Chinese mobile communications and wireless networking giant Huawei may have been facing a lot of problems in the U.S for allegedly installing and preserving backdoors and other espionage-enabling tactics in its equipment. However, Germany has casually shrugged off all the potential concerns while using Huawei’s next-generation 5G hardware and communication protocols for its consumption within the country. The country appears to have devised several methods and practices that would mitigate the alleged risks and dangers while dealing with the Chinese telecommunications giant.
Germany’s data protection and security regulator appeared quite at ease with the impending decision of choosing Huawei as the preferred hardware and equipment supplier for the country’s ongoing deployment of 5G networks. Several countries may have exercised extreme caution and implied they would avoid working with Huawei. But senior management of Germany’s core organization tasked with maintaining data integrity, privacy, security and safety of its citizens, insists that the alleged risks and dangers that Chinese vendors pose can be managed. They claim to have come up with a reliable plan to ensure the risks are minimized or even eliminated while working with the highly cost-effective Chinese equipment suppliers.
Germany’s Federal Office for Information Security, Arne Schönbohm, mentioned that the country is not too stressed about the supposed threat of using Huawei equipment in 5G networks. Interestingly, this does not mean Germany has signed an exclusive deal with Huawei to ensure the latter’s equipment is guaranteed to arrive with zero espionage-enabling backdoors or security vulnerabilities. Schönbohm’s statement is interesting because Germany has indicated it would work with companies that several countries have labeled risky.
Germany Races To Deploy 5G Mobile Networks And Is Ready To Work With Huawei To Accelerate Timeline:
Germany is keen on accelerating the timeline of 5G deployment. Most of the neighboring European countries are already speeding ahead with relevant contracts and are engaged in the bidding process to procure and deploy 5G networks. Incidentally, Germany already has an active 4G network, but according to several local users, the telecom companies haven’t fully optimized the same. Simply put, many Germans openly grumble about the lack of high-speed mobile internet. A study conducted late last year indicated Germany has worse LTE (4G) mobile phone network coverage than many of its European neighbors. The study put Germany in third-to-last place in Europe, not just in terms of speed but reliability, coverage, and uptime.
Germany's data protection and security regulator is not too stressed about the supposed threat of using Huawei equipment in 5G networks. Arne Schönbohm, head of Germany's Federal Office for Information Security, told Der Spiegel the risks posed by the … https://t.co/qiufY9sqos
— The Register: Summary (@_TheRegister) July 29, 2019
The leading telecom services in Germany are Telekom Deutschland, Freenet, BT Global Services, Tele2 Germany, Telefónica Germany. In fact, in addition to existent 3G, HSPA, and LTE, Germany is already fielding testing 5G before finalizing mass deployment. With the Federal Network Agency auctioning 5G licenses this year, telecom companies are actively looking for suppliers of 5G equipment and deployment service providers. Needless to mention, currently Nokia, ZTE, Huawei and only a handful of other companies have the relevant expertise, capabilities, hardware, and software to deploy a reliable 5G network across a country. Hence, completely sidelining Huawei might not be an option for Germany. Still, it is interesting to note that German’s administration isn’t paranoid about the alleged dangers involved while working with Huawei.
How Will Germany Mitigate The Alleged Risks While Working With Chinese Companies Like Huawei?
Germany’s data protection and security regulator insists the alleged risks involved while working with Huawei are “manageable”. In other words, the country appears to be implying that there could be risks, but they can be mitigated. The country’s most primary defense against possible espionage attempts is multi-vendor policy. Simply put, Germany is planning to opt for several 5G networking equipment suppliers to significantly reduce the risks and possibilities of data leaks, security breach or cyber attack.
Speaking about the primary risks associated with foreign companies, Schönbohm said, “There are essentially two fears: First, espionage – i.e. that data will be siphoned off involuntarily. But we can counter that with improved encryption. The second is sabotage – i.e. manipulating networks remotely or even shutting them down. We can also minimize this risk by not relying exclusively on one supplier in critical areas. By possibly excluding them from the market, we also increase pressure on these suppliers.”
— ComSec (@comsec) July 27, 2019
In simple words, Germany has indicated that it is well aware of the inherent risks and even noted that such dangers are always present when dealing with foreign companies who may or may not have Germany’s best interest as their priority. As mentioned by Schönbohm, the most essential job is to improve encryption. Encrypting data could potentially render espionage attempts invalid since the leaked data would be indecipherable without relevant decryption tools.
The second and most obvious fear is crippling of wireless networks, thereby rendering communications impossible. This is a valid fear in today’s world where state-sponsored hacking groups could remotely disable the entire communication grid by first gaining entry through backdoors deliberately left behind by equipment suppliers. Procuring equipment from different or multiple suppliers may reduce the risk of a nationwide shutdown. However, Germany is aware of the capabilities of focused hacking groups. Hence country plans to conduct thorough security audits of software and hardware. Reviewing and certifying hardware and software for security, and banning kits that fail the test could be a reliable method of ensuring vulnerable equipment is not used. This method would be specially used for 5G equipment that will be used for critical infrastructure like autonomous vehicles, medical services, etc.
Germany would analyze source code for some products to check for hidden functions. However, to date, Huawei’s equipment hasn’t shown signs of intentionally deployed security vulnerabilities, indicated a recent study conducted by the NCSC in the UK. Upon being questioned about any evidence that German authorities may have discovered in Huawei, Schönbohm said, “Let me put it this way: if we saw uncontrollable risks, we would not have adopted our approach.”
While Germany may not have found concrete evidence against Huawei, the country is well aware of the rising instances of sophisticated ransomware attacks. Several of these attacks have deployed clever viruses, Trojans, RAT, etc. to take over the victim’s computer and then spread the infection further. Hence the country is adding 350 additional staff this year to protect Germany’s critical and civil infrastructure against future attacks.
Huawei’s Credibility And Reliability Slowly Increasing In International Markets?
There have been persistent reports, mainly originating from the U.S. which strongly claim Huawei’s mobile communication and wireless networking equipment contains several security vulnerabilities. The reports insist the company may have deliberately retained the security loopholes and backdoors to permit espionage. These reports also insist Huawei routinely relies on outdated open-source software which significantly boosts the vulnerabilities as they often contain risks, which are usually patched in subsequent releases.
Huawei, on the other hand, has strongly denied any involvement in espionage activities. But this hasn’t stopped the American administration from imposing severe bans. Although the U.S. has relaxed several conditions within the ongoing trade ban, Huawei’s executives and engineers have been busy in developing alternates to components and software that are designed, developed, and manufactured by American companies. The country already has an alternate operating system to Android. Its Kirin System on a Chip (SoC) is already powerful. Combined with its 5G modem that’s neatly integrated within the SoC, Huawei can easily design, manufacture, and sell its smartphone that doesn’t rely on any American company.
In Germany, the debate is growing in conservative political circles as to whether it should prohibit Chinese network equipment provider Huawei from helping to build the country's 5G network. But at the moment, Berlin doesn't really have any other choice. https://t.co/0Gzk0LYrQa
— Faruk Timuroğlu (@ftimur) July 26, 2019
It is interesting to note that quite a few countries have begun to reevaluate their stand against Huawei. The change in the attitude is mainly to do with the lack of credible and concrete evidence that proves Huawei is intentionally involved in state-sponsored espionage activities. Researchers are now insisting that Huawei only lacks the expertise and finesse in the software department, while the hardware is of acceptable quality. In other words, Germany could deploy its software engineers to improve upon the software that Huawei develops and conduct its audits to secure the network.