Interview: Huawei Official Sees 'Watershed' Moment for Worldwide Cyber-Security Rules
Shoppers walk past a Huawei store in Beijing on March 24, 2014. Chinese telecoms and Internet giant Huawei condemned the U.S. National Security Agency on March 24 after reports revealed the organization had been secretly tapping the company's networks for years. (Mark Ralston/AFP/Getty Images)
This past weekend, the New York Times and SPIEGEL reported that the American National Security Agency had been targeting Chinese government officials, banks, and telecommunication companies, as detailed in classfied documents from former NSA contractor Edward Snowden. "Shotgiant" was an NSA project targeting Huawei, a Chinese telecommunications company long suspected by the U.S. of having ties to the Chinese People's Liberation Army. Huawei has insisted on its independence as a private company, inviting the U.S. government to investigate in an open letter in 2011.
Do revelations of NSA spying indicate a certain level of hostility towards Chinese direct investment in the U.S.? Is there a better way to manage suspicions and move forward? For answers to these and related questions, Asia Society caught up with Huawei Vice President for External Affairs William Plummer, who joined us last September for the panel discussion "Cyber Crimes, Cyber War: Managing the Risks." On Thursday, April 17, Plummer returns to Asia Society New York for a panel on the Chinese investment surge in U.S. high tech — "China's High-Tech Surge: Investing in America and Innovation." (For anyone unable to attend in person, that program will also be a free live webcast on AsiaSociety.org/Live at 6:30 pm New York time on April 17.)
Did Huawei detect the intrusion or verify the Times/SPIEGEL reports' claims? Is Huawei investigating?
We are seeking to learn whether and to what extent there is truth to the alleged activities and we will take appropriate action based on our findings.
Is Huawei in conversation with other China-based telecommunication companies after this revelation? While Huawei was specifically targeted by "Shotgiant," it would be reasonable to assume other companies could have been targeted as well.
No.
Back in September, when you participated in an Asia Society panel discussion on cyber-security, you mentioned the need for common rules. Do you think countries are willing to do this right now? What is the greatest obstacle?
As the incidence of cyber-mischief has increased over the last decade, there has been a slow-growing crisis of confidence in global networks. The revelations of the last nine months have accelerated the collapse of trust in the information and communications technology (ICT) industry and the Internet itself. This latest revelation marks a watershed moment. It is time for ICT industry leaders to come together to define standards and best practices that can raise the security assurance bar across the industry, making more challenging for those that would engage in malicious cyber activities to do so.
At the same time, there is an increasing imperative for governments to align around acceptable norms of State behavior in cyberspace. Penetrating a corporate network, monitoring private corporate communications, and stealing proprietary product information in order to exploit that product as deployed in networks across the globe is not acceptable behavior.
Have you seen the beginnings of ICT industry leaders coming together to define standards and best practices? If not, why not? Who should facilitate this in your opinion?
The Open Group's Open Trusted Technology Provider Standard and Accreditation Program are examples of industry-initiative that are headed in the right direction. We need to accelerate and broaden this sort of initiative. It is unclear whether there is any one global entity that is best suited to corral such initiatives, but that does not lessen the imperative.
James Lewis of CSIS stated in the New York Times article that "China does more in terms of cyber-espionage than all other countries put together" and that "The question is no longer which industries China is hacking into. It's which industries they aren't hacking into." What is your response to his statement?
Statements which portray the world in stark blacks and whites, ignoring the "huidu" that in fact envelops our day-to-day world, are of little value to anyone, and, frankly, in addition to being misleading, are unnecessarily divisive, indeed, dangerously inflammatory.
Do you think Chinese companies are under special scrutiny and suspicion? If so, why do you think that is?
To some extent, yes. There seems to be a perception — on both sides, from a political perspective — that the U.S. and China are "adversaries." While there may well be some truth to this, it is unfortunate that the geopolitical tension seems at times to overshadow the very valuable bilateral economic and commercial interdependent relationship between the two countries.
But is the scrutiny even across the board or particularly focused on Chinese ICT companies? Could it be because ICT is inherently tied into cybersecurity (hence national security) as opposed to the manufacturing of consumer goods?
It's a fair point. But it’s not limited to the ICT industry, the scrutiny applies to any industry or sector that might be deemed "sensitive," which is a subjective term that eludes definition, beyond that it seemingly does not apply to pork.
What would you say to readers of this article who do not work in your industry? Why should they be following this story? Why is it important?
The world is much smaller than it once was and corporations are increasingly borderless, indeed, transnational. Old-world thinking and policy comes at a risk. Companies like Huawei that span many markets, regardless of industry, are tides that lift many boats. For example, one-third of all of our inputs come from American suppliers, which amounted to almost $7 billion in purchases last year alone.
Discriminatory policies based on geography of headquarters can sink a lot of boats, including in the context of unintended collateral damage at home.
Video: William Plummer at Asia Society's Sept. 2013 cyber-security panel (1 hr., 27 min.)