed Huawei to grow rapidly, invest heavily in R&D, and undercut market pricing.

Huawei may also have received funding directly from the PLA, China’s National Security Commission, and another Chinese intelligence agency. The CIA, according to unverified reports provided credible evidence of this funding to its Five Eyes intelligence-sharing partners early in 2019. Regardless of the degree of active influence exercised by the CCP over Huawei’s daily operations, under Chinese law the CCP almost certainly could compel Huawei to provide customer data or network access upon request. China’s 2017 National Intelligence Law, which—despite Huawei’s assertions to the contrary—applies to all private enterprises based in China and their foreign subsidiaries, compels Chinese entities to provide active support to Chinese intelligence-gathering activities. While Ren claims that he would refuse any CCP request for active assistance—an action Huawei argues is legal—experts regard this as simply impossible. In addition, the CCP has embedded officials in private companies, including tech firms such as Alibaba, to increase the party’s role in these entities. It is clear from both the letter of Chinese law and common CCP practice that no entity—including Huawei, regardless of its formal ownership situation—is free from the political influence of the CCP.

Cybersecurity

Despite recent investments in cybersecurity, Huawei’s network equipment has been plagued by security flaws allowing for unauthorized third-party access to or the misappropriation of data moving across networks. Various Huawei networks have transferred data to China and facilitated state espionage. Researchers have described Huawei’s cybersecurity practices as “the worst ever,” and the United Kingdom’s Huawei Cyber Security Evaluation Centre (HCSEC), a security review agency established by the company and the UK’s intelligence agencies, has found that Huawei has made “no material progress” in addressing its poor practices. Examples of notable cybersecurity and cyberespionage incidents connected to its products or networks built with its equipment include the following:

  • Most striking is a reportdenied by the CCP—that Huawei employees assisted Ugandan and Zambian intelligence agencies in operations against political dissidents. While flaws in Huawei’s products were not used to facilitate the breaches, the company’s networks were used to track the targets, and its employees provided active support, unrelated to business operations, to government intelligence work. This is especially concerning given that the governments Huawei supported are minor customers, whose business likely has only a marginal impact on the company’s overall performance. Given the close ties between Huawei and the CCP described above, as well as the CCP’s ability to control and direct Huawei’s operations, this instance shows that Huawei has the ability and the willingness to engage in government-directed espionage operations if ordered to do so by the CCP.
  • A June 2019 report by the cybersecurity firm Finite State quantitatively analyzed Huawei’s products and found that hundreds of them had an unprecedented number of vulnerabilities—significantly more than the products of Huawei’s competitors. The report also found that the company consistently used outdated software with numerous known vulnerabilities. Huawei has identified methodological concerns with Finite State’s report, but most experts still accept its general conclusions.
  • As a result of a five-year-long data breach of African Union computer systems built using Huawei equipment, data was transferred directly to servers in China every night. While it is unclear whether Huawei was complicit, experts believe it is impossible that the company was unaware of the ongoing transfers, and the vulnerability undermines Huawei’s statement that its systems provided “greatly enhanced security.”
  • According to interviews with Huawei employees, they have easy access to clients’ servers and customers’ private data. While the employees indicated that there are internal limits on access to this information, they confirmed that the Chinese state “can use” and “wants to use” Huawei.
  • In March 2019, Microsoft discovered a piece of software in Huawei’s MateBook laptops that utilized code similar to a leaked NSA hacking tool. While Huawei fixed the vulnerability, and there is no indication that the code was used maliciously, it is unclear why Huawei chose not to use standard risk-free tools and instead used a program that could serve as a backdoor.

Some countries have argued that the cybersecurity risks outlined above can easily be mitigated by excluding Huawei from the “core” of 5G networks (the central infrastructure across which most data flows), while allowing the company to participate in the “edge” (where individuals connect to the network). The cost savings of this approach would be significant, as edge networks require more equipment, and Huawei’s price advantages are strongest at the edge. However, in 5G networks the divisions between the core and the edge will not be as clear, raising questions about the viability of this risk-mitigation approach, especially if the CCP orders Huawei to infiltrate its networks for intelligence purposes.

U.S. RESPONSES

In response to cybersecurity concerns, governments, intelligence agencies, and private actors have worked to address the risks posed by Huawei equipment, especially those related to critical infrastructure applications in 5G networks. Responses have varied across countries, with Australia and the United States generally pursuing a hard-line approach, European and some Asian countries pursuing a more balanced one, and developing countries generally welcoming Huawei. Private firms, especially network operators and Huawei’s suppliers, have tended to argue against harsh restrictions that could hurt their commercial interests, believing that risks can be mitigated without fully blocking Huawei. This section considers U.S. actions to address the cybersecurity concerns posed by the company.

