U.S. intelligence and security agencies are warning Congress and the telecommunications industry that an American company’s plan to use Chinese components in cell-phone towers for the next generation wireless network will make communications vulnerable to electronic spying by Beijing.
Over the past four months, National Counterintelligence executive Robert Bryant has briefed the House and Senate intelligence committees with warnings about the risks of a Chinese company, Huawei Technologies, providing key components of the fourth generation, or 4G, wireless network in the United States.
Representatives from the National Security Agency (NSA) also have briefed Congress about their concerns with Huawei’s bid to provide hardware and other components for the new wireless infrastructure.
“If Huawei builds the components for our cell towers in the U.S. 4G network, then every cell tower is a potential listening post for Beijing,” said Edward Timperlake, the Pentagon’s former director of technology assessment.
The company that wants to use Huawei components for cell towers is called Amerilink Telecom Corporation and recently has placed Gordon R. England, deputy defense secretary during the George W. Bush administration, on its board in an effort to ease long-standing security concerns from the U.S. government. Last month, former House Minority Leader Richard A. Gephardt, Missouri Democrat, and former World Bank President James Wolfensohn also joined the company’s board.
In recent weeks, Amerilink held meetings with the NSA’s Information Business Affairs Office to try to smooth over concerns that Chinese-made hardware and software could be exploited by China’s government to launch cyber-attacks or eavesdrop on communications on the 4G network.
Amerilink has offered to build and install Huawei components on cell towers for the U.S. telecommunications company Sprint, which is expected to decide on Amerilink’s proposal in coming weeks.
Amerilink CEO Kevin Packingham, a former Sprint executive, would not comment on specific meetings with the NSA. He did confirm that representatives of his company met with members of the U.S. government to discuss security concerns and Amerilink’s proposal to check the Chinese equipment and code for bugs and electronic vulnerabilities.
Asked about concerns raised by Mr. Timperlake, Mr. Packingham said: “We take these concerns very seriously, and our entire operations are being built to address them. Under our proposal, Huawei would not provide any hardware, software or firmware to Sprint.
“Amerilink would have custody and control of all components and software, and Amerilink’s U.S. citizen employees, along with other security credential U.S. vendors, would build, examine, test and validate all equipment before it is deployed to Sprint. Huawei would not have any ability to know where its products are going or to touch the network.”
On meetings between Amerilink representatives and U.S. government agencies, Mr. Packingham said, “We have worked very hard to make sure everyone is aware of the solution.”
Worries about Huawei components inside the 4G cell phone towers highlight long-standing concerns inside the U.S. intelligence community about the origin of microchips, routers and software inside sensitive U.S. computer networks.
Dale Meyerrose, a retired Air Force major general and the first chief information officer for the U.S. intelligence community, said the problem of “supply-chain integrity” in general is a serious one.
“On every step along the way — whether you are talking IT software, IT middleware or IT hardware or even data sets, the strings of data, anywhere along that line there are potentials for injecting something which either gives somebody an unfair advantage later on or becomes a vulnerability or hole that someone can take advantage of, or becomes a capability like tapping in on somebody else’s cable next door without paying for it,” Mr. Meyerrose said.
Mr. Meyerrose, now vice president of Cyber Initiatives for the Harris Corp., declined to comment specifically on Huawei or Amerilink.
Mr. England also acknowledged in an interview there is a general problem of supply-chain integrity that bedevils the current 3G wireless network.
“Technology is like rivers. It flows all over the world and all the water looks the same,” Mr. England said. “When it gets to the United States, we don’t know where it comes from. In many cases, we have no verification.”
Mr. England said it is better from a security perspective to have an auditing process in place or what he called a “trusted verification” that Amerilink is offering for Huawei components and software than “trusting what is coming through these rivers of technology, where you have no idea who builds the parts.”
However, retired Air Force Gen. Michael V. Hayden, who served as director of both the CIA and NSA, said foreign components in current wireless networks are a concern but the use of Huawei components on a wider scale inside the 4G network would pose unique risks.
“I understand that supply-chain issues are a long-standing question. This is not the only example. But this is of such a scale that it absolutely warrants a thorough review for the security implications,” he said.
