Who's Defending U.S. Military Networks if the NSA and FIS are Breaking Them?

According to Der Spiegel, the NSA has been developing tools to compromise software, hardware, and firmware made by multinational corporations in the U.S. and overseas. U.S. companies affected include Juniper Networks, Cisco, Dell, Western Digital, Seagate, Maxtor plus many others. Unless the company has offered to work with the NSA to create backdoors in their own products, you have a situation where the agency with the primary responsibility of defending U.S. Department of Defense networks from digital attack is also engaged in weakening the very technology used by the DOD on those networks such as Jupiter Network firewalls, Cisco routers, Seagate hard drives, etc.

Perhaps this wouldn't be a problem if foreign intelligence services (FIS) didn't also have the technical capability of finding those same vulnerabilities or others. For example, Xidian University in Xi'an, Shaanxi, China is one of China's top engineering universities. It's State Key Laboratory of Integrated Services Networks conducts research for military-specific and dual use systems including cryptography, offensive network attacks, and systems to be used in confrontational environments.

Here's another example taken from our data base on adversary R&D research. The Chinese Academy of Sciences' State Key Lab of Information Security reports directly to the Ministry of Public Security, among other government agencies. In addition to their primary research area of information security, they develop network attack systems.

Russia has similar educational institutions which focus on information security and electronic warfare for the Ministry of Defense, the FSB, and other relevant agencies. One example is the Voronezh Military Radio-electronics Insititute which is part of the Voronezh Aviation Engineering School. Part of their information warfare research includes breaking the security of automated systems.

Since Dell, Cisco, Juniper, etc. build hardware, firmware, and software that's broadly used around the world and especially on U.S. government networks, it's only logical to conclude that those companies' products are being examined for exploitable vulnerabilities by Russian and Chinese scientists who are at least equal if not superior to those employed by the NSA. Let's remember that unlike the NSA, scientists at Russian and Chinese foreign research laboratories don't have to compete with their respective versions of a Silicon Valley for high paying tech jobs. They can attract and keep their nation's brightest scientists focused on these high priority government military and civilian projects.

Bottom line - if the NSA has found or developed backdoors in critical U.S. technology, so have our adversaries, and by "adversaries", I don't mean Mandiant's version of the bored PLA hacker with sloppy OPSEC. We need as an industry to have more respect for our opponents. And there needs to be a serious discussion about whether the NSA can really defend U.S. military networks while also engaged in exploiting weaknesses in the very technology that those networks rely upon.

UPDATE (JAN 02 2014): Bruce Schneier has begun posting one NSA exploit per day at his blog. The first one called DEITYBOUNCE exploits the motherboard on Dell PowerEdge servers.

Add to Cart View detail

Open letter to President Obama on the eve of his Summit with President Xi

Dear President Obama,

I've spent the last five years working exclusively in the identification and cataloging of threat actors in cyberspace. I've participated in incident response investigations for some of the world's largest companies and have briefed both U.S. intelligence agencies and those of five foreign countries on the complexity of the cyber threat landscape as well as information warfare planning, research & development, and execution of strategy by both Russia and China. I host three highly regarded executive cyber security conferences each year, and my book Inside Cyber Warfare (in its 2nd edition) is used as a text by the U.S. Air Force Institute of Technology in its cyber warfare certification program.

While I'm enthusiastic about your upcoming meeting with President Xi on mutual cyber security concerns, I'm worried that the strong anti-China sentiment on the Hill and in print by the New York Times, Bloomberg and the Washington Post will have a polarizing effect on your talks. Much of the evidence being touted as pointing to China's acts of cyber espionage is a conflation of multi-state and non-state actors engaging with the same target companies that China is interested in. I personally know of Russian hackers who prefer to attack their targets in different countries via a compromised Chinese computer because there are so many of them and they're so easy to exploit.