Government Restrictions

As early as 2012, following an unusual request from Huawei for a U.S. congressional investigation into its operations, a report by the House Intelligence Committee found that the company’s networks, due to potentially critical security risks in its infrastructure, constituted a threat to national security. Based on this finding, the report advised private entities to avoid doing business with the company. This advice has been repeated by U.S. government officials since then, and most major U.S. companies, including the four major telecoms network operators, do not use or offer Huawei products.

U.S. restrictions on Huawei escalated in May 2018, when the Pentagon banned the sale of Huawei phones on military bases due to fears that they could track the movements of U.S. soldiers. In August 2018 the National Defense Authorization Act (NDAA) for Fiscal Year 2019, which included provisions that prohibited U.S. agencies and contractors from using Huawei products, was signed. While the ban was intended to go into effect this year, in June 2019 the Office of Management and Budget requested a two-year delay in the implementation of certain provisions. Litigation brought by Huawei alleging that the NDAA’s restrictions on the company are unconstitutional is ongoing.

Additionally, the Justice Department has charged Huawei in multiple cases of IP theft. IP theft issues have plagued the company for decades, undercutting its claim that its technological prowess is solely due to internal R&D. In addition, Huawei and its CFO Meng Wanzhou have been charged with sanctions violations.

Executive Actions

The United States imposed further restrictions on Huawei in May 2019, with two separate but related executive actions. First, the White House issued an Executive Order (EO 13873) prohibiting any country or person that is a “foreign adversary” from selling certain telecommunications equipment in the United States. This executive order, authorized under the International Emergency Economic Powers Act, functionally bans Huawei from U.S. 5G networks. Regulations implementing the order are forthcoming.

Additionally, the Department of Commerce added Huawei and 68 subsidiaries to the Entity List, thereby preventing U.S. firms from exporting goods or services to them without a license, which is rarely granted. Most notably, this would cut Huawei’s access to U.S.-designed semiconductors, on which it still heavily relies. The designation led to questions over whether Huawei could survive. An identical designation against Huawei’s rival ZTE had nearly forced the firm to shut down before it reached a deal with the United States. However, Huawei has made extensive contingency plans and stockpiled supplies, while simultaneously strengthening its chipmaking subsidiary, HiSilicon, and investing in other semiconductor firms. As such, the consensus is that, while the designation will hurt Huawei’s growth—causing up to $30 billion in lost revenue, mainly from reduced smartphone sales—the company and its 5G business will carry on. Ren Zhengfei is even more optimistic, arguing that the company will continue to grow.

The designation has affected U.S. suppliers, most notably semiconductor manufacturers. Intel, Qualcomm, Xilinx, and Broadcom all initially saw shares drop rapidly, and many suppliers cut revenue forecasts. While uncertainty around the status of the ban and the complexity of high-tech markets makes predicting long-run impacts difficult, it is clear that some U.S. companies will lose revenue if they cannot sell to Huawei.

Many suppliers have argued that the designation will ultimately make Chinese companies more self-sufficient and technologically competitive and increase Huawei’s cybersecurity risk. For instance, Huawei would prefer to continue working with Google and using Android for its smartphones. But if it is unable to, then the company would be forced to adapt its own Harmony operating system—designed for industrial use—for smartphones to remain competitive in the consumer market. While this will hurt Huawei in the short run—as reduced functionality for its smartphones lowers sales—it would also limit the United States’ ability to constrain Huawei in the long run. Furthermore, Google has argued that Huawei’s operating system will be less secure than Android, significantly increasing cyberespionage risks. In contrast, if the United States allowed its firms to continue to supply Huawei, their technological advantages could prevent Chinese competitors from gaining the market necessary to make the development of substitutes for U.S. technology economically viable.

U.S. firms and experts also argue that the greatest negative impact of the Huawei designation could be on U.S. competitiveness. Lower revenues for U.S. firms reduce their ability to invest in R&D, which is key to the United States’ advantage in semiconductors and other high-tech products. Some have advocated for allowing sales to Huawei of products available in third countries, since Huawei could simply shift to purchasing these products from foreign competitors. A ban could thus needlessly disadvantage U.S. companies without providing any meaningful national security benefits.

U.S. businesses are also concerned about Chinese retaliation. In addition to informal retaliation—including increases in red tape, which have already affected numerous companies—China is planning to introduce an “unreliable entities list,” targeting firms that cut supplies for “non-commercial purposes.” This would include companies that comply with U.S. Entity List designations, and there are indications that the list would focus on U.S. tech companies and firms that cut ties with Huawei.