Stewart Baker, a former general counsel for the NSA who has represented several telecommunications and IT companies on cybersecurity issues, said securing complex technology in cell towers and associated switches is “a staggering, if not impossible, task.”
“And the people who are trying to do that, by which I mean Amerilink, are going to have great difficulty persuading the government that they are able to accomplish it,” he said.
Part of the concern in the U.S. intelligence community revolves around Huawei itself. The company was founded in 1988 by Ren Zhengfei, a former technician for the People’s Liberation Army who built Huawei into one of the world’s largest telecommunications companies.
In public statements, Huawei executives point out that 98.58 percent of the shares of the company are owned by company’s 60,000 employees, a fact often used to counter critics who say Huawei has close ties to China’s intelligence agencies and military.
Huawei declined to comment for this report.
John Tkacik, who was the chief intelligence analyst on China for the State Department during the Clinton administration, said the employee ownership of Huawei does not diminish the company’s close ties to the Chinese government.
“If you think that makes Huawei a commercial company, you don’t understand China,” he said. “The question is not the stock ownership; it is who makes the decisions, and the decisions are made by a collection of people who are loyal to the Communist Party.”
For example, Huawei has, according to Mr. Tkacik’s estimates, received $40 billion in investments in the past six years from the Chinese government.
“Huawei does what the Chinese government wants, it does not function as a commercial company in the sense that AT&T or T-Mobile function,” Mr. Tkacik said. “Their purpose is not just to compete with good products in markets, but it is also to make sure the Chinese state has access to telecommunications all over the world.
“The idea that Amerilink is going to guarantee that nobody from Huawei has access to any American networks that use Huawei’s hardware just doesn’t make any sense on the face of it. If Huawei makes the hardware, Huawei is going to have access to it,” he said.
Huawei also has come under U.S. government scrutiny in the past. In 2008 the Treasury Department-led Committee on Foreign Investment in the United States blocked a proposed merger between the telecommunications company 3Com and Huawei.
This year, Huawei opened a headquarters for its U.S. operations in Plano, Texas. Gov. Rick Perry, a Republican, attended the company’s ribbon-cutting ceremony on Oct. 1.
Another concern about Huawei is the company’s history of doing business with rogue states. One of the first targets bombed in Iraq by U.S. warplanes in 2001 after President George W. Bush took office was the Iraqi air defense network that the Pentagon said had been linked electronically using Huawei-supplied equipment.
“When I was in government, I was part of an investigation that looked at Huawei as an ongoing criminal enterprise, with allegations of bribery in Iraq before and after the invasion,” Mr. Timperlake said.
Huawei also has traded with Iran. In 2009, the commercial and economic bureau of the Chinese Embassy in Tehran announced that 130 Iranian cities were now using a fiber-optic network built by Huawei.
Gary Milhollin, executive director of the Wisconsin Project on Nuclear Arms Control, which tracks nuclear proliferation and sanctions, said: “Here is a company that helped Iraq improve its air defense system before the last war in violation of U.N. resolutions. If it is willing to break U.N. resolutions in Iraq, how can we trust it to keep its promises in the United States?”
Amerilink founder Bill Owens, a retired Navy admiral and former vice chairman of the Joint Chiefs under President Clinton, said: “I understand and take very seriously the concerns that some have raised about Huawei. While I can’t speak to specific concerns, Amerilink takes them at face value as we seek to safely deliver to U.S. carriers the technologies they need in order to remain competitive.”
Mr. Packingham said in an interview that the company’s initial capital was provided by Mr. Owens. He did not disclose the amount. Mr. Owens also declined to discuss his personal finances.
Mr. Owens said he first had interactions with Huawei when he was CEO of Nortel Networks. Huawei and Nortel at one point proposed a merger, though it did not go through.
“After leaving Nortel, I spoke with Huawei periodically about their challenges in the North American market and, in February 2009, I entered into a consulting relationship with Huawei,” Mr. Owens said.
Mr. Owens said after he formed Amerilink in June 2009, his consulting relationship with Huawei was transferred to his new company.
“Huawei became Amerilink’s first customer and they now are a vendor, one of several, from which we source equipment,” Mr. Owens said.
• Eli Lake can be reached at elake@washingtontimes.com.
Please read our comment policy before commenting.