While there is a propensity among government officials and infosec experts to blame China first for any attack involving U.S. intellectual property, they often do so without any hard evidence. Chinese IP addresses don't qualify as evidence anymore than U.S. IP addresses do. Open source hacker tools written by Chinese developers and posted on the Web for anyone to download and use cannot be considered evidence of Chinese government involvement. And President Xi will certainly make the same point. While there's no question that the Chinese government engages in cyber espionage, it is not the only nation that does so and it is certainly not solely responsible for the estimated $300 billion in stolen U.S. IP.

Rather than accusing China of something that cannot be proved, I believe that U.S. interests can best be served by cooperating with China on the identification and prosecution of non-state actors who operate in Chinese and U.S. IP space. Media stories and self-serving infosec reports to the contrary, not all Chinese hackers work for the PLA. There are many independent hackers in China, Ukraine, Russia, Romania, Bulgaria, Pakistan, Taiwan and other countries who make money stealing IP and selling it to whomever is willing to pay. Some of these same hackers may be involved in attacking Chinese government websites; particularly those in India, Tibet, and Taiwan. While conventional wisdom groups hackers into silos (Russians rob banks; Chinese steal IP; Iranians attack power companies), that's not a realistic nor fact-based portrayal of the international cyber threat landscape.

There are many ways that China is benefiting from U.S. technology transfer such as their successful campaign to provide monetary incentives for U.S. multinationals to open R&D labs in Shanghai and Beijing (which now number over 1200). These labs employ Chinese engineers who learn U.S. technological secrets and then leave to work for Chinese companies; taking that proprietary knowledge with them. Those same employees have trusted access on their respective corporate intranets. There's no reason for the Chinese government to execute sloppy hacking operations against a U.S. company when that company has offices in Bejing or Shanghai. Access to their IP is a given.

If you and President Xi could reach an agreement to cooperate on reducing the activities of independent  non-state actors that have attacked both the U.S. and Chinese businesses and government organizations, it would benefit the U.S. in the following ways:

1. Chinese threat data is of great interest to U.S. law enforcement organizations.
2. A reduction of non-state actors currently cluttering up the threat landscape would make it easier to identify state-run cyber espionage operations.
3. The biggest threat to both Chinese and U.S. critical infrastructure is from non-state actors and, in the future, those may include terrorist groups. 

Mr. President, in my opinion, attempting to shame or threaten China over its hacking activities when the available evidence is so easily dismissed makes the U.S. look weak and ineffective. Enlisting China as an ally to identify and interdict the activities of independent threat actors would result in a win for both nations.

I hope this open letter finds it's way to your desk and that it helps inform your strategy.

Warm Regards,

Mr. Jeffrey Carr
CEO, Taia Global, Inc.
Author, Inside Cyber Warfare
Founder, Suits and Spooks conference

Add to Cart View detail

Mandiant's APT1 "Mission" problem

Mandiant's APT1 report's table of proof listed six categories that Mandiant deduced tied APT1 to PLA Unit 61398. The first, which Mandiant called the Mission area, made the claim that PLA Unit 61398 "targets strategic emerging industries in China's 12th Five year Plan" (see table 12 on p.59). Earlier in the report the authors claimed that "APT1 has targeted at least four of the seven strategic emerging industries that China identified in its 12th Five Year Plan" (p.24).

The Mission evidence is particularly of interest to me because I've been mining adversary state R&D since 2009 and while knowing what a potential adversary state is after is important, it cannot be done at the 50,000 foot view which is what China's Five Year Plans do. Taia Global published a white paper almost a year ago (a copy of which was requested by one of Mandiant's executives) which provided a similar high level look at 13 nation state R&D priorities and it too was not sufficiently granular to be of much use in an attribution effort however it does make clear that certain technologies are of value to at least a half dozen threat actors (see below). And frankly, this is a very valid approach, if done properly, to help a company understand which files may be at risk. In fact, that's precisely what Taia Global's new product Chimera is being developed to do. However, it's not enough to just say that because "energy" is part of China's FYP, then it must be China whenever an energy company is attacked. France, Germany, and Russia are also spending money on Energy related research and all three of those states have engaged in industrial espionage. But even that's not sufficient evidence to blame a state actor. What's more likely in my opinion is that a professional hacker group is making money by stealing valuable IP and selling it to competitors, state-run companies, and/or the states themselves.

