Advancing China’s Goals: The Case of Huawei
By Larry Clinton, Contributing Author/ September 26, 2023
Larry Clinton is President of the Internet Security Alliance (ISA). The ISA is a multi-sector trade association that focuses on thought leadership, policy advocacy and developing best practices for cyber security. Mr. Clinton holds a certification on Cyber Risk management for Corporate Boards from Carnegie Mellon University, He is on the faculty of the Wharton School where he teaches a graduate Executive Education course in cyber security.
The National Association of Corporate Directors has twice named Mr. Clinton as one of the 100 most influential people in the field of corporate governance. He is a two term Chair of the IT Sector Coordinating Council and serves on the Cybersecurity Advisory Board for the Center for Audit Quality and the Cyber Advisory Board for the Better Business Bureau. He is widely published and has been a featured spokesman in virtually all major media outlets from WSJ, USA Today, Fox News, NBC, CBS, NYT, PBS Morning Edition CNN & even MTV in India. He testifies often before Congress. He has briefed industry and governments world-wide including NATO and the OAS. ISA was also the only trade association to be part of the official cyber security briefing for the Republican National Convention in Cleveland.
ISA recently published the Cyber Social Contract (Vol. 3), which outlines 106 recommendations for the President and Congress. The previous editions of the ISA Social Contract were endorsed by the House GOP Task Force on Cyber Security and were the basis for President Obama’s Executive Order 13636 on Cyber Security. He is the industry co-chair – DHS is the government co-chair– of the Policy Leadership Working Group on Cyber Security Collective Defense featured at the National Cyber Security Summit in New York in July.
He literally “wrote the book” — the Cyber Risk Handbook for corporate boards which is the only private sector publication endorsed by both DHS and DOJ. PWC has independently evaluated the Cyber Risk Handbook and found it substantially changed how corporate director’s address cyber risk management leading to higher budgets, better risk management, closer alignment of cyber security with business goals and helping to create a culture of security. In 2017 ISA adapted the Handbook for the UK and Germany. As in the US, the German edition has been endorsed by the German government. ISA is now working with the OAS on a Latin American version of the handbook; as well as an edition for India and Japan, in partnerships with industry groups.
Huawei as a Tool in China’s Digital Strategy
China’s Digital Silk Road Strategy integrates technology, economics, and politics with the long-term goal of altering the post-World War II U.S.-European world order. An assessment of China’s “Three Warfares” strategy by the U.S. Department of Defense found that the Chinese Communist Party’s (CCP’s) goals were to reclaim global status over the United States by weakening our alliances and defeating the U.S. through non-kinetic, deceptive warfare. The telecommunications company Huawei is one (of many) examples of how they are doing it and how they are succeeding.
Until a few years ago Huawei was a little-known vendor of phone switches. Today it is the world’s largest telecommunications equipment company and the acknowledged world leader in the critical 5G telecom equipment market.
China’s Massive Direct and Indirect Support for Huawei
This dramatic transformation is the result of China funneling tens of billions of dollars in financial assistance to Huawei. Huawei was given access to $75 billion in state support. It also received massive financial assistance from Chinese banks in the form of loans and credits, amounting to $16 billion. Huawei received other forms of financial support with salaries, tax benefits, property tax abatements, and subsidized raw materials. These extra benefits netted Huawei the equivalent of another $25 billion in revenue.
In addition to these direct and indirect support for Huawei, the Wall Street Journal reported that the China Development Bank and the Export-Import Bank of China made more than $30 billion in credit lines available to Huawei’s customers. According to the Journal’s analysis, Huawei’s subsidies were 17 times larger than the subsidies of Finland’s Nokia, the world’s second largest telecommunications equipment maker, and Sweden’s Ericsson, the third largest, who posted none for that period.
The massive direct and indirect subsidies the CCP steered toward Huawei have enabled it to literally make offers too good to refuse to governments in Asia, Africa, Europe, and Latin America – and even in rural parts of the U.S. By helping Huawei succeed in winning the contracts to provide telecommunications services in these countries, China has gained a vital and reliable strategic foothold in regions of geopolitical importance to the U.S. In addition, Chinese law requires the company to collaborate with the Chinese government on information that transverses these networks. This information can be used by the CCP to generate even graver security concerns.