While Huawei remains on the U.S. Entity List, actions taken since the initial designation have blunted the impact on the company. First, within a week of the designation, the Commerce Department issued a 90-day temporary general license allowing U.S. firms to continue providing support to products and software previously sold to Huawei. It later extended the temporary license by 90 days. Additionally, U.S. companies, including chipmakers that had initially complied, have sought to dodge the restrictions and continue supplying Huawei. Finally, following a meeting with Xi at the G-20 summit in Osaka, President Donald Trump announced that he would relax restrictions on Huawei, reportedly by granting licenses allowing U.S. firms to export to Huawei. However, despite over one hundred applications, no exporters have been granted a license.

Reflecting strong congressional concern over company’s practices, several Huawei-related amendments to the FY 2020 NDAA were submitted. One amendment would de facto prevent Huawei from being removed from the Entity List in the near term; however, it does not address the issuance of licenses. Another amendment would prevent network operations from using federal subsidies (including rural network subsidies) to purchase Huawei equipment. An additional amendment would expand restrictions on federal procurement of Huawei equipment. Moreover, senators from both parties have expressed opposition to Trump’s concessions to Huawei, indicating that legislation restricting the company likely has broad bipartisan support in Congress.

U.S. Rural Networks and Huawei

One of the most significant challenges to restricting Huawei’s U.S. operations is the firm’s large presence in rural 3G and 4G networks. According to the Rural Wireless Association, Huawei (or ZTE) equipment is used in approximately 25% of rural networks due to its relatively low cost—a result of both subsidies and Huawei’s long-standing strategy to aggressively pursue rural customers. Both Huawei and rural network operators have argued against the Entity List designation and the network executive order, claiming that restrictions on Huawei could reduce access to spare parts or technical assistance and disrupt internet access in some rural areas. Especially threatening to rural network operators is a ban on the use of FCC subsidies to purchase Huawei equipment, which an industry group warned would likely bankrupt small providers that cannot afford more expensive equipment. The FCC subsidy program currently de facto encourages the use of Huawei due to its cost advantage.

These challenges would be compounded if the government were to force rural operators to replace Huawei equipment currently present in their networks. The cost of replacement would approach $1 billion and would distract operators from making improvements to their systems. While public funding would likely be necessary to mitigate the direct costs—and a bill to that effect has been introduced in Congress—removing rural network equipment would be extremely disruptive. However, allowing Huawei equipment to remain in U.S. networks would strengthen the company’s argument that U.S. government restrictions have no basis in legitimate security concerns and are entirely political.

U.S. Support for Allies’ Restrictions

The United States has worked to persuade allies, including NATO countries, intelligence-sharing partners, and countries that host U.S. military bases, to ban Huawei from their 5G networks. The CIA briefed the other intelligence agencies of the Five Eyes network from the UK, Australia, Canada, and New Zealand on Huawei-CCP ties and provided other evidence of the company’s cybersecurity risks and legal obligation to support CCP espionage. The United States has considered providing financial support for countries that opt not to use Huawei equipment and has threatened to reduce intelligence sharing with countries that do use it, which could significantly affect the UK and the Five Eyes framework if the UK chooses not to ban Huawei.

However, the U.S. strategy toward Huawei has been heavily criticized because the United States has not identified a positive alternative. As such, many countries perceive the choice as between Huawei or a slower, costlier 5G rollout. Given that most countries are simply less concerned about Chinese cyberattacks, the United States has failed to win broad international support for restrictions on Huawei, despite indications that Washington would accept stronger 5G security standards that consider state interference in lieu of targeted bans. The United States’ proposed relaxation of the Entity List designation and willingness to include Huawei’s status in trade talks have strengthened arguments that the U.S. position is political and not based on legitimate security concerns.

FOREIGN RESPONSES TO HUAWEI

While a small number of countries (mainly close U.S. allies) have fully banned Huawei from their 5G networks, and others have adopted standards-based approaches that may exclude the company, Huawei is still involved in 5G networks in numerous countries, including key US allies. According to Huawei, two-thirds of active 5G networks involve at least some of its equipment.

Five Eyes Responses to Huawei

The roots of the escalating concerns regarding Huawei lie in a digital wargame conducted in early 2018 by the Australian Signals Directorate (roughly equivalent to the NSA). The wargame showed that, with access to Australia’s 5G network, an adversary could seriously damage critical infrastructure. Following this wargame, Australia began to press its allies, especially the United States, to curtail Huawei’s role in 5G networks. In August 2018, Australia formally banned Huawei from participating in its own networks. The new government has affirmed its support for the ban and has actively lobbied the UK to follow its lead.