Here are the seven new strategic industries identified in China's 12th FYP. The report didn't disclose which 4 of 7 were targeted:

• Energy conservation and environmental protection industries
• New-generation IT industry
• Biological industry
• High-end equipment manufacturing industry
• New energy industry
• New material industry
• New-energy automobile industry

Below are some of the R&D priorities for six other nation states who have engaged in industrial and cyber espionage. It's not exhaustive but it illustrates how little deviation there is at the broadest level of international R&D. We can safely say that companies in these industry segments are being targeted for their IP. We can't say that only China is doing the targeting.

France:

• Energy
• Biotechnology
• IT (Information Technology)
• Space
• Transportation

Germany:

• Energy
• IT and Telecommunications
• Manufacturing
• Biotechnology
• Medicine
• Climate research

Israel:

• Telecommunications
• Medicine
• Chemistry
• Information Technology
• Biotechnology
• Nanotechnology

Pakistan:

• Telecommunications
• Agriculture
• Medicine
• Education

Russia:

• Energy
• Robotics
• Information and Telecommunications
• Nanotechnology
• Life sciences
• Environment

South Korea

• Manufacturing
• Nanotechnology
• Semiconductors
• Transportation
• Chemicals

Add to Cart View detail

Who Are The Players in China's Targeting of Foreign Technology IP?

The release of Mandiant's APT1 report claimed that the PLA's Third Directorate (3PLA) is the responsible State organization behind Comment Crew (aka APT1). One of the things that the report's authors didn't do was demonstrate how the other State agencies who engage in this type of activity were excluded in their analysis. For future reference, here's a more complete list of the possible organizations who conduct intelligence activities (including cyber) to consider or rule out in terms of possible Chinese attribution.

Traditional Channels

Civilian

• The Ministry of State Security (MSS) - Counterespionage and Counterintelligence; Foreign Intelligence; Domestic Intelligence
• Ministry of Public Security (MPS) - National Police; Domestic Intelligence

Military

• Second Department of the People's Liberation Army (PLA) General Staff Department (2PLA): engages in foreign intelligence, imagery intelligence, and tactical reconnaissance
• Third Department of the PLA General Staff Department (3PLA); engages in signals intelligence
• Fourth Department of the PLA General Staff Department (4PLA); engages in computer network operations
• Liaison Office of the PLA General Political Department
• Intelligence departments of the PLA Navy, PLA Air Force, and Second Artillery
• State Secrecy Bureau

Non-Traditional Channels

• Commission of Science, Technology and Industry for National Defense (COSTIND)
• Research Institutes
• PRC Military-Industrial Companies
• Organized Chinese hacker groups

Guidelines:

Failed operations. In Amy Elizabeth Brown's paper "Directed or diffuse?: Chinese human intelligence targeting of US defense technology", she makes the same point that I have made multiple times; e.g., that much of the information we have about Chinese espionage cases (cyber and otherwise) comes solely from failed operations - meaning covert operations that have been discovered. Therefore, we have to acknowledge the possibility that China also runs successful covert operations using more effective tradecraft but we don't know the scope or scale.
3PLA's distributed offices. It's important to note that 3PLA, which was identified in the Mandiant APT1 report has, according to Mattis, offices and technical reconnaissance bureaus in each of China’s seven military regions and several major cities (not only Shanghai).
OSINT is insufficient. Another important statement in Mattis' conclusions is that open sources are insufficient to understand the inner workings of these various intelligence agencies.
Lack of sound tradecraft. "One of the defining characteristics of China’s non-traditional techniques for obtaining technology, as observed in many of the cases noted here, is the lack of clandestine tradecraft, or even the most basic elements of operational security, involved in obtaining the information.  In general, it appears that little or no care is used to ensure that the operation goes undetected." - Amy Brown's "Directed or Diffuse" paper as referenced below.
Giving amateur operatives too much credit. "A belief that the Chinese rely on amateur operatives risks leading CI professionals to dismiss or be inattentive to the threat posed by China’s professional services." - Peter Mattis "The Analytic Challenge" paper as referenced below.
Distinguishing economic espionage from Chinese intelligence. "When economic espionage with no connection to the Chinese intelligence services is interpreted as “Chinese intelligence,” less attention will be paid to what those organizations actually do. The Chinese intelligence services and the Chinese defense industries are distinct entities, although they may sometimes work for mutual benefit." - Peter Mattis (Ibid)

