“Huawei and ZTE have failed to assuage the committee’s significant security concerns presented by their continued expansion into the United States,” the report said. “In fact, given their obstructionist behavior, the committee believes addressing these concerns have become an imperative for the country.”
The United States has become more vocal about the growing problem of economic cyber espionage, particularly by China. The U.S. intelligence community has publicly accused China of engaging in widespread cyber theft of corporate secrets. A report last fall by the Office of the Director of National Intelligence singled out “Chinese actors” as “the world’s most active and persistent perpetrators of economic espionage.”
Both firms, which are seeking to expand their business in the United States, have staunchly denied that they are influenced by the Chinese government or pose a security threat.
“The concept of a conspiracy in which Huawei would infect its own gear at the behest of some government would require thousands of our employees to be complicit with the conspiracy,” William Plummer, Huawei’s vice president for external affairs, said in an interview last week. “It is inconceivable.” The investigation, he added, is “a political distraction.”
At a hearing before the panel last month, ZTE Senior Vice President for North America Zhu Jinyun asked rhetorically whether ZTE would grant China’s government access to its equipment to conduct a cyberattack. “Let me answer emphatically — no!” he said. “China’s government has never made such a request. We expect the Chinese government never to make such a request of ZTE. If such a request were made, ZTE would be bound by U.S. law.”
The committee, led by Chairman Mike Rogers (R-Mich.) and Vice Chairman C.A. Dutch Ruppersberger (D-Md.), began its investigation in November after Huawei, the world’s second-largest vendor of telecom equipment, requested a formal investigation into allegations that it is linked to the Chinese military and a threat to U.S. national security.
The firm requested the probe in February 2011 after a federal panel, the Committee on Foreign Investment in the United States, blocked its purchase of assets from U.S. server technology firm 3Leaf.
The risk, the committee said, is that systems made in China can be tampered with in a way that can potentially aid the espionage effort. “Industry giants like Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems” sold in the United States, the report said.
Such implants would be “a potent espionage tool for penetrating sensitive U.S. national security systems,” the report said. The panel urged the U.S. government and U.S. companies to exclude the firms’ equipment from sensitive systems.
The panel focused on reviewing the companies’ ties to the Chinese state, including support by the government and state-owned banks, connections to the Chinese Communist Party and work done on behalf of the military and intelligence services. It sought to learn, for example, the extent to which the government or Communist Party exert control or influence over the companies’ operations and strategies.
The committee was dissatisfied with the firms’ answers. Huawei, for instance, failed to give the committee sufficient answers about founder Ren Zhengfei’s role in the military, and in some cases said it could not provide internal documents that were not first approved by the government, the report said.
The report stated that one former Huawei employee shared documents showing that the firm provided special network services to an entity the employee believed to be an elite cyberwarfare unit within the People’s Liberation Army.
In answers to the committee, Huawei stated that it “has never managed any of the PLA’s networks” and “has never been financed by the Chinese government for R&D projects for military systems.” It also asserted that it develops “transport network products, data products” for the Chinese military, but that it develops “communications equipment for civilian purposes only.”
The two companies advocate a model in which an independent third-party assesses the security of equipment bound for telecom providers. But, the report stated, the model is inadequate given the breadth and scale of the U.S. telecommunications market.
Both firms operate in at least 140 countries. ZTE’s sales in the United States drew less than $30 million in revenue last year, while Huawei’s took in $1.3 billion from customers including Level 3, Comcast and Cox TMI Wireless.
The committee also received information from current and former Huawei employees suggesting that the firm may be violating U.S. laws. The allegations include immigration violations, bribery and corruption, discriminatory personnel practices and copyright infringement. The committee is referring the allegations to executive branch agencies.
A classified annex to the report was not released, but “adds to the committee’s concerns about the risk to the United States,” the report said.