The UK’s decision on Huawei has been delayed by domestic politics. Despite warnings from HCSEC, former prime minister Theresa May’s government decided to allow Huawei to participate in non-core elements of the country’s 5G networks, and major network operators have begun rolling out 5G networks that use Huawei equipment at the edge. This will greatly increase the cost—both direct and indirect due to delayed rollouts—of a Huawei ban. However, new defense secretary Ben Wallace has indicated that China would need to change its behavior in cyberspace prior to Huawei being allowed into UK networks, and that a decision is imminent.

In late 2018, New Zealand, following Australia’s lead, blocked a network operator from using Huawei equipment in its 5G network. However, in February 2019, amid an escalation in bilateral tensions, Prime Minister Jacinda Ardern claimed that a final decision had not in fact been reached. It appears New Zealand is seeking to balance its security concerns with its crucial bilateral relationship with China, and Huawei and the Chinese government remain hopeful that the company will be allowed to participate in non-core parts of New Zealand’s 5G network.

Like New Zealand, Canada has struggled to find an effective strategy regarding Huawei. No official decision has been announced, but experts believe that Prime Minister Justin Trudeau is likely to eventually announce a ban, which would have broad public support, especially following revelations that China Telecom diverted Canadian users’ data to China. However, Canada’s involvement with the legal dispute surrounding Huawei CFO Meng Wanzhou has complicated matters. After Meng was arrested in Canada following a U.S. Justice Department request, China retaliated by detaining numerous Canadian citizens on trumped-up charges. It has further pressured Canada to end extradition proceedings against Meng, both through aggressive public statements and by blocking imports of Canadian pork and canola seed.

European Responses to Huawei

Prior to the U.S. Entity List designation, the European Union chose not to ban Huawei from member states’ 5G networks. Instead, it encouraged information sharing and coordinated risk assessments while leaving decisions about restrictions to national governments. The decision followed an announcement by Huawei that it would open the Cyber Security Transparency Centre in Brussels, home to key EU institutions. However, Ursula von der Leyen, the EU Commission president-elect, has warned that the bloc is insufficiently concerned about threats posed by China and has failed to respond to China’s growing influence in Europe. EU officials have also suggested that EU law against state aid could be applied to subsidies received outside the EU, which could significantly affect Huawei’s European operations.

The EU’s attitude toward Huawei is likely also dependent on market access for European companies Nokia and Ericsson in China. A 2014 EU-China agreement settled an anti-subsidy and anti-dumping case that could have led to significant tariffs on Huawei products. The deal reportedly included provisions for market access, which will be tested during the 5G network rollout. A German report indicates that a new anti-dumping case may be pursued if European firms are disproportionately excluded from Chinese 5G networks. While an investigation would take time, it could push national governments to restrict Huawei, provide quantifiable evidence of the value of the state support Huawei has received, or (if tariffs are imposed) erode the price advantage that makes Huawei equipment attractive to European network operators.

At the national level, the German telecommunications regulator has issued additional security requirements for 5G networks, setting a high standard that equipment manufacturers must meet to be allowed to supply German network operators. The standards include language regarding “trustworthy suppliers,” which may relate to state interference and control. While Huawei is confident that it will meet the German standards, a German official suggested that the standards represent a de facto Huawei ban.

France has adopted a similar approach to Germany, refusing to block any firms by name but pursuing legislation to define standards that would likely exclude Huawei. Poland, due to the aforementioned Huawei employee espionage case and broader concerns over Chinese espionage, has taken a relatively tough stance against Huawei, signing an agreement with the United States that will likely functionally ban Huawei. Italy, the only major Western European country to sign on to China’s Belt and Road Initiative, initially allowed Huawei equipment to be used in Vodafone’s deployment of commercial 5G, despite the vulnerabilities in an earlier Huawei-built Vodafone network in Italy. However, lawmakers passed legislation allowing the government to invoke special powers constraining Huawei’s role in 5G, and the new coalition has decided to use those powers. Despite the counterintelligence investigation into Huawei’s networks, the Netherlands has decided to not ban Huawei from its 5G networks but will instead utilize a risk-assessment approach that may restrict Huawei.

Asian Responses to Huawei

Taiwan has rejected a total ban on Huawei, although mainland firms have been blocked from supplying government networks since 2013—well before the introduction of 5G. However, Taiwanese chipmaker TSMC—the world’s largest contract chipmaker—is a key Huawei supplier. Arguing that it is not affected by the Entity List designation, the company will continue selling chips to Huawei. Given the importance of TSMC to Taiwan and Huawei’s role as a key customer, Taiwan will be wary of antagonizing Huawei.