Readers of the Mandiant report or any report that purports to reveal the inner workings of Chinese cyber espionage cases are encouraged to familiarize themselves with the papers referenced below as well as the above guidelines that I've extracted from them. 

For example, the lack of tradecraft by the three individuals mentioned in the Mandiant report is palpable, and was pointed out by the report's authors: "These actors have made poor operational security choices, facilitating our research and allowing us to track their activities. They are some of the authors of APT1's digital weapons and the registrants of APT1 FQDNs and email accounts. These actors have expressed interest in China's cyber warfare efforts, disclosed their locations to be the Pudong New Area of Shanghai, and have even used a Shanghai mobile phone number to register email accounts used in spear phishing campaigns." - Mandiant APT1 report, p. 51

Even if one assumes that the Chinese government is the customer for APT1's cyber espionage activities, it's important to consider all of the options before attempting to assign attribution. Such a lack of tradecraft involved deserves at least a mention in the report that non-traditional channels as defined above were considered. As this article points out, those options are plentiful within China, but also include other foreign intelligence services and professional hacker crews who run their operations from China and/or from Chinese servers in order to confound any efforts at attribution.

Reference Material:

The Analytic Challenge of Understanding Chinese Intelligence Services

Directed or diffuse?: Chinese human intelligence targeting of US defense technology

PRC Intelligence Apparatus - Implications for Foreign Firms

Related Posts:

"Mandiant APT1 Report has critical analytic flaws"

Add to Cart View detail

Mandiant APT1 Report Has Critical Analytic Flaws

Mandiant's APT1 report is the latest infosec company document to accuse the Chinese government of running cyber espionage operations. In fact, according to Mandiant, if a company experiences an APT attack, then it is a victim of the Chinese government because in Mandiant-speak, APT equals China.

"We tend to perceive what we expect to perceive" 

- Richard J. Heuer, "The Psychology of Intelligence Analysis

The fact that Mandiant refuses to acknowledge that other nation states engage in cyber espionage when the facts show otherwise demonstrates what Heuer calls an "expectation bias", but it's much worse than that.

Mandiant's alleged proof is summarized in Table 12 (pp. 59-60): "Matching characteristics between APT1 and Unit 61398". Mandiant's entire premise that APT1 is PLA Unit 61398 rests on the connections made in that table and that no other conclusion is possible:

"Combining our direct observations with carefully researched and correlated findings; we believe the facts dictate only two possibilities: Either a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission or APT1 is Unit 61398." (APT1, p. 60)

If this report were written by a professional intelligence analyst at CIA, it would most likely undergo a vetting process known as ACH (Analysis of Competing Hypotheses):

"Analysis of competing hypotheses, sometimes abbreviated ACH, is a tool to aid judgment on important issues requiring careful weighing of alternative explanations or conclusions. It helps an analyst overcome, or at least minimize, some of the cognitive limitations that make prescient intelligence analysis so difficult to achieve."

