Without Naming Huawei, E.U. Warns Against 5G Firms From ‘Hostile’ Powers

A 5G supplier from a “hostile” country could be forced by its home government to wreak havoc by causing cyberattacks, a European Union report warned on Wednesday, but the bloc stopped short of naming the Chinese giant Huawei, which the United States blacklisted after the White House labeled it a tool for espionage by Beijing.

The advisory report, drafted with input from all 28 European Union members, laid out the types of major security failures that 5G networks could be vulnerable to.

It said that putting all functions of a 5G network — including hardware and software, operations and maintenance — in the hands of a single company could leave entire countries at risk.

In May, the United States Commerce Department put Huawei on a so-called entity list of firms that need special permission to buy American components and technology because they have been deemed security threats.

President Trump has called on the European Union to follow his lead in barring the company from its market.

The European Union report, intended to provide advice to member states, said a “strong link” between a 5G technology supplier and a government “where there are no legislative or democratic checks and balances in place” could prove a major source of vulnerability.

The language appears to point to Huawei. The company has vehemently denied all allegations of being under the control of the Chinese government, stressing that it is owned by its employees and that only about 1 percent of the company is held by its founder.

In a statement that brushed aside any implied criticism, Huawei said it welcomed the report and would “work with European partners” to develop a cybersecurity framework “and deliver safe and fast connectivity for Europe’s future needs.”

The idea behind 5G, a major leap from the 3G and 4G telecommunications technology used currently, is that it will become ubiquitous, connecting almost everything, from defense systems to domestic devices like refrigerators and coffee machines, to an ultrafast wireless network.

Huawei is thought to be ahead of other 5G equipment providers around the world, including European Union companies such as Ericsson and Nokia, in being able to install networks. Also, it has traditionally been a cheaper provider of technology.

Mr. Trump and other critics contend that a 2017 Chinese law could be used to force Huawei to hack its customers through preinstalled “back doors” into the network’s software, on behalf of Beijing.

The European report sounded some related concerns. “In particular, as 5G networks will be largely based on software, major security flaws, such as those deriving from poor software development processes within equipment suppliers, could make it easier for actors to maliciously insert intentional back doors into products and make them also harder to detect,” it found.

Abraham Liu, Huawei’s vice president for Europe, has said his company does not and will not use back doors to spy on customers.

“In the past, we have never planted any back door, and we are committed not to do anything like this, forced by any government, including U.S. government, Chinese government or any other government. We are committed to this,” he said in a recent interview.

The report presented on Wednesday could pave the way for the European Commission, the executive arm of the European Union, to recommend that its member states take additional security measures when procuring 5G networks.

The commission is expected to publish a “toolbox” of measures that countries can take to mitigate the risks, but it can’t force them to comply. Officials hope that by publicizing the risks and proposing ways to address them, countries that take a lax approach to security will be pushed into action by their citizens.

But when it comes to Huawei, neither the European Commission nor the majority of national cybersecurity agencies in member states have shown much interest in complying with Mr. Trump’s demand that they bar it.

In part, this is down to practical concerns.

No single company, experts say, will be able to handle all the demand for 5G work once network operators begin making the transition. Therefore, unless Huawei is barred from the European Union or by individual countries, it will most likely play some part in the Continent’s 5G future.

And in Europe, Huawei already has a deep and long presence in countries like Britain and Germany, which other nations look to for expertise and guidance.

A Nokia spokesman said that “it is vital that all parties commit to the highest levels of security and resilience of 5G networks, and realize that 5G will only deliver on its promise if the networks that underpin it are and remain secure.”

“There can be no exceptions,” he added.

Source: https://www.nytimes.com/2019/10/09/world/europe/eu-huawei-report.html