Risk
Use Huawei and there is a small possibility of Chinese espionage or use Cisco etc and have a high probability of American espionage.
At the moment Huawei seems the better choice (especially as it is cheaper than equivalent kit from the USA).
The European Union says it has a plan for securing its 5G networks – and no, it doesn't necessarily involve forbidding the use of Huawei kit, US-style. On Tuesday, the European Commission delivered a set of rules that will allow individual member nations to carry out their own risk assessment of third-party suppliers' 5G kit. …
It's not as if European networks aren't already full of Huawei kit, so this would be a case of trying to lock the stable door after the horse has bolted. 5G brings nothing to the table that isn't already on it, it's mainly scale and speed.
The whole thing has been cooked up as part of Trump's hamfisted trade negotiations with China: an attempt to apply pressure by freezing Huawei out of the market. Any security considerations would be better handled as part of the standardisation process and through testing and verification programmes such as several EU countries already run. Seeing as US companies have largely avoided investing in the development of cellular technology (Qualcomm is an also ran) there is no real way of avoiding Chinese kit, especially when so much of US kit is actually made there.
No
For Western countries, use Huawei kit and you may find that in times of conflict your critical telecoms infrastructure is unsupportable. Use Ericsson or Nokia/Siemens and you will probably be fine, but you have to wait.
In all likelihood, all three vendors will use Cisco products for the same functions. Or maybe Juniper instead. Huawei may even have an equivalent solution to meet CALEA requirements, but I'm not familiar enough with their kit.
You're confusing made up concerns (Huawei doesn't permit lawful intercept or provides a tap for China into existing telco environments beyond adhoc troubleshooting in conjunction with the telcos) with legitimate concerns (China as a potential threat in a cold/hot war scenario).
Get educated.... seriously, take 90 minutes out of your life and watch the "The coming war on China" documentary, don't judge the title, it's not some crackpot 3rd rate conspiracy theory video. It is written and narrated by John Pilger (a BAFTA winning journalist). Trust me, it will open your eyes..
Here's it's even available, online:
https://vimeo.com/277068625
The USA are scared sh*tless about the economic scales tipping against them, the monolithic tech industry has gotten fat on double and triple digit margins, and they no longer like to compete, they're literally hooked on easy money. In addition, they're scared Chinese companies have got the drop on 5G and will corner their traditional "western" markets, such as most of EMEA, Australia and New Zealand... how do they prevent this happening? They play dirty, by crying wolf and threatening their "friends".
Don't get me wrong, China is not a toothless and innocent party when it comes to spying, but given the tactics we've seen from both US and British politicians (even in recent months, just concerning this issue) - I'd trust them about as much as a cornered snake, and would consider the chinese the least offensive option!
What has happened to the big story published by Bloomberg, claiming that a Chinese origin manufacturer was baking backdoors for the Chinese government directly into their motherboard, which was supposedly confirmed by three-letters agencies... And nobody was ever able to find anything?
Fake news indeed, Mr Trump?
Afraid to say that the internal security assessments of Huawei are scathing to say the least.
The EU doesn't want to offend China, neither do governments.
But the message from every single one of their security establishments is crystal clear:
A) China is increasingly seen as an overtly hostile country
B) They have a security apparatus that is mature and sophisticated, with very long reach into its own corporations as well as into foreign espionage
C) The task of espionage falls to MSS, PLA and APT groups, so companies like Huawei can put their hand on their heart and say that they don't spy
D) The problem with Huawei is the link between government and business there, and telecommunications is named explicitly as one of the 10 industries they want to dominate under MIC2025
E) The ability to compromise Huawei gear is very well established - you are only ever one software upgrade/patch away from a fully compromised telecommunications network
F) Kill switches are almost guaranteed to be hidden in their equipment - they are totally undetectable. Read this: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf?token=N4pJSSoqL4kE4V4JXpTwx7qDRX4%3D
That is not a theoretical threat, it is real.
G) All telecommunications equipment must be treated as hackable - the claims of Huawei to have better standards of security than either Ericsson or Nokia are risible - CVEdetails.com contains raw numbers of exploits found in each vendors equipment. Huawei 507, Ericsson 5, Nokia 37.
H) Neither Ericsson or Nokia are subject to the same nation state vulnerabilities that Huawei has.
Now ask yourself, that cheap Huawei equipment - still want it?
>E) The ability to compromise Huawei gear is very well established - you are only ever one software upgrade/patch away from a fully compromised telecommunications network
But isn't that the case with all IT? Look at ASUS's current troubles, look back at some of Microsoft's major updates to Win10...
In some respects that has been recognised in the security accreditations for many years: you install the OS, you lock it down according to the rules and then only apply updates that have been through the relevant security clearance path/tests.
Whilst Huawei's focus on business is understandable, it's also worth bearing in mind that it doesn't provide any end-user support whatsoever (in the UK, at least). I bought one of their 4G routers and wanted to check that it had the latest firmware: bearing in mind the obvious risks of obtaining firmware from anywhere but the manufacturer (ironic, I know, given the thrust of this thread!!) I contacted Huawei UK.
Surprise, surprise!! Their customer support (Ha!) advised me that "we do not offer firmware for download on our website and any third party websites offering these firmwares actually void the warranty of your device if they are installed".
In short, "You are f*cked if you need firmware for any reason" - which ties in with the vulnerability count listed above.
Nice FUD. Lets spin it around shall we?
A) The US has a history of violently playing in other peoples back yards, without permission.This whole global islamic terrorism is a direct result of US policies fucking around in the middle east.
B) So does the US, especially with the NSA capturing goods in transit, and modifying them with backdoors.
C) Cisco can do the same thing, even though they knew their deliveries were intercepted, they can claim "but we didn't know they were tampered with"
D) The US views its domestic, foreign, military, and financial policies as all intertwined. If it's financial policy is strained, it has no qualms about making up excuses to violently invade sovereign nations for oil.
E) Given the extremely high frequencies of "whoops, here's another hole we forgot to close" patches from Cisco, I'd be trusting Huawei more.
F) Undetectable kill switches. Like religion, you can make the claim, but once asked for proof, "it's undetectable, so I cant prove it. you just have to trust me that it has happened." Again, given Cisco's relationship with the NSA, I'd still trust Huawei more.
G) Yes, all comms equipment. Including the stuff made in America, which this whole Huawei being spies bullshit is about. Trying to force the world into buying sub-standard gear frim the US, based on US fear-mongering.
H) As C pointed out, it doesn't have to be subject to nation state vulnerabilities. The Intelligence sources simply have to intercept the shipment, replace/modify the goods, and continue the shipment. Gag orders guarantee that the company in question has to simply say "there was a delay in transit, it will be with you shortly".
So all this FUD you are flinging about, is simply that. Huawei's track record is far better than Cisco's and the NSA.
Ask yourself this question. Why would you actually trust an ally who has been caught out actively spying on you, whose leader can barely string a rational thought together, and is governed by religious fruitcakes?
If there really is an 'issue' as our American friends say - and that's yet to be proven - EU seems to be skirting the issue of approving/banning outright and passing that buck to individual member states.
Or, to put it slightly more bluntly, EU doesn't want to piss of China and can point to this saying "we didn't say to ban Huawei", but is happy for individual member states to piss off China and face their ire.
Just my tuppence worth. For whatever that's worth. Probably nothing.