In other words, ACH forces the intelligence analyst to look for all alternative hypotheses and assess them one at a time to see which best fits the data collected. This is rarely if ever done by information security companies, and it's the single biggest objection that I have when it comes to individuals making claims of attribution to nation states. Heuer's iconic "Psychology of Intelligence Analysis" explains why ACH is so important:

"The way most analysts go about their business is to pick out what they suspect intuitively is the most likely answer, then look at the available information from the point of view of whether or not it supports this answer. If the evidence seems to support the favorite hypothesis, analysts pat themselves on the back ("See, I knew it all along!") and look no further. If it does not, they either reject the evidence as misleading or develop another hypothesis and go through the same procedure again. Decision analysts call this a satisficing strategy. (See Chapter 4, Strategies for Analytical Judgment.) Satisficing means picking the first solution that seems satisfactory, rather than going through all the possibilities to identify the very best solution. There may be several seemingly satisfactory solutions, but there is only one best solution." 

"Chapter 4 discussed the weaknesses in this approach. The principal concern is that if analysts focus mainly on trying to confirm one hypothesis they think is probably true, they can easily be led astray by the fact that there is so much evidence to support their point of view. They fail to recognize that most of this evidence is also consistent with other explanations or conclusions, and that these other alternatives have not been refuted."

If Mandiant or another organization were to use ACH on this evidence, here's how Heuer recommends it be done. It's an 8-step process:

1. Identify the possible hypotheses to be considered. Use a group of analysts with different perspectives to brainstorm the possibilities.
2. Make a list of significant evidence and arguments for and against each hypothesis.
3. Prepare a matrix with hypotheses across the top and evidence down the side. Analyze the "diagnosticity" of the evidence and arguments--that is, identify which items are most helpful in judging the relative likelihood of the hypotheses.
4. Refine the matrix. Reconsider the hypotheses and delete evidence and arguments that have no diagnostic value.
5. Draw tentative conclusions about the relative likelihood of each hypothesis. Proceed by trying to disprove the hypotheses rather than prove them.
6. Analyze how sensitive your conclusion is to a few critical items of evidence. Consider the consequences for your analysis if that evidence were wrong, misleading, or subject to a different interpretation.
7. Report conclusions. Discuss the relative likelihood of all the hypotheses, not just the most likely one.
8. Identify milestones for future observation that may indicate events are taking a different course than expected.

I don't have the time to run Mandiant's evidence through an ACH process but I'd like to propose that a volunteer group of intelligence students at Mercyhurst Institute of Intelligence Studies do that very thing. My friend Professor Kris Wheaton who teaches there and writes the outstanding Sources and Methods blog is an expert in this area and I'm hopeful that he'll pick up the challenge.

In the meantime, the following table has four columns. The first three are from Mandiant's table 12. The "Other" column contains a partial group of alternatives that I've provided for each of Mandiant's "characteristics". These alternatives need to be analyzed and ruled out using a rigorous analytic process like ACH before Mandiant or anyone else can claim that APT1 is a part of China's Peoples Liberation Army.

In summary, my problem with this report is not that I don't believe that China engages in massive amounts of cyber espionage. I know that they do - especially when an executive that we worked with traveled to Beijing to meet with government officials with a clean laptop and came back with one that had been breached while he was asleep in his hotel room.

My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges - that there are multiple states engaging in this activity; not just China. And that if you're going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like ACH, rule out competing hypotheses and then use estimative language in your finding. Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.

UPDATE (22 FEB 2013): I've published a follow up to this article: "More on Mandiant's APT1 Report: Guilt by Proximity and Wright-Patterson AFB"

Add to Cart View detail

Active Defense as a Chinese Military Strategy for Informatized Warfare

U.S. Secretary of Defense Leon Panetta said in a speech in New York City on October 11, 2012 that “If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President.” This is known as active defense and its a strategy that China had adopted back in the mid-90’s when the PLA decided to mount a revolution in military affairs in order to confront the U.S. military’s new network-centric warfare doctrine.

Recent military writings published in the journal China Military Science continue to emphasize the need for an active defense:[1]

“While post-emptive moves are a self-defensive strategy of defense upon which our military must insist in the opening of war, it is not an effective way to seize the initiative on the informatized battlefield. To achieve the goal of seizing the initiative, the art of controlling war situations in the initial stage of combat must emphasize active offense, striving to dominate the enemy by capturing early moments of opportunities and conquering the enemy in early battles.”
“[O]ur military’s seizure of early moments of opportunities to dominate the enemy by conducting offensive operations cannot be separated from the basic requirements of active defense.”

