Published by The Lawfare Institute
in Cooperation With
The United States launched a campaign in 2019 to unseat Huawei Technologies’ global dominance in the telecommunications equipment market on national security grounds. The fight is ongoing, as some countries have followed the United States’ lead and banned Huawei-made gear from their telecom networks. However, some of America’s closest allies—such as Canada—are still indecisive, and the Chinese telecom giant continues to challenge these bans. As of 2021, Huawei’s global market share for telecom equipment was 28.7 percent, down from its high of 31 percent in 2020 but still about as large as those of its two biggest competitors—Ericsson and Nokia—combined.
Curbing Huawei’s dominance continues to be such a challenge because existing efforts to come up with secure and economical substitutes for Chinese-made telecom equipment are inadequate. In the United States, where the Huawei ban is the most strict, the government-funded program to help mobile networks “rip and replace” their existing Chinese 5G gear is already ballooning in cost and facing supply chain hurdles.
But a clear path to rein in China’s telecom security risks does exist. Known as “open” networks for 5G and future-generations wireless systems, the approach is one the United States and allied democracies should work to make a reality.
What’s Wrong With Huawei?
The center of the Huawei fight is an intelligence problem. Chinese telecoms such as Huawei and ZTE, which are designated as U.S. national security threats, dominate the global equipment market for 5G with their proprietary gear sold at very low prices. At its height, Huawei and ZTE’s combined global market share was over 40 percent. As I’ve written previously, consumers’ information flowing on networks powered by these companies could mean invaluable intelligence in Beijing’s eye if—or when—its telecom darlings offer or are compelled to help.
That’s by no means hypothetical. Huawei has denied allegations that it spies for Beijing. Its supporters have also argued that it’s a private company and, hence, not necessarily beholden to the Chinese government. But with more evidence coming to light in recent years, it’s increasingly clear that Huawei is not only willing to help government authorities with surveillance, but it has also found a way for its telecom gear to do just that.
A December 2021 Washington Post investigation revealed over a hundred marketing presentations prepared by Huawei that showcased its technologies’ capability to help governments identify voices, recognize faces, and monitor political individuals of interest, among other Big Brother services. In 2019, a Wall Street Journal investigation found that Huawei employees used their and other companies’ technologies to help the Ugandan and Zambian governments spy on their political opponents.
Then there’s the apparent “smoking gun,” as reported by Bloomberg last year. In 2012, Australian intelligence officials reportedly detected malicious code in a software update from Huawei that was installed on a major telecom network operator in Australia. The bug worked like a digital wiretap that could secretly record communications and send them to China, according to those officials.
Later that year, guided by the tips from Canberra, U.S. intelligence agencies confirmed a similar attack from China that used Huawei’s telecom equipment located in the United States. An Italian telecom provider also discovered a similar backdoor mechanism in its Huawei-made gear around the same time.
Some observers might say that even democratic governments may want technology companies to build a backdoor for law enforcement purposes. But that’s only half the truth. Law enforcement in many democratic countries would need a warrant or court order to tap individuals’ communications, and their laws also prevent telecom gear makers from gaining access themselves without the consent of network operators. But the Huawei malware found in Australia, although it cleverly self-destructed after a few days, was able to “listen in” without the carrier’s knowledge.
Alternatives to Huawei?
The new evidence from the Bloomberg article might explain the years-long pressure against Huawei by the United States and some of its allies, despite former President Trump’s rocky relationship with some of these nations and the otherwise deeply divided Washington. But banning Chinese telecom gear was only the first step, and the next step is more difficult. Current policy proposals to fill Huawei’s void look like heavy-handed industrial policy or even blatant protectionism, inflicting an unnecessarily high economic cost for enhancing telecom security.
Last year, the Federal Communications Commission launched a program to reimburse U.S. telecom carriers for removing existing equipment made by Chinese vendors such as Huawei and ZTE—U.S. telecom networks contain 24,000 such pieces. The program, commonly known as “rip and replace,” carried an initial price tag of $1.9 billion for American taxpayers, but it didn’t take long for the cost to balloon to $5.6 billion and counting.
Eliminating Chinese-made telecom gear is expensive because there are few alternatives, such as Europe’s Ericsson and Nokia. The United States doesn’t even have a full-stack telecom equipment manufacturer to compete on the market. Some commentators have advocated for the U.S. government to take a controlling stake in European telecom leaders and turn them into America’s national champions. A more radical idea would have Washington pay for and build a nationwide 5G network, akin to Eisenhower’s Interstate Highway System. But unlike highways, a mobile network generation typically lasts only a decade because of the industry’s fast pace, so a state-run model would require American taxpayers to pick up the tab for 6G, 7G and more.
Countering security threats from China should not come with a high cost for Americans as there is another option. The answer lies in what the telecom industry calls the open radio access network (Open RAN), which can be a cost-effective way to fence off China’s Big Brother while fostering a competitive telecom market at home.