Huawei’s International Influence and Power Causes Security Risks
Huawei is just one example of the breadth and depth of China’s sophisticated, and very well-funded, digital strategy. In this particular case, Huawei was placed on the U.S. Department of Commerce’s “Entity List”, to impose restrictions on its engagement within U.S. commerce. Huawei was placed on the list after numerous offenses indicted by the U.S. Department of Justice.
Violations of the International Emergency Economic Powers Act were committed by Huawei Technologies by illegally assisting Iran with evading sanctions.
Notwithstanding Huawei’s problematic standing under U.S. law, it has been extremely successful in winning major international contracts. Naturally, Huawei is most persuasive in cash-strapped states, where telecommunications infrastructure is considered critical and too badly needed for economic development. By providing investments that are seemingly conditionless, Chinese aid and investments are attracting many states that are unable or unwilling to meet the demands of Western benefactors. In many instances, Huawei’s favorable terms have persuaded many nations to overlook security issues as not being sufficient enough to pass on such a great deal.
Developing countries often prioritize costs over the related security risks with Chinese equipment. For example, in 2018 the African Union (AU) had an incident, in which, according to Western media, their Huawei-supplied telecommunications servers were compromised. This caused five years of AU information to be leaked back to the Chinese government. This serious security breach did not deter the African Union from continuing to renew its agreement with Huawei Technologies.
In Pakistan, Huawei pitched a surveillance system, which then won the approval of the prime minister. Pakistan’s procurement regulations required effective bidding to take place. However, the Export-Import Bank of China offered to lend Pakistan the needed $124.7 million and waive their three percent interest fee on a twenty-year loan, which was enough to seal the deal for Huawei.
A 2023 New York Times article described how China’s COVID-19 vaccine diplomacy was leveraged in Brazil, allowing them to re-engage Huawei’s 5G deal after being initially eliminated from the competition. With deaths related to COVID-19 rising to their highest levels and a dangerous new variant stalking Brazil, the communications minister of Brazil went to Beijing in February of 2021, met with Huawei’s executives at their headquarters and requested Huawei’s assistance in facilitating Brazil getting access to Chinese COVID vaccines. Brazil received the vaccines and Huawei was allowed to participate again in the 5G auction, eventually winning it.
The U.S. Rip and Replace Program
Huawei has even been successful in convincing a number of rural telecom providers in the U.S. to adopt Huawei systems. Fortunately, the U.S. government has recognized the security threat of Huawei providing service in the U.S. and implemented a “rip and replace” program, so the rural carriers would be able to provide 5G services using alternative equipment providers. Unfortunately, as of this writing, the U.S. rip and replace program is suffering from a $3 billion shortfall, which puts the program in a state of uncertainty, if not jeopardy.
The U.S. also advocated rip and replace as a policy for its allies. Under the Trump Administration, U.S. Secretary of State Mike Pompeo announced a series of agreements with the U.S. and Eastern European countries, calling for the rip and replacement of Huawei technology from their networks. Although there is sympathy for the approach, in some major cases rip and replace may simply be impractical. The United Kingdom is arguably the most reliable ally of the United States, and Vodafone, the world’s second largest telecommunications system, is based there. In an April 2020 essay, Vodafone’s executive Joachim Reiter argued against the U.S. position that Huawei products need to be eliminated from Western networks that are part of the international security supply chain for security purposes. Reiter pointed out that ripping Huawei 5G technology out of their international networks would make little difference as Huawei also provided Vodafone’s 3G and 4G systems.
Although Huawei has received substantial attention for its operations in the West’s telecommunications markets, it is far from the only or the largest Chinese IT/Comm company that is intently involved in China’s Digital Silk Road initiative. Future posts will address some of these additional examples, which will highlight the need for the U.S. to create a much more fulsome, sophisticated, and integrated cyber strategy embracing Western and free market principles and values.