According to Timothy L. Thomas[2], the author of many books on both Chinese and Russian Informatized Warfare, an informatized offense is part of China’s active defense plan. This is best described in a 2005 article published in Chinese Military Science “Systems of Military Strategy in the Information Age” about which Thomas writes:[3]

“The primary objective consists of paralyzing an opponent’s strategic command systems to introduce the deterrence function. The five steps to this process are striking at an opponent’s strategic command system, their economic foundations, that nation’s transportation infrastructure, the human resources of the country (especially reserve personnel), and the armed strength of the country in question.”

This 5-part strategy was refined in 2011 in a paper written by Ye Zheng and Zhao Baoxian, “How Do You Fight a Network War?”[4] wherein the authors detailed the following 5 operational forms:

• Network intelligence
• Network paralysis
• Network defense
• Network psychology
• Network-electromagnetic integration

Finally, Major General Dai Qingmin, author of New Perspectives on War[5], wrote about the need to expand an information attack beyond combat systems to include the enemy’s critical infrastructure (financial, transportation, communication, and power).

System of Systems
In 2010, Chairman Hu Jintao used the phrase “System of Systems” in describing priorities in strategy and planning for the Peoples Liberation Army[6]. Unfortunately, the exact meaning of the phrase is difficult to determine. It isn’t a concept that’s unique to China. U.S. military writers used the phrase as early as the mid-90’s.[7] Tim Thomas dedicated a chapter in his book to exploring this important topic but wasn’t able to come to a clear distinction between what it means for the PLA versus the U.S. Armed Forces. Thomas quotes one PLA research fellow who said the difference came down to “capabilities and objectives” between the two nations.


In this author’s opinion, the phrase System of Systems as used by Chinese military theorists refers to an over-arching strategy that assumes network dependence by both sides and seeks to gain control over a greater system within which network-centric warfare is a subset. One example might be the dependence that critical DOD bases have upon the public power grid. The local energy provider will be a much softer target than the military base and the base is most likely entirely dependent upon it. Another example of a System of Systems strategy may be corrupting the supply chain that provides the integrated circuitry used in weapons systems. The bottom line is that when faced with a superior adversary, you don’t attack the adversary directly. You attack the systems which sustain him.


Active Defense Workshop at Suits and Spooks DC
This blog post comes from the research that I've been doing for my next book "Assumption of Breach" which will feature a chapter on Active Defense. I'll also be conducting a one hour workshop at Suits and Spooks DC on Feb 8-9, 2013 which examines active defense in Chinese and Russian military theory. Hopefully, Dr. Thomas will get approval from DoD to speak as well. He's been invited - confirmation is pending. Registration is limited so I encourage you to sign up early.


NOTES:
[1] Thomas, Timothy L., Three Faces of the Cyber Dragon, Foreign Military Studies Office, Fort Leavenworth, KS, 2012, p. 144
[2] Lieutenant Colonel Timothy L. Thomas, U.S. Army, Retired, is a senior analyst at the Foreign Military Studies Office (FMSO) at Fort Leavenworth, Kansas. He holds a B.S. from the U.S. Military Academy and an M.A. from the University of Southern California

[3] Thomas, ibid, p. 151

[4] Ye Zheng and Zhao Baoxian, “How Do You Fight a Network War?”, Zhongguo Qingnian Bao Online, 3 June 2011

[5] Dai Qingmin, New Perspectives on War, PLA Publishing House, 2008, p.64 (quoted by Thomas, ibid)

[6] Li Huamin, Zhang Kejin, and Fu Wenwu “Fierce Tigers of Tashan Ask for Directions in Guagxi – Record of Actual Events about Group Army of Guangzhou Military Region Building Greater Capability for System of Systems Operations,” Jiefangjun Bao Online, 30 July 2010 (quoted by Thomas, ibid)

[7] Manthorpe Jr., W.H., "The Emerging Joint System-of-Systems: A Systems Engineering Challenge and Opportunity for APL," Johns Hopkins APL Technical Digest, Vol. 17, No. 3 (1996), pp. 305–310.