The Promise of Openness
RAN is the part of the wireless infrastructure—consisting of antennas, base stations and much more—that connects consumer devices such as mobile phones and smartwatches to the optical fiber internet. Conventional telecom gear-makers such as Huawei, Ericsson and Nokia offer full-stack RAN equipment where the software is proprietary and the hardware parts are not interoperable (imagine having to light a Marlboro cigarette with a Marlboro lighter). Once a wireless carrier purchases certain gear, the relationship is locked in for at least several years. Huawei’s competitively priced equipment has done very well on that front, boosting its share of the global telecom equipment market to more than 30 percent at its height.
Open RAN aims to revolutionize 5G and future-generations software with open architecture and community-developed standards, which would enable hardware parts, now uncoupled from the software, to be made interchangeably by any manufacturer in any nation. So while the United States doesn’t make full-stack 5G equipment, there are domestic companies that can make at least some parts, and the United States remains the envy of the world in software development.
Besides bringing more competition to the hardware market, Open RAN’s software ecosystem has the potential to be more secure than proprietary systems from attacks from China’s Huawei, ZTE and beyond. Proponents of proprietary software often argue that an open system would expose its vulnerabilities and attract attackers, but that’s a repeatedly recycled myth. When a community of developers collaborates transparently on building a system, more sets of eyes will be watching for bugs and fixing them promptly. Malware like what was in Huawei’s software update in 2012 would be known by more than the intelligence community, and it would not be kept under wraps for 10 long years.
The debate about the security of Open RAN echoes the one about the security of open-source software development, where the source code is completely transparent. The community had debated about its security compared to traditional, proprietary software for years, but the evidence has spoken for itself. Some of the most popular software programs today are open-source, such as the operating system Linux, the programming language Python and the web browser Mozilla Firefox. None of them is any less secure than proprietary programs.
Fulfilling the Openness Promise
Both the Trump and Biden administrations have expressed optimism about Open RAN, seeing not only its economic benefits but also its potential in meeting the telecom security challenge from China. But making this openness strategy work is not without its hurdles because this new avenue is susceptible to protectionism, too. Policymakers are right to want to advance Open RAN, but their support should lie in creating and maintaining a level playing field, not in meddling with one.
The biggest challenge facing the industry’s Open RAN community is to set the open standards by which equipment made by different vendors would work together. Intuitively, an open standard is like a publicly available “cookbook” by which any participant, if it follows the guideline therein, would be able to build new equipment or write new software that would work smoothly with the rest of the system.
Open RAN is still in its infancy when it comes to interoperability, despite the rapid progress in recent years. But this doesn’t mean the nascent process needs government intervention or protection, although some potential beneficiaries of government handouts might want people to believe that. At an Open RAN event hosted by the Federal Communications Commission in 2020, for example, a telecom executive argued that governments should “put their money where their mouth is” and have “taxpayer dollars required to be part of an [Open RAN] network.” Perhaps proponents of that view should ask American taxpayers how they feel about chipping in again after picking up the $5.6 billion tab on the “rip and replace” program.
What Washington policymakers should do is encourage American companies to participate in the standard-setting process and let the industry find the best solution by itself. While the Open RAN community includes Chinese telecom companies, presenting something of a dilemma for their Western counterparts, this is a hurdle that can be cleared.
The world’s two most prominent telecom industry groups that advance Open RAN are the O-RAN Alliance, which seeks to establish Open RAN specifications and standards, and the Telecom Infra Project, which focuses on commercializing interoperable products. Both groups include Chinese companies, some of which are blacklisted by the U.S. government on national security grounds. Some Western telecom players in this space are hesitant to engage and compete with their Chinese counterparts, fearing that they could face penalties for violating U.S. sanctions. Nokia briefly suspended its participation in O-RAN last year for that reason, and when Western players take a step back, the voice of Beijing’s champions gets louder.
The White House can provide clarity and empower those Western telecom companies by honing America’s entity regulations, which broadly ban unlicensed business transactions with blacklisted foreign entities. First, it should continue to vigorously enforce its entity lists. One of them, the list of “Communist Chinese military companies,” is under Section 1237 of the National Defense Authorization Act for Fiscal Year 1999, a task assigned to the executive branch by Congress but not fulfilled until 2020.
Second, the U.S. government should either exempt harmless collaborations within the Open RAN community from restricted transactions or issue licenses to trustworthy Western companies so that they can confidently participate without coming down on the wrong side of regulations. There are precedents for the latter approach: The White House has issued licenses that allowed companies to be on other standard-setting bodies, such as the International Organization for Standardization and the European Telecommunications Standards Institute, where some Chinese participants were also on an entity list.
Third, the U.S. government can and should participate in, and provide input to, the Open RAN community. The O-RAN Alliance’s members, for example, include the United Kingdom’s National Cyber Security Centre (part of Britain’s intelligence and security agency GCHQ) and the China Academy of Information and Communications Technology (part of China’s Ministry of Industry and Information Technology). There’s no reason Washington’s concerns about Open RAN security can’t be heard in the same forum.
Enhancing national security while limiting the costs to economic freedom is no small task, and the United States must take the lead. The world’s wireless networks are not the place to cede ground to China.