Jrgen Flchle - Fotolia

Huawei faces battle to win Nordic trust

Nordic countries are investigating the spying allegations made against Chinese networking supplier Huiawei

Huawei Technologies is facing an uphill battle in gaining a foothold in building 5G high-speed internet and digital platforms across the Nordics.

Governments in the region have asked their national intelligence agencies to assess the potential security risk posed by Huawei in critical communications infrastructure projects.

The focus on Huawei is happening against a backdrop where the German government is deliberating whether or not to prohibit Huawei from participating in high-speed internet infrastructure ventures. For its part, Huawei has struck a defiant pose against ongoing efforts by the US to block its global reach on grounds of national security.

The Nordic probe into Huawei has resulted in “advisory” consultations between state and officials and local communications equipment industry players such as Ericsson and Nokia. It is anticipated that all Nordic governments will receive risk status reports from their separate national security agencies by the end of the first half of 2019.

The expectation is that the various Nordic governments, adopting core recommendations from their security experts, will allow the use of Huawei systems and technologies in 5G, digital and artificial intelligence (AI) supported projects and platforms but under stricter codes of conduct and tighter regulatory protocols.

The security-risk debate triggered by Huawei has resulted in initiatives in Norway, Sweden, Finland and Denmark to amend telecommunications’ laws. The changes proposed will add new oversight in the form of more robust checks and balances. These are designed to reduce the vulnerability of communications networks against external threats such as system interference and data manipulation.

The tightened legal constraints, which will likely include a so-called “no spy” assurance, are intended to impose more resolute security requirements on those suppliers of telecommunications equipment vying for IT, 5G, digital and AI network and platform contracts in the Nordic countries.

Read more about spying allegations against Huawei

The Nordic spotlight on Huawei gained momentum in February 2019, when the Norwegian IT group Visma revealed details concerning an aggressive cyber attack against its main operating platforms in September 2018. Visma hired US data security firms Recorded Future and Rapid7 to conduct a root-and-branch investigation into the cyber assault and identify the likely perpetrators.

In its final analysis report, the Recorded Future/Rapid7 teams pointed an accusing finger at China, claiming the attack, “based on technical data uncovered”, was launched by the “Chinese state-sponsored” APT10, a threat actor that is also known within the international IT security community as Stone Panda, menuPass and CVNX. China has dismissed the investigation’s finding and refuted claims made in the report that the attack on Visma was in any way state-sponsored.

Norway’s Politiets Sikkerhetstjeneste (PST), the state police agency tasked with homeland security and running counter-intelligence and counter-terrorism operations, has singled out China and Russia as the primary sources for cyber-attacks and malevolent threats against the country.

Bad actors in these countries, said the PST director Marie Benedicte Bjørnland, are mainly targeting organisations in Norway to gain access to networks, steal valuable intellectual property and use information captured to gain commercial advantage.

“Norway needs to take a realistic approach,” said Bjørnland. “Chinese companies like Huawei do present a threat to national security. This is not because we think there’s anything intrinsically wrong with Huawei and the people who work for the company in Norway, but we must be aware that Huawei as a company and actor has close associations to, and cooperates with, Chinese authorities.”

Tor Mikkel Wara, Norway’s Justice Minister, has commissioned a broad analysis to measure the potential threat that Huawei, or other “foreign” suppliers, present to existing and future IT and 5G networks in Norway. The broad international scope of the analysis will look at the ongoing investigation in Germany into Huawei, which is hoping to participate in building high-speed internet infrastructure there.

Initial probe

An initial probe by Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s national cyber security agency, was unable to validate, following a range of field and in-house tests, that equipment made by Huawei was capable of covertly siphoning off data.

Telecom groups Telenor and Telia currently use Huawei’s mobile network systems in their existing 4G networks. In defence of security risk claims against the company, Huawei has given reassurances to Nordic governments concerning the integrity of its equipment and systems.

“It is a Huawei policy to never allow authorities from any country access to information,” said Tore Larsen Orderløkken, Huawei Norway’s director of security. “We employ 180,000 personnel and operate in 170 countries. Our employees are pivotal to our business, not the Chinese state. Apart from being headquartered in China, we have no direct ties to Chinese authorities.”

To underline the level of transparency in its contract bidding and supplier processes, Huawei plans to open a security and technology centre in Oslo. This will be a meeting point to inform customers and partners about the equipment it hopes to deliver to Norway’s 5G network project.

In Denmark, the government has ordered Politiets Efterretningstjeneste (PET), its national security and intelligence agency, to assess the potential security risk posed by Huawei, or other “foreign” suppliers, in its 5G network projects.

Huawei holds contracts with the Danish telecom TDC to test and build its 5G mobile communications network in Denmark. The controversy around Huawei has cast a shadow over its partnership with TDC that also includes a contractual agreement covering the delivery of a 4G network.

Suspicions over transparency

Despite the verbal and written assurances of “transparency and probity”, delivered by Huawei Denmark CEO Jason Lan Yang to the Danish government, political leaders in Denmark remain suspicious of the Chinese company’s links to the Chinese state.

“Huawei say they adhere to all required country laws and rules,” he said. “The company asserts that it does not relay any information to the Chinese state. This is difficult to believe. Anyone who understands how China works knows that there are no independent Chinese companies.

“This is the reason why we question whether Huawei should be allowed to be involved in building critical communications infrastructure in this country,” said Lisbeth Bech Poulsen, the Socialistisk Folkeparti’s spokesperson on IT and industry.

Huawei’s difficulties could be commercially advantageous for Nordic telecom equipment suppliers Nokia and Ericsson should their arch-rival be prohibited from participating in IT and 5G network projects in Europe and the United States.

However, Ericsson and Nokia are both adopting a strategically cautious approach. Company chiefs fear that any move to exclude Huawei from contracts in Europe and the US could backfire and result in retaliatory action by Beijing to disqualify western companies from access to the growing Chinese market for communications equipment.

Read more on Hackers and cybercrime prevention

Data Center
Data Management