Add to Cart View detail

Huawei's Cavernous Cyber Security Credibility Gap

Approximately one month before Huawei officials (along with ZTE officials) are supposed to testify before the House Permanent Select Committee on Intelligence (October 2012), the company's Global Cyber Security Officer and SVP John Suffolk released a white paper entitled "Cyber Security Perspectives: 21st Century Technology and Security - a Difficult Marriage".

I've been monitoring Huawei for several years and have given dozens of briefings on the security risks associated with the company, its management and its products. I've had several Huawei employees contact me privately about issues within the company and I've spoken to at least one of their senior executives last year about my concerns. I just finished reading Mr. Suffolk's white paper, which Andy Purdy, former Director of DHS National Cyber Security Division and now Huawei's Chief Security Officer, helped write. While it covered all of the usual bases regarding Huawei's commitment to security (I'm not going to recap these - read the paper if you must know), it addressed none of the issues that underscore the opinion of myself and others that Huawei is a security threat, such as:

• Madam Sun Yafang's past employment with China's Ministry of State Security and how she helped the young company secure loans form the Chinese government.
• Claims that Huawei benefited from Nortel's IP in 2004 including duplicating its instruction manuals.
• Claims that Huawei stole source code from Cisco and its settlement of those claims in 2004.
• Lack of full disclosure regarding Huawei's obligations to the Chinese government as a national champion firm and a provider of services and products to the State including the Peoples Liberation Army. 
• Lack of full disclosure regarding how many of its executives are members of the powerful Chinese Communist Party (CCP) and therefore bound to comply with directives from the CCP. After all, the CCP plays a dominant role in China's economy.

If Huawei's white paper is an example of how Huawei intends to address the concerns of the House Intelligence Committee, it's not nearly enough - even with Andy Purdy's help.

UPDATE (06SEP12): According to Reuters, Huawei is negotiating terms for its testimony before the House Intelligence committee. The fact that they have to "negotiate terms" says a lot to me about how valid the scope and validity of the concerns that I mentioned above are, not to mention the ones that Huawei doesn't want to have discovered.

Add to Cart View detail

Here are the Facts about Huawei and the Chinese Government

Yesterday Huawei was blocked by the U.S. Government from participating as an equipment supplier for the Public Safety 700-MHz Demonstration Network, which is a first responders communications network that's part of the Commerce Department. Huawei VP William Plummer wants to know why. According to Plummer:

“Huawei has repeatedly and factually demonstrated its corporate independence,” Plummer said. “No one has ever factually demonstrated otherwise and playing Huawei as a pawn in some geopolitical game of chess is doing nothing more than threatening U.S. jobs, investment, competition and innovation.”

Well, that's not really true. Here are the facts regarding Huawei's affiliation with the Chinese government and why the U.S. as well as other nation states should be cautious about acquiring Huawei equipment.

1. The company's founder Ren Zhengfei was an engineer in the PLA prior to forming his company.
2. The company's chairwoman Sun Yafang worked for the Ministry of State Security and while there helped arrange loans for Huawei before joining the company as an employee.
3. The government of China is Huawei's biggest customer; specifically the State-owned telecommunications services. 
4. Huawei equipment is used to intercept communications in China for state-mandated monitoring.

So to recap, Huawei is considered a national champion telecommunications firm in a nation that monitors all telecommunications networks and engages in cyber-espionage activities using, at least in part, Huawei equipment. The company's Chairwoman used to work for the MSS, China's foreign intelligence service and its founder started the company after serving in the PLA. Those are the facts, and they should be sufficient to justify denying Huawei access to the U.S. market as well as shame U.S. companies like Symantec who have partnered with them.

I'm happy to debate these facts with any representative from Huawei in any venue at any time. My contact information is at my company website.

Add to Cart View detail