Japan has banned Huawei from government procurement, and its commercial operators have followed suit by excluding the company from their 5G networks. However, Huawei has offered to provide its source code to the government, presumably conditional on receiving some role in the country’s 5G networks. Like Taiwan, Japan has been heavily affected by the Entity List designation, including both domestic suppliers and the smartphone market.

While the South Korean government has not taken a position on Huawei’s role in 5G networks, an official downplayed the risks. Huawei equipment accounts for less than 10% of the overall equipment in the country’s 5G networks and is isolated from networks critical for national defense. Although the country’s two major network operators do not use Huawei gear (only LG Uplus does), Huawei has opened a 5G research facility in South Korea. It is unclear, however, whether the company is working with South Korean firms.

India may bar Huawei from the country’s 5G networks unless it provides additional safeguards against backdoors in its equipment. India has also reached out to Australia regarding its concerns, which underscores Australia’s key role in driving opposition. Huawei has threatened to reduce its investments in India if it is banned from 5G.

With the exception of Vietnam, which has banned Huawei, Southeast Asian countries have fully embraced the company. Malaysia’s prime minister Mahathir Mohamad—who was elected following a backlash against Chinese investment in Malaysia and initially opposed BRI projects—stated that he wants to use the company’s technology “as much as possible.” The Philippines, a U.S. treaty ally, has also chosen to use Huawei in its 5G networks. While Indonesia is Southeast Asia’s largest telecommunications market, its government is not prioritizing a 5G rollout. As such, the government has not defined an official policy toward Huawei but has allowed companies to make their own decisions on whether to include its equipment in their network trials. Given this uncertainty, companies are delaying their decisions pending clarity from both the U.S. and Indonesian governments.

Middle Eastern and African Responses to Huawei

Africa is likely the region outside Asia where Huawei has achieved and can achieve its greatest success. Due to Chinese loans and subsidies, its products are often the only affordable option for cash-strapped governments seeking to provide basic connectivity services, a key development goal for many African states. It is thus unsurprising that the company operates in 40 countries on the continent and is heavily involved in both 4G and 5G network development. Despite reports that it was the victim of a massive Huawei-linked data breach, the African Union signed an agreement reinforcing its cooperation with Huawei. It is difficult to envision a set of policies or scenarios in which the United States or Huawei’s corporate competitors could reasonably compete in highly cost-sensitive African markets.

In the Middle East, Huawei had dominated the region’s 5G networks, even though it has a smaller structural advantage there. The United Arab Emirates and Saudi Arabia have both rejected U.S. pressure and allowed Huawei to operate in their countries. Saudi Arabia’s agreement with Huawei even extends beyond 5G to cover collaboration on emerging technologies.

Latin American Responses to Huawei

Latin America has also welcomed Huawei. Countries in the region have largely rejected U.S. pressure for a ban, which many view as a political stunt related to the trade war. Warnings about the risks of Chinese intelligence activities are often ignored in countries that have faced significant U.S. spying, including NSA cyberespionage. Even Brazil, which is pursuing a foreign policy predicated on close alignment with the United States to balance Chinese influence in the country, appears likely to allow Huawei to participate in the country’s 5G rollout and recently celebrated the opening of a new Huawei plant in São Paulo. While Mexico has excluded Huawei from its 5G network core and prohibited it from operating at sites near the U.S. border due to political pressure, the company is still involved in the rollout of 5G networks across central and southern Mexico.

THE FUTURE OF HUAWEI

The competition between Huawei and the United States will continue to evolve rapidly and unpredictably in the months and years to come. This backgrounder provides a framework and key examples through which readers can better understand the policy challenges surrounding the company. While there is a growing body of evidence suggesting elevated cybersecurity and espionage risk associated with Huawei, international responses to its role in the networks that will power the critical infrastructure, global communications, and digital economy of the near future are incredibly diverse, ranging from open acceptance to complete bans. For any policy response to affect the behavior of Huawei or its state backers, the international community would need to unite behind a shared, positive strategy that offers an unprecedented level of cybersecurity while maximizing the economic potential of 5G—all in a timeframe increasingly compressed by Huawei’s rapid expansion.


Jonathon Marek is a Project Assistant with the Center for Innovation, Trade, and Strategy at NBR.

Ashley Dutta is the Senior Director of the Center for Innovation, Trade, and Strategy at NBR.

 

To